diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/key')
14 files changed, 794 insertions, 663 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java index 6281050f9..166036a9d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -42,11 +43,13 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * A class representing a recoverKey servlet. This servlet shows key information - * and presents a list of text boxes so that recovery agents can type in their - * identifiers and passwords. - * + * A class representing a recoverKey servlet. This servlet + * shows key information and presents a list of text boxes + * so that recovery agents can type in their identifiers + * and passwords. + * * @version $Revision$, $Date$ */ public class ConfirmRecoverBySerial extends CMSServlet { @@ -56,7 +59,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { */ private static final long serialVersionUID = 2221819191344494389L; private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = "confirmRecoverBySerial.template"; + private final static String TPL_FILE = + "confirmRecoverBySerial.template"; private final static String IN_SERIALNO = "serialNumber"; private final static String OUT_SERIALNO = IN_SERIALNO; @@ -91,20 +95,22 @@ public class ConfirmRecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Serves HTTP request. The format of this request is as follows: - * confirmRecoverBySerial? [serialNumber=<serialno>] + * Serves HTTP request. The format of this request is + * as follows: + * confirmRecoverBySerial? + * [serialNumber=<serialno>] */ public void process(CMSRequest cmsReq) throws EBaseException { // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. - + HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -117,10 +123,9 @@ public class ConfirmRecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -131,7 +136,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { try { if (req.getParameter(IN_SERIALNO) != null) { - seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO)); + seqNum = Integer.parseInt( + req.getParameter(IN_SERIALNO)); } // make sure this page, which contains password @@ -141,10 +147,8 @@ public class ConfirmRecoverBySerial extends CMSServlet { process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -153,10 +157,10 @@ public class ConfirmRecoverBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -164,17 +168,21 @@ public class ConfirmRecoverBySerial extends CMSServlet { /** * Requests for a list of agent passwords. */ - private void process(CMSTemplateParams argSet, IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue(OUT_SERIALNO, seq); header.addIntegerValue(OUT_M, - mRecoveryService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + mRecoveryService.getNoOfRequiredAgents()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( - Integer.toString(seq))); + Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java index de298e90a..510f1ac31 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -43,10 +44,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Display a specific Key Archival Request * <P> - * + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -76,7 +78,7 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerial.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -92,8 +94,8 @@ public class DisplayBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -101,7 +103,7 @@ public class DisplayBySerial extends CMSServlet { * <ul> * <li>http.param serialNumber serial number of the key archival request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -113,14 +115,14 @@ public class DisplayBySerial extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -135,14 +137,13 @@ public class DisplayBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -152,14 +153,13 @@ public class DisplayBySerial extends CMSServlet { try { if (req.getParameter(IN_SERIALNO) != null) { - seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO)); + seqNum = Integer.parseInt( + req.getParameter(IN_SERIALNO)); } process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -168,23 +168,27 @@ public class DisplayBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Display information about a particular key. */ - private void process(CMSTemplateParams argSet, IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( - Integer.toString(seq))); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java index f261d0d93..2ef78c64d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -44,9 +45,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Display a Specific Key Archival Request, and initiate key recovery process - * + * Display a Specific Key Archival Request, and initiate + * key recovery process + * * @version $Revision$, $Date$ */ public class DisplayBySerialForRecovery extends CMSServlet { @@ -77,7 +80,7 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerialForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -92,17 +95,17 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param serialNumber request ID of key archival request - * <li>http.param publicKeyData + * <li>http.param serialNumber request ID of key archival request + * <li>http.param publicKeyData * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -114,14 +117,14 @@ public class DisplayBySerialForRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -136,14 +139,13 @@ public class DisplayBySerialForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -154,15 +156,15 @@ public class DisplayBySerialForRecovery extends CMSServlet { try { if (req.getParameter(IN_SERIALNO) != null) { - seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO)); + seqNum = Integer.parseInt( + req.getParameter(IN_SERIALNO)); } - process(argSet, header, req.getParameter("publicKeyData"), seqNum, - req, resp, locale[0]); + process(argSet, header, + req.getParameter("publicKeyData"), + seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (Exception e) { e.printStackTrace(); System.out.println(e.toString()); @@ -173,10 +175,10 @@ public class DisplayBySerialForRecovery extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -185,20 +187,24 @@ public class DisplayBySerialForRecovery extends CMSServlet { * Display information about a particular key. */ private synchronized void process(CMSTemplateParams argSet, - IArgBlock header, String publicKeyData, int seq, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + IArgBlock header, String publicKeyData, int seq, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { try { header.addIntegerValue("noOfRequiredAgents", - mService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue("keySplitting", CMS.getConfigStore() - .getString("kra.keySplitting")); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + