summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java177
1 files changed, 86 insertions, 91 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
index 27648758b..99b4c2b32 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Process CRMF requests, according to RFC 2511
- * See http://www.ietf.org/rfc/rfc2511.txt
- *
+ * Process CRMF requests, according to RFC 2511 See
+ * http://www.ietf.org/rfc/rfc2511.txt
+ *
* @version $Revision$, $Date$
*/
public class CRMFProcessor extends PKIProcessor {
@@ -69,37 +67,36 @@ public class CRMFProcessor extends PKIProcessor {
private boolean enforcePop = false;
- private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
- "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+ private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
public CRMFProcessor() {
super();
}
- public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) {
+ public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet,
+ boolean doEnforcePop) {
super(cmsReq, servlet);
enforcePop = doEnforcePop;
mRequest = cmsReq;
}
- public void process(CMSRequest cmsReq)
- throws EBaseException {
+ public void process(CMSRequest cmsReq) throws EBaseException {
}
/**
* Verify Proof of Possession (POP)
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof
* of possession is checked during certificate enrollment
* </ul>
+ *
* @param certReqMsg the certificate request message
* @exception EBaseException an error has occurred
*/
- private void verifyPOP(CertReqMsg certReqMsg)
- throws EBaseException {
+ private void verifyPOP(CertReqMsg certReqMsg) throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -118,59 +115,55 @@ public class CRMFProcessor extends PKIProcessor {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.SUCCESS );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID, ILogger.SUCCESS);
- audit( auditMessage );
+ audit(auditMessage);
} catch (Exception e) {
CMS.debug("CRMFProcessor: Failed POP verify!");
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+ CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID, ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+ CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
}
}
} else {
if (enforcePop == true) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+ CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID, ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+ CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
}
}
- } catch( EBaseException eAudit1 ) {
+ } catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
}
}
- public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg,
+ IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
CMS.debug("CRMFProcessor::processIndividualRequest!");
try {
@@ -196,38 +189,39 @@ public class CRMFProcessor extends PKIProcessor {
// field suggested notBefore and notAfter in CRMF
// Tech Support #383184
- if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) {
- CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter());
+ if (certTemplate.getNotBefore() != null
+ || certTemplate.getNotAfter() != null) {
+ CertificateValidity certValidity = new CertificateValidity(
+ certTemplate.getNotBefore(), certTemplate.getNotAfter());
certInfo.set(X509CertInfo.VALIDITY, certValidity);
}
if (certTemplate.hasSubject()) {
Name subjectdn = certTemplate.getSubject();
- ByteArrayOutputStream subjectEncStream =
- new ByteArrayOutputStream();
+ ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream();
subjectdn.encode(subjectEncStream);
byte[] subjectEnc = subjectEncStream.toByteArray();
X500Name subject = new X500Name(subjectEnc);
- certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subject));
- } else if (authToken == null ||
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ subject));
+ } else if (authToken == null
+ || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
// No subject name - error!
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
// get extensions
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (CertificateException e) {
extensions = null;
} catch (IOException e) {
@@ -242,35 +236,32 @@ public class CRMFProcessor extends PKIProcessor {
int numexts = certTemplate.numExtensions();
for (int j = 0; j < numexts; j++) {
- org.mozilla.jss.pkix.cert.Extension jssext =
- certTemplate.extensionAt(j);
+ org.mozilla.jss.pkix.cert.Extension jssext = certTemplate
+ .extensionAt(j);
boolean isCritical = jssext.getCritical();
- org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
- jssext.getExtnId();
+ org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext
+ .getExtnId();
long[] numbers = jssoid.getNumbers();
int[] oidNumbers = new int[numbers.length];
for (int k = numbers.length - 1; k >= 0; k--) {
oidNumbers[k] = (int) numbers[k];
}
- ObjectIdentifier oid =
- new ObjectIdentifier(oidNumbers);
- org.mozilla.jss.asn1.OCTET_STRING jssvalue =
- jssext.getExtnValue();
- ByteArrayOutputStream jssvalueout =
- new ByteArrayOutputStream();
+ ObjectIdentifier oid = new ObjectIdentifier(oidNumbers);
+ org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext
+ .getExtnValue();
+ ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream();
jssvalue.encode(jssvalueout);
byte[] extValue = jssvalueout.toByteArray();
- Extension ext =
- new Extension(oid, isCritical, extValue);
+ Extension ext = new Extension(oid, isCritical, extValue);
extensions.parseExtension(ext);
}
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
@@ -282,8 +273,8 @@ public class CRMFProcessor extends PKIProcessor {
// to have the control of the subject name
// formulation.
// -- CRMFfillCert
- if (authToken != null &&
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+ if (authToken != null
+ && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
// if authenticated override subect name, validity and
// extensions if any from authtoken.
fillCertInfoFromAuthToken(certInfo, authToken);
@@ -300,31 +291,34 @@ public class CRMFProcessor extends PKIProcessor {
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
- } /* catch (InvalidBERException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
- throw new ECMSGWException(
- CMSGWResources.ERROR_CRMF_TO_CERTINFO);
- } */ catch (InvalidKeyException e) {
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ } /*
+ * catch (InvalidBERException e) { log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
+ * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO);
+ * }
+ */catch (InvalidKeyException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
- public X509CertInfo[] fillCertInfoArray(
- String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ public X509CertInfo[] fillCertInfoArray(String protocolString,
+ IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
CMS.debug("CRMFProcessor.fillCertInfoArray!");
@@ -332,11 +326,10 @@ public class CRMFProcessor extends PKIProcessor {
try {
byte[] crmfBlob = CMS.AtoB(crmf);
- ByteArrayInputStream crmfBlobIn =
- new ByteArrayInputStream(crmfBlob);
+ ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob);
- SEQUENCE crmfMsgs = (SEQUENCE)
- new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
+ SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template(
+ new CertReqMsg.Template()).decode(crmfBlobIn);
int nummsgs = crmfMsgs.size();
X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -344,31 +337,33 @@ public class CRMFProcessor extends PKIProcessor {
for (int i = 0; i < nummsgs; i++) {
// decode message.
CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
-
+
CertRequest certReq = certReqMsg.getCertReq();
INTEGER certReqId = certReq.getCertReqId();
int srcId = certReqId.intValue();
req.setExtData(IRequest.CRMF_REQID, String.valueOf(srcId));
- certInfoArray[i] = processIndividualRequest(certReqMsg, authToken, httpParams);
+ certInfoArray[i] = processIndividualRequest(certReqMsg,
+ authToken, httpParams);
}
- //do_testbed_hack(nummsgs, certInfoArray, httpParams);
+ // do_testbed_hack(nummsgs, certInfoArray, httpParams);
return certInfoArray;
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (InvalidBERException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
}
-
generated by cgit (git 2.34.1) at 2024-06-29 23:57:26 +0000