mService.getNoOfRequiredAgents()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue("keySplitting", + CMS.getConfigStore().getString("kra.keySplitting")); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); if (publicKeyData != null) { - header.addStringValue("publicKeyData", publicKeyData); + header.addStringValue("publicKeyData", + publicKeyData); } - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( - Integer.toString(seq))); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + BigInteger(Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java index adcb61274..d4baf1818 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -33,9 +34,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Retrieve Transport Certificate used to wrap Private key Archival requests - * + * Retrieve Transport Certificate used to + * wrap Private key Archival requests + * * @version $Revision$, $Date$ */ public class DisplayTransport extends CMSServlet { @@ -64,13 +67,13 @@ public class DisplayTransport extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -83,8 +86,8 @@ public class DisplayTransport extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (Exception e) { // do nothing for now } @@ -95,29 +98,31 @@ public class DisplayTransport extends CMSServlet { } try { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) mAuthority; ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = tu - .getCertificate(); + org.mozilla.jss.crypto.X509Certificate transportCert = + tu.getCertificate(); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html"); - String content = ""; + String content = ""; content += "<HTML><PRE>"; - String mime64 = "-----BEGIN CERTIFICATE-----\n" - + CMS.BtoA(transportCert.getEncoded()) - + "-----END CERTIFICATE-----\n"; + String mime64 = + "-----BEGIN CERTIFICATE-----\n" + + CMS.BtoA(transportCert.getEncoded()) + + "-----END CERTIFICATE-----\n"; content += mime64; content += "</PRE></HTML>"; resp.setContentType("text/html"); resp.getOutputStream().write(content.getBytes()); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java index 14cc265fc..9fbad7a66 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -45,9 +46,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * View the Key Recovery Request - * + * View the Key Recovery Request + * * @version $Revision$, $Date$ */ public class ExamineRecovery extends CMSServlet { @@ -98,8 +100,8 @@ public class ExamineRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -107,7 +109,7 @@ public class ExamineRecovery extends CMSServlet { * <ul> * <li>http.param recoveryID recovery request ID * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -121,14 +123,14 @@ public class ExamineRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -143,10 +145,9 @@ public class ExamineRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -157,84 +158,96 @@ public class ExamineRecovery extends CMSServlet { EBaseException error = null; try { - process(argSet, header, req.getParameter("recoveryID"), req, resp, - locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + req, resp, locale[0]); } catch (EBaseException e) { error = e; } catch (Exception e) { - error = new EBaseException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + error = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } /* - * catch (NumberFormatException e) { error = eBaseException( - * - * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( - * locale[0], BaseResources.class.getName(), - * BaseResources.INTERNAL_ERROR_1, e.toString())); } + catch (NumberFormatException e) { + error = eBaseException( + + header.addStringValue(OUT_ERROR, + MessageFormatter.getLocalizedString( + locale[0], + BaseResources.class.getName(), + BaseResources.INTERNAL_ERROR_1, + e.toString())); + } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** - * Recovers a key. The p12 will be protected by the password provided by the - * administrator. + * Recovers a key. The p12 will be protected by the password + * provided by the administrator. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String recoveryID, HttpServletRequest req, - HttpServletResponse resp, Locale locale) throws EBaseException { + private void process(CMSTemplateParams argSet, + IArgBlock header, String recoveryID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) + throws EBaseException { try { - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); - header.addStringValue("keySplitting", CMS.getConfigStore() - .getString("kra.keySplitting")); - Hashtable params = mService.getRecoveryParams(recoveryID); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + header.addStringValue("keySplitting", + CMS.getConfigStore().getString("kra.keySplitting")); + Hashtable params = mService.getRecoveryParams( + recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } - String keyID = (String) params.get("keyID"); - header.addStringValue("serialNumber", keyID); + String keyID = (String)params.get("keyID"); + header.addStringValue("serialNumber", keyID); header.addStringValue("recoveryID", recoveryID); - IKeyRepository mKeyDB = ((IKeyRecoveryAuthority) mAuthority) - .getKeyRepository(); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( - keyID)); + IKeyRepository mKeyDB = + ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new + BigInteger(keyID)); KeyRecordParser.fillRecordIntoArg(rec, header); + } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Error e " + e); throw e; - } + } /* - * catch (Exception e) { header.addStringValue(OUT_ERROR, e.toString()); - * } + catch (Exception e) { + header.addStringValue(OUT_ERROR, e.toString()); + } */ } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java index e1bb0c1a6..4bd4d45be 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -44,9 +45,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Check to see if a Key Recovery Request has been approved - * + * * @version $Revision$, $Date$ */ public class GetApprovalStatus extends CMSServlet { @@ -77,9 +79,9 @@ public class GetApprovalStatus extends CMSServlet { /** * initialize the servlet. This servlet uses the template files - * "getApprovalStatus.template" and "finishRecovery.template" to process the - * response. - * + * "getApprovalStatus.template" and "finishRecovery.template" + * to process the response. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -93,8 +95,8 @@ public class GetApprovalStatus extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -102,7 +104,7 @@ public class GetApprovalStatus extends CMSServlet { * <ul> * <li>http.param recoveryID request ID to check * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -115,8 +117,8 @@ public class GetApprovalStatus extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); } catch (Exception e) { // do nothing for now } @@ -145,52 +147,54 @@ public class GetApprovalStatus extends CMSServlet { Hashtable params = mService.getRecoveryParams(recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } - header.addStringValue("serialNumber", (String) params.get("keyID")); + header.addStringValue("serialNumber", + (String) params.get("keyID")); int requiredNumber = mService.getNoOfRequiredAgents(); header.addIntegerValue("noOfRequiredAgents", requiredNumber); - Vector dc = ((IKeyRecoveryAuthority) mService) - .getAppAgents(recoveryID); + Vector dc = ((IKeyRecoveryAuthority) mService).getAppAgents(recoveryID); Enumeration agents = dc.elements(); while (agents.hasMoreElements()) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("agentName", - ((Credential) agents.nextElement()).getIdentifier()); + rarg.addStringValue("agentName", ((Credential) agents.nextElement()).getIdentifier()); argSet.addRepeatRecord(rarg); } if (dc.size() >= requiredNumber) { // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService) - .getPk12(recoveryID); + byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); if (pkcs12 != null) { rComplete = 1; - header.addStringValue(OUT_STATUS, "complete"); + header.addStringValue(OUT_STATUS, "complete"); /* - * mService.destroyRecoveryParams(recoveryID); try { - * resp.setContentType("application/x-pkcs12"); - * resp.getOutputStream().write(pkcs12); return; } catch - * (IOException e) { header.addStringValue(OUT_ERROR, - * MessageFormatter.getLocalizedString( locale[0], - * BaseResources.class.getName(), - * BaseResources.INTERNAL_ERROR_1, e.toString())); } + mService.destroyRecoveryParams(recoveryID); + try { + resp.setContentType("application/x-pkcs12"); + resp.getOutputStream().write(pkcs12); + return; + } catch (IOException e) { + header.addStringValue(OUT_ERROR, + MessageFormatter.getLocalizedString( + locale[0], + BaseResources.class.getName(), + BaseResources.INTERNAL_ERROR_1, + e.toString())); + } */ - } else if (((IKeyRecoveryAuthority) mService) - .getError(recoveryID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService) - .getError(recoveryID)); + } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); rComplete = 1; } else { // pk12 hasn't been created yet. @@ -203,21 +207,19 @@ public class GetApprovalStatus extends CMSServlet { try { if (rComplete == 1) { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" - + TPL_FINISH; + mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH; } else { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" - + TPL_FILE; - } + mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE; + } if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } ServletOutputStream out = resp.getOutputStream(); @@ -225,10 +227,10 @@ public class GetApprovalStatus extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java index f9c4d5880..cea08af31 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Locale; @@ -41,9 +42,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** - * Get the recovered key in PKCS#12 format - for asynchronous key recovery only - * + * Get the recovered key in PKCS#12 format + * - for asynchronous key recovery only + * */ public class GetAsyncPk12 extends CMSServlet { @@ -64,9 +67,13 @@ public class GetAsyncPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -80,7 +87,7 @@ public class GetAsyncPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishAsyncRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -96,8 +103,8 @@ public class GetAsyncPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -105,7 +112,7 @@ public class GetAsyncPk12 extends CMSServlet { * <ul> * <li>http.param reqID request id for recovery * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -121,14 +128,14 @@ public class GetAsyncPk12 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "download"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -143,10 +150,9 @@ public class GetAsyncPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -167,26 +173,28 @@ public class GetAsyncPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null) { - CMS.debug("GetAsyncPk12::process() - agent is null!"); - throw new EBaseException("agent is null"); + if (agent == null ) { + CMS.debug( "GetAsyncPk12::process() - agent is null!" ); + throw new EBaseException( "agent is null" ); } String initAgent = "undefined"; initAgent = mService.getInitAgentAsyncKeyRecovery(reqID); if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) { - log(ILogger.LL_SECURITY, CMS.getLogMessage( - "CMSGW_INVALID_AGENT_ASYNC_3", reqID, initAgent)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_INVALID_AGENT_ASYNC", reqID, initAgent)); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", + reqID, initAgent)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", + reqID, initAgent)); } // The async recovery request must be in "approved" state - // i.e. all required # of recovery agents approved + // i.e. all required # of recovery agents approved if (mService.isApprovedAsyncKeyRecovery(reqID) != true) { CMS.debug("GetAsyncPk12::process() - # required recovery agents not met"); - throw new EBaseException("# required recovery agents not met"); + throw new EBaseException( "# required recovery agents not met" ); } String password = req.getParameter(IN_PASSWORD); @@ -194,11 +202,11 @@ public class GetAsyncPk12 extends CMSServlet { if (password == null || password.equals("")) { header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - throw new EBaseException("PKCS12 password not found"); + throw new EBaseException( "PKCS12 password not found" ); } if (passwordAgain == null || !passwordAgain.equals(password)) { header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - throw new EBaseException("PKCS12 password not matched"); + throw new EBaseException( "PKCS12 password not matched" ); } // got all approval, return pk12 @@ -210,22 +218,24 @@ public class GetAsyncPk12 extends CMSServlet { resp.getOutputStream().write(pkcs12); mRenderResult = false; - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, ILogger.SUCCESS, reqID, ""); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + reqID, + ""); - audit(auditMessage); + audit(auditMessage); return; } catch (IOException e) { - header.addStringValue(OUT_ERROR, CMS.getUserMessage( - locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(reqID)); + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(reqID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -234,10 +244,12 @@ public class GetAsyncPk12 extends CMSServlet { } if ((agent != null) && (reqID != null)) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, ILogger.FAILURE, reqID, ""); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + reqID, + ""); audit(auditMessage); } @@ -248,10 +260,10 @@ public class GetAsyncPk12 extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java index 284ef7bb3..b36517742 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -42,9 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Get the recovered key in PKCS#12 format - * + * * @version $Revision$, $Date$ */ public class GetPk12 extends CMSServlet { @@ -64,9 +66,13 @@ public class GetPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -80,7 +86,7 @@ public class GetPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -96,8 +102,8 @@ public class GetPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -105,7 +111,7 @@ public class GetPk12 extends CMSServlet { * <ul> * <li>http.param recoveryID ID of request to recover * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -121,14 +127,14 @@ public class GetPk12 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "download"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -143,10 +149,9 @@ public class GetPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -164,10 +169,10 @@ public class GetPk12 extends CMSServlet { Hashtable params = mService.getRecoveryParams(recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } // only the init DRM agent can get the pkcs12 @@ -176,27 +181,29 @@ public class GetPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null) { - CMS.debug("GetPk12::process() - agent is null!"); - throw new EBaseException("agent is null"); + if (agent == null ) { + CMS.debug( "GetPk12::process() - agent is null!" ); + throw new EBaseException( "agent is null" ); } - String initAgent = (String) params.get("agent"); + String initAgent = (String) params.get("agent"); if (!agent.equals(initAgent)) { log(ILogger.LL_SECURITY, - - CMS.getLogMessage("CMSGW_INVALID_AGENT_3", recoveryID, + + CMS.getLogMessage("CMSGW_INVALID_AGENT_3", + recoveryID, initAgent)); - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_INVALID_AGENT", agent, initAgent, recoveryID)); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_AGENT", + agent, initAgent, recoveryID)); } - header.addStringValue("serialNumber", (String) params.get("keyID")); + header.addStringValue("serialNumber", + (String) params.get("keyID")); // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService) - .getPk12(recoveryID); + byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); if (pkcs12 != null) { mService.destroyRecoveryParams(recoveryID); @@ -205,22 +212,24 @@ public class GetPk12 extends CMSServlet { resp.getOutputStream().write(pkcs12); mRenderResult = false; - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, ILogger.SUCCESS, recoveryID, ""); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, + ILogger.SUCCESS, + recoveryID, + ""); audit(auditMessage); return; } catch (IOException e) { - header.addStringValue(OUT_ERROR, CMS.getUserMessage( - locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -229,10 +238,12 @@ public class GetPk12 extends CMSServlet { } if ((agent != null) && (recoveryID != null)) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, ILogger.FAILURE, recoveryID, ""); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, + ILogger.FAILURE, + recoveryID, + ""); audit(auditMessage); } @@ -243,10 +254,10 @@ public class GetPk12 extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java index 0acfd2ffc..a868f47c0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java @@ -40,9 +40,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Approve an asynchronous key recovery request - * + * */ public class GrantAsyncRecovery extends CMSServlet { @@ -67,7 +68,8 @@ public class GrantAsyncRecovery extends CMSServlet { private IKeyService mService = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -79,7 +81,7 @@ public class GrantAsyncRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantAsyncRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -96,8 +98,8 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -105,9 +107,9 @@ public class GrantAsyncRecovery extends CMSServlet { * <ul> * <li>http.param reqID request ID of the request to approve * <li>http.param agentID User ID of the agent approving the request - * + * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -122,14 +124,14 @@ public class GrantAsyncRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "recover"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -144,10 +146,9 @@ public class GrantAsyncRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -158,16 +159,15 @@ public class GrantAsyncRecovery extends CMSServlet { String agentID = authToken.getInString("uid"); CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID); - CMS.debug("GrantAsyncRecovery: process() request id=" - + req.getParameter("reqID")); + CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID")); try { - process(argSet, header, req.getParameter("reqID"), agentID, req, - resp, locale[0]); + process(argSet, header, + req.getParameter("reqID"), + agentID, + req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -175,10 +175,10 @@ public class GrantAsyncRecovery extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -186,13 +186,12 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Update agent approval list * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> - * * @param argSet CMS template parameters * @param header argument block * @param reqID string containing the recovery request ID @@ -201,9 +200,11 @@ public class GrantAsyncRecovery extends CMSServlet { * @param resp HTTP servlet response * @param locale the system locale */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String reqID, String agentID, HttpServletRequest req, - HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, String reqID, + String agentID, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequestID = reqID; @@ -232,8 +233,10 @@ public class GrantAsyncRecovery extends CMSServlet { } try { - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); // update approving agent list mService.addAgentAsyncKeyRecovery(reqID, agentID); @@ -243,9 +246,11 @@ public class GrantAsyncRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.SUCCESS, auditRequestID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.SUCCESS, + auditRequestID, + auditAgentID); audit(auditMessage); @@ -254,9 +259,11 @@ public class GrantAsyncRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRequestID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRequestID, + auditAgentID); audit(auditMessage); } catch (Exception e) { @@ -264,11 +271,14 @@ public class GrantAsyncRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRequestID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRequestID, + auditAgentID); audit(auditMessage); } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java index 51d2a02d6..9a7238be0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -41,9 +42,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; + /** * Approve a key recovery request - * + * * @version $Revision$, $Date$ */ public class GrantRecovery extends CMSServlet { @@ -71,7 +73,8 @@ public class GrantRecovery extends CMSServlet { private IKeyService mService = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = + "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -83,7 +86,7 @@ public class GrantRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -100,19 +103,19 @@ public class GrantRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> * <li>http.param recoveryID ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * <li>http.param agentPWD Password of the agent approving the request - * + * <li>http.param agentID User ID of the agent approving the request + * <li>http.param agentPWD Password of the agent approving the request + * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -125,14 +128,14 @@ public class GrantRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "recover"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -147,10 +150,9 @@ public class GrantRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -164,13 +166,14 @@ public class GrantRecovery extends CMSServlet { agentID = req.getParameter("agentID"); } try { - process(argSet, header, req.getParameter("recoveryID"), agentID, - req.getParameter("agentPWD"), req, resp, locale[0]); + process(argSet, header, + req.getParameter("recoveryID"), + agentID, + req.getParameter("agentPWD"), + req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -178,25 +181,24 @@ public class GrantRecovery extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } /** - * Recovers a key. The p12 will be protected by the password provided by the - * administrator. + * Recovers a key. The p12 will be protected by the password + * provided by the administrator. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> - * * @param argSet CMS template parameters * @param header argument block * @param recoveryID string containing the recovery ID @@ -206,9 +208,11 @@ public class GrantRecovery extends CMSServlet { * @param resp HTTP servlet response * @param locale the system locale */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String recoveryID, String agentID, String agentPWD, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, String recoveryID, + String agentID, String agentPWD, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRecoveryID = recoveryID; @@ -237,35 +241,45 @@ public class GrantRecovery extends CMSServlet { } try { - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); Hashtable h = mService.getRecoveryParams(recoveryID); if (h == null) { - header.addStringValue(OUT_ERROR, "No such token found"); + header.addStringValue(OUT_ERROR, + "No such token found"); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + auditAgentID); audit(auditMessage); return; } - header.addStringValue("serialNumber", (String) h.get("keyID")); + header.addStringValue("serialNumber", + (String) h.get("keyID")); mService.addDistributedCredential(recoveryID, agentID, agentPWD); - header.addStringValue("agentID", agentID); - header.addStringValue("recoveryID", recoveryID); + header.addStringValue("agentID", + agentID); + header.addStringValue("recoveryID", + recoveryID); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.SUCCESS, auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.SUCCESS, + auditRecoveryID, + auditAgentID); audit(auditMessage); @@ -274,9 +288,11 @@ public class GrantRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + auditAgentID); audit(auditMessage); } catch (Exception e) { @@ -284,11 +300,14 @@ public class GrantRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, ILogger.FAILURE, auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, + ILogger.FAILURE, + auditRecoveryID, + auditAgentID); audit(auditMessage); } } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java index 5fa88e5ea..9ce8585f7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.util.Date; import com.netscape.certsrv.apps.CMS; @@ -27,7 +28,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord; /** * Output a 'pretty print' of a Key Archival record - * + * * @version $Revision$, $Date$ */ public class KeyRecordParser { @@ -43,23 +44,28 @@ public class KeyRecordParser { public final static String OUT_RECOVERED_BY = "recoveredBy"; public final static String OUT_RECOVERED_ON = "recoveredOn"; + /** * Fills key record into argument block. */ - public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) - throws EBaseException { + public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) + throws EBaseException { if (rec == null) return; - rarg.addStringValue(OUT_STATE, rec.getState().toString()); - rarg.addStringValue(OUT_OWNER_NAME, rec.getOwnerName()); - rarg.addIntegerValue(OUT_SERIALNO, rec.getSerialNumber().intValue()); - rarg.addStringValue(OUT_KEY_ALGORITHM, rec.getAlgorithm()); - // Possible Enhancement: sun's BASE64Encode is not + rarg.addStringValue(OUT_STATE, + rec.getState().toString()); + rarg.addStringValue(OUT_OWNER_NAME, + rec.getOwnerName()); + rarg.addIntegerValue(OUT_SERIALNO, + rec.getSerialNumber().intValue()); + rarg.addStringValue(OUT_KEY_ALGORITHM, + rec.getAlgorithm()); + // Possible Enhancement: sun's BASE64Encode is not // fast. We may may to have our native implmenetation. IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); rarg.addStringValue(OUT_PUBLIC_KEY, - pp.toHexString(rec.getPublicKeyData(), 0, 20)); + pp.toHexString(rec.getPublicKeyData(), 0, 20)); Integer keySize = rec.getKeySize(); if (keySize == null) { @@ -67,13 +73,17 @@ public class KeyRecordParser { } else { rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue()); } - rarg.addStringValue(OUT_ARCHIVED_BY, rec.getArchivedBy()); - rarg.addLongValue(OUT_ARCHIVED_ON, rec.getCreateTime().getTime() / 1000); + rarg.addStringValue(OUT_ARCHIVED_BY, + rec.getArchivedBy()); + rarg.addLongValue(OUT_ARCHIVED_ON, + rec.getCreateTime().getTime() / 1000); Date dateOfRevocation[] = rec.getDateOfRevocation(); if (dateOfRevocation != null) { - rarg.addStringValue(OUT_RECOVERED_BY, "null"); - rarg.addStringValue(OUT_RECOVERED_ON, "null"); + rarg.addStringValue(OUT_RECOVERED_BY, + "null"); + rarg.addStringValue(OUT_RECOVERED_ON, + "null"); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java index 484bebc5a..edcd2bdf6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -50,7 +51,7 @@ import com.netscape.cmsutil.util.Cert; /** * A class representing a recoverBySerial servlet. - * + * * @version $Revision$, $Date$ */ public class RecoverBySerial extends CMSServlet { @@ -107,17 +108,22 @@ public class RecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP request. The format of this request is as follows: - * recoverBySerial? [serialNumber=<number>] [uid#=<uid>] [pwd#=<password>] - * [localAgents=yes|null] [recoveryID=recoveryID] [pkcs12Password=<password - * of pkcs12>] [pkcs12PasswordAgain=<password of pkcs12>] - * [pkcs12Delivery=<delivery mechanism for pkcs12>] [cert=<encryption - * certificate>] + * recoverBySerial? + * [serialNumber=<number>] + * [uid#=<uid>] + * [pwd#=<password>] + * [localAgents=yes|null] + * [recoveryID=recoveryID] + * [pkcs12Password=<password of pkcs12>] + * [pkcs12PasswordAgain=<password of pkcs12>] + * [pkcs12Delivery=<delivery mechanism for pkcs12>] + * [cert=<encryption certificate>] */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -128,14 +134,14 @@ public class RecoverBySerial extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "recover"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,10 +156,9 @@ public class RecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -184,53 +189,54 @@ public class RecoverBySerial extends CMSServlet { ctx = SessionContext.getContext(); /* - * When Recovery is first initiated, if it is in asynch mode, no - * pkcs#12 password is needed. The initiating agent uid will be - * recorded in the recovery request. Later, as approving agents - * submit their approvals, they will also be listed in the request. + When Recovery is first initiated, if it is in asynch mode, + no pkcs#12 password is needed. + The initiating agent uid will be recorded in the recovery + request. + Later, as approving agents submit their approvals, they will + also be listed in the request. */ - if ((initAsyncRecovery != null) - && initAsyncRecovery.equalsIgnoreCase("ON")) { - process(form, argSet, header, req.getParameter(IN_SERIALNO), - req.getParameter(IN_CERT), req, resp, locale[0]); - - int requiredNumber = mService.getNoOfRequiredAgents(); - header.addIntegerValue("noOfRequiredAgents", requiredNumber); + if ((initAsyncRecovery != null) && + initAsyncRecovery.equalsIgnoreCase("ON")) { + process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter(IN_CERT), + req, resp, locale[0]); + + int requiredNumber = mService.getNoOfRequiredAgents(); + header.addIntegerValue("noOfRequiredAgents", requiredNumber); } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID != null && !recoveryID.equals("")) { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); - } - byte pkcs12[] = process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter("localAgents"), - req.getParameter(IN_PASSWORD), - req.getParameter(IN_PASSWORD_AGAIN), - req.getParameter(IN_CERT), - req.getParameter(IN_DELIVERY), - req.getParameter(IN_NICKNAME), req, resp, locale[0]); - - if (pkcs12 != null) { - // resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/x-pkcs12"); - // resp.setContentLength(pkcs12.length); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - return; + ctx.put(SessionContext.RECOVERY_ID, + req.getParameter("recoveryID")); } + byte pkcs12[] = process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter("localAgents"), + req.getParameter(IN_PASSWORD), + req.getParameter(IN_PASSWORD_AGAIN), + req.getParameter(IN_CERT), + req.getParameter(IN_DELIVERY), + req.getParameter(IN_NICKNAME), + req, resp, locale[0]); + + if (pkcs12 != null) { + //resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentType("application/x-pkcs12"); + //resp.setContentLength(pkcs12.length); + resp.getOutputStream().write(pkcs12); + mRenderResult = false; + return; + } } } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (IOException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } finally { SessionContext.releaseContext(); } @@ -242,10 +248,10 @@ public class RecoverBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -254,9 +260,10 @@ public class RecoverBySerial extends CMSServlet { /** * Async Key Recovery - request initiation */ - private void process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String cert, HttpServletRequest req, - HttpServletResponse resp, Locale locale) { + private void process(CMSTemplate form, CMSTemplateParams argSet, + IArgBlock header, String seq, String cert, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { // seq is the key id if (seq == null) { @@ -283,35 +290,38 @@ public class RecoverBySerial extends CMSServlet { SessionContext sContext = SessionContext.getContext(); try { - String reqID = mService.initAsyncKeyRecovery(new BigInteger(seq), - x509cert, (String) sContext.get(SessionContext.USER_ID)); + String reqID = mService.initAsyncKeyRecovery( + new BigInteger(seq), x509cert, + (String) sContext.get(SessionContext.USER_ID)); header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); header.addStringValue("requestID", reqID); } catch (EBaseException e) { - String error = "Failed to recover key for key id " + seq - + ".\nException: " + e.toString(); + String error = + "Failed to recover key for key id " + + seq + ".\nException: " + e.toString(); - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, error); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(seq, error); } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, eb.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; } /** - * Recovers a key. The p12 will be protected by the password provided by the - * administrator. + * Recovers a key. The p12 will be protected by the password + * provided by the administrator. */ private byte[] process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String localAgents, String password, - String passwordAgain, String cert, String delivery, - String nickname, HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String seq, String localAgents, + String password, String passwordAgain, + String cert, String delivery, String nickname, + HttpServletRequest req, HttpServletResponse resp, + Locale locale) { if (seq == null) { header.addStringValue(OUT_ERROR, "sequence number not found"); return null; @@ -350,64 +360,65 @@ public class RecoverBySerial extends CMSServlet { if (sContext != null) { agent = (String) sContext.get(SessionContext.USER_ID); } - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - if (localAgents == null) { - String recoveryID = req.getParameter("recoveryID"); + if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { + if (localAgents == null) { + String recoveryID = req.getParameter("recoveryID"); - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, - "No recovery ID specified"); - return null; - } - Hashtable params = mService - .createRecoveryParams(recoveryID); + if (recoveryID == null || recoveryID.equals("")) { + header.addStringValue(OUT_ERROR, "No recovery ID specified"); + return null; + } + Hashtable params = mService.createRecoveryParams(recoveryID); - params.put("keyID", req.getParameter(IN_SERIALNO)); + params.put("keyID", req.getParameter(IN_SERIALNO)); - header.addStringValue("recoveryID", recoveryID); + header.addStringValue("recoveryID", recoveryID); - params.put("agent", agent); + params.put("agent", agent); - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, seq, - password, x509cert, delivery, nickname, - SessionContext.getContext()); + // new thread to wait for pk12 + Thread waitThread = new WaitApprovalThread(recoveryID, + seq, password, x509cert, delivery, nickname, + SessionContext.getContext()); - waitThread.start(); - return null; - } else { - Vector v = new Vector(); - - for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { - String uid = req.getParameter(IN_UID + i); - String pwd = req.getParameter(IN_PWD + i); - - if (uid != null && pwd != null && !uid.equals("") - && !pwd.equals("")) { - v.addElement(new Credential(uid, pwd)); - } else { - header.addStringValue(OUT_ERROR, - "Uid(s) or password(s) are not provided"); - return null; - } - } - if (v.size() != mService.getNoOfRequiredAgents()) { - header.addStringValue(OUT_ERROR, - "Uid(s) or password(s) are not provided"); + waitThread.start(); + return null; + } else { + Vector v = new Vector(); + + for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { + String uid = req.getParameter(IN_UID + i); + String pwd = req.getParameter(IN_PWD + i); + + if (uid != null && pwd != null && !uid.equals("") && + !pwd.equals("")) { + v.addElement(new Credential(uid, pwd)); + } else { + header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); return null; } - creds = new Credential[v.size()]; - v.copyInto(creds); } + if (v.size() != mService.getNoOfRequiredAgents()) { + header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); + return null; + } + creds = new Credential[v.size()]; + v.copyInto(creds); + } - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addIntegerValue(OUT_SERIALNO, Integer.parseInt(seq)); - header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); - byte pkcs12[] = mService.doKeyRecovery(new BigInteger(seq), - creds, password, x509cert, delivery, nickname, agent); - - return pkcs12; - } else { + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addIntegerValue(OUT_SERIALNO, + Integer.parseInt(seq)); + header.addStringValue(OUT_SERVICE_URL, + req.getRequestURI()); + byte pkcs12[] = mService.doKeyRecovery( + new BigInteger(seq), + creds, password, x509cert, + delivery, nickname, agent); + + return pkcs12; + } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID == null || recoveryID.equals("")) { @@ -423,13 +434,13 @@ public class RecoverBySerial extends CMSServlet { params.put("agent", agent); // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, seq, - password, x509cert, delivery, nickname, + Thread waitThread = new WaitApprovalThread(recoveryID, + seq, password, x509cert, delivery, nickname, SessionContext.getContext()); waitThread.start(); return null; - } + } } catch (EBaseException e) { header.addStringValue(OUT_ERROR, e.toString(locale)); } catch (Exception e) { @@ -439,8 +450,8 @@ public class RecoverBySerial extends CMSServlet { } /** - * Wait approval thread. Wait for recovery agents' approval exit when - * required number of approval received + * Wait approval thread. Wait for recovery agents' approval + * exit when required number of approval received */ final class WaitApprovalThread extends Thread { String theRecoveryID = null; @@ -451,24 +462,24 @@ public class RecoverBySerial extends CMSServlet { String theNickname = null; SessionContext theSc = null; - /** + /** * Wait approval thread constructor including thread name */ public WaitApprovalThread(String recoveryID, String seq, - String password, X509CertImpl cert, String delivery, - String nickname, SessionContext sc) { + String password, X509CertImpl cert, + String delivery, String nickname, SessionContext sc) { super(); - super.setName("waitApproval." + recoveryID + "-" - + (Thread.activeCount() + 1)); + super.setName("waitApproval." + recoveryID + "-" + + (Thread.activeCount() + 1)); theRecoveryID = recoveryID; theSeq = seq; thePassword = password; theCert = cert; theDelivery = delivery; theNickname = nickname; - theSc = sc; + theSc = sc; } - + public void run() { SessionContext.setContext(theSc); Credential creds[] = null; @@ -476,17 +487,17 @@ public class RecoverBySerial extends CMSServlet { try { creds = mService.getDistributedCredentials(theRecoveryID); } catch (EBaseException e) { - String error = "Failed to get required approvals for recovery id " - + theRecoveryID + ".\nException: " + e.toString(); + String error = + "Failed to get required approvals for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, error); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { - ((IKeyRecoveryAuthority) mService).createError( - theRecoveryID, error); + ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, eb.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } return; } @@ -494,24 +505,25 @@ public class RecoverBySerial extends CMSServlet { SessionContext sContext = SessionContext.getContext(); try { - byte pkcs12[] = mService.doKeyRecovery(new BigInteger(theSeq), - creds, thePassword, theCert, theDelivery, theNickname, + byte pkcs12[] = mService.doKeyRecovery( + new BigInteger(theSeq), + creds, thePassword, theCert, + theDelivery, theNickname, (String) sContext.get(SessionContext.USER_ID)); - ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, - pkcs12); + ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); } catch (EBaseException e) { - String error = "Failed to recover key for recovery id " - + theRecoveryID + ".\nException: " + e.toString(); + String error = + "Failed to recover key for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, error); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, error); try { - ((IKeyRecoveryAuthority) mService).createError( - theRecoveryID, error); + ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, - ILogger.LL_FAILURE, eb.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, + ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); } } return; @@ -519,3 +531,4 @@ public class RecoverBySerial extends CMSServlet { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java index 923ef0316..c0fdd02ee 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -47,7 +48,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching search criteria - * + * * @version $Revision$, $Date$ */ public class SrchKey extends CMSServlet { @@ -73,7 +74,7 @@ public class SrchKey extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -92,20 +93,20 @@ public class SrchKey extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKey.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - /* - * maxReturns doesn't seem to do anything useful in this servlet!!! - */ + /* maxReturns doesn't seem to do anything useful in this + servlet!!! */ try { - String tmp = sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + String tmp = + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -131,20 +132,20 @@ public class SrchKey extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param queryFilter ldap-style filter to search with + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param queryFilter ldap-style filter to search with * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -157,14 +158,14 @@ public class SrchKey extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -179,10 +180,9 @@ public class SrchKey extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // process query if authentication is successful @@ -197,10 +197,12 @@ public class SrchKey extends CMSServlet { try { if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + maxCount = Integer.parseInt( + req.getParameter(IN_MAXCOUNT)); } if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt(req.getParameter(IN_SENTINEL)); + sentinel = Integer.parseInt( + req.getParameter(IN_SENTINEL)); } String maxResultsStr = req.getParameter("maxResults"); @@ -210,13 +212,12 @@ public class SrchKey extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, timeLimit, - sentinel, req.getParameter(IN_FILTER), req, resp, locale[0]); + process(argSet, header, ctx, maxCount, maxResults, + timeLimit, sentinel, + req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue( - OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", - e.toString())); + header.addStringValue(OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } try { @@ -225,10 +226,10 @@ public class SrchKey extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -236,47 +237,54 @@ public class SrchKey extends CMSServlet { /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, int maxCount, int maxResults, int timeLimit, - int sentinel, String filter, HttpServletRequest req, - HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) { try { // Fill header - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, mAuthName.toString()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_ARCHIVER, + mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX - header.addStringValue(OUT_SERVICE_URL, "/kra?"); - header.addStringValue(OUT_TEMPLATE, TPL_FILE); - header.addStringValue(OUT_FILTER, filter); + header.addStringValue(OUT_SERVICE_URL, + "/kra?"); + header.addStringValue(OUT_TEMPLATE, + TPL_FILE); + header.addStringValue(OUT_FILTER, + filter); if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " - + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration e = mKeyDB.searchKeys(filter, maxResults, timeLimit); + Enumeration e = mKeyDB.searchKeys(filter, + maxResults, timeLimit); int count = 0; if (e == null) { - header.addStringValue(OUT_SENTINEL, null); + header.addStringValue(OUT_SENTINEL, + null); } else { while (e.hasMoreElements()) { - IKeyRecord rec = (IKeyRecord) e.nextElement(); + IKeyRecord rec = (IKeyRecord) + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java index c8ccfadfe..56a1817e6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -47,8 +48,8 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching given public key material - * - * + * + * * @version $Revision$, $Date$ */ public class SrchKeyForRecovery extends CMSServlet { @@ -74,7 +75,7 @@ public class SrchKeyForRecovery extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -93,7 +94,7 @@ public class SrchKeyForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKeyForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,9 +102,10 @@ public class SrchKeyForRecovery extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; try { - String tmp = sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + String tmp = + sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -129,20 +131,20 @@ public class SrchKeyForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch * <li>http.param publicKeyData public key data to search on * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -155,14 +157,14 @@ public class SrchKeyForRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "list"); + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -177,12 +179,11 @@ public class SrchKeyForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - + // process query if authentication is successful IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); @@ -196,10 +197,12 @@ public class SrchKeyForRecovery extends CMSServlet { try { if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + maxCount = Integer.parseInt( + req.getParameter(IN_MAXCOUNT)); } if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt(req.getParameter(IN_SENTINEL)); + sentinel = Integer.parseInt( + req.getParameter(IN_SENTINEL)); } String maxResultsStr = req.getParameter("maxResults"); @@ -209,71 +212,76 @@ public class SrchKeyForRecovery extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, timeLimit, - sentinel, req.getParameter("publicKeyData"), - req.getParameter(IN_FILTER), req, resp, locale[0]); + process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel, + req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), - "CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } /* - * catch (Exception e) { error = new - * EBaseException(BaseResources.INTERNAL_ERROR_1, e); } + catch (Exception e) { + error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e); + } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, int maxCount, int maxResults, int timeLimit, - int sentinel, String publicKeyData, String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, + IArgBlock header, IArgBlock ctx, + int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, + String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { try { // Fill header - header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, mAuthName.toString()); + header.addStringValue(OUT_OP, + req.getParameter(OUT_OP)); + header.addStringValue(OUT_ARCHIVER, + mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX - header.addStringValue(OUT_SERVICE_URL, "/kra?"); - header.addStringValue(OUT_TEMPLATE, TPL_FILE); - header.addStringValue(OUT_FILTER, filter); + header.addStringValue(OUT_SERVICE_URL, + "/kra?"); + header.addStringValue(OUT_TEMPLATE, + TPL_FILE); + header.addStringValue(OUT_FILTER, + filter); if (publicKeyData != null) { - header.addStringValue("publicKeyData", publicKeyData); + header.addStringValue("publicKeyData", + publicKeyData); } if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " - + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } CMS.debug("Start searching ... timelimit=" + timeLimit); @@ -281,20 +289,22 @@ public class SrchKeyForRecovery extends CMSServlet { int count = 0; if (e == null) { - header.addStringValue(OUT_SENTINEL, null); + header.addStringValue(OUT_SENTINEL, + null); } else { while (e.hasMoreElements()) { - IKeyRecord rec = (IKeyRecord) e.nextElement(); + IKeyRecord rec = (IKeyRecord) + e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers - // a LDAPException.SIZE_LIMIT_ExCEEDED + // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } |