summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/processors
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/processors')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java196
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java177
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java46
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java170
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java190
6 files changed, 395 insertions, 391 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
index 2d3f1874c..1e44dad18 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
+
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -71,10 +72,11 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
+
/**
- * Process CMC messages according to RFC 2797 See
- * http://www.ietf.org/rfc/rfc2797.txt
- *
+ * Process CMC messages according to RFC 2797
+ * See http://www.ietf.org/rfc/rfc2797.txt
+ *
* @version $Revision$, $Date$
*/
public class CMCProcessor extends PKIProcessor {
@@ -85,56 +87,56 @@ public class CMCProcessor extends PKIProcessor {
super();
}
- public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet,
- boolean doEnforcePop) {
+ public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) {
super(cmsReq, servlet);
enforcePop = doEnforcePop;
}
- public void process(CMSRequest cmsReq) throws EBaseException {
+ public void process(CMSRequest cmsReq)
+ throws EBaseException {
}
- public void fillCertInfo(String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
+ public void fillCertInfo(
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
}
- public X509CertInfo[] fillCertInfoArray(String protocolString,
- IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ public X509CertInfo[] fillCertInfoArray(
+ String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!");
String cmc = protocolString;
try {
byte[] cmcBlob = CMS.AtoB(cmc);
- ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(cmcBlob);
+ ByteArrayInputStream cmcBlobIn =
+ new ByteArrayInputStream(cmcBlob);
- org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo
- .getTemplate().decode(cmcBlobIn);
+ org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
+ org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
- if (!cmcReq.getContentType().equals(
- org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA)
- || !cmcReq.hasContent())
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
+ if
+ (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent())
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
- SignedData cmcFullReq = (SignedData) cmcReq.getInterpretedContent();
+ SignedData cmcFullReq = (SignedData)
+ cmcReq.getInterpretedContent();
EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
OBJECT_IDENTIFIER id = ci.getContentType();
- if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData)
- || !ci.hasContent()) {
+ if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
+ CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
}
OCTET_STRING content = ci.getContent();
- ByteArrayInputStream s = new ByteArrayInputStream(
- content.toByteArray());
+ ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
SEQUENCE reqSequence = pkiData.getReqSequence();
@@ -142,11 +144,10 @@ public class CMCProcessor extends PKIProcessor {
int numReqs = reqSequence.size();
X509CertInfo[] certInfoArray = new X509CertInfo[numReqs];
String[] reqIdArray = new String[numReqs];
-
+
for (int i = 0; i < numReqs; i++) {
// decode message.
- TaggedRequest taggedRequest = (TaggedRequest) reqSequence
- .elementAt(i);
+ TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i);
TaggedRequest.Type type = taggedRequest.getType();
@@ -156,37 +157,35 @@ public class CMCProcessor extends PKIProcessor {
reqIdArray[i] = String.valueOf(p10Id);
- CertificationRequest p10 = tcr.getCertificationRequest();
+ CertificationRequest p10 =
+ tcr.getCertificationRequest();
// transfer to sun class
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
p10.encode(ostream);
- PKCS10Processor pkcs10Processor = new PKCS10Processor(
- mRequest, mServlet);
+ PKCS10Processor pkcs10Processor = new PKCS10Processor(mRequest, mServlet);
try {
PKCS10 pkcs10 = new PKCS10(ostream.toByteArray());
- // xxx do we need to do anything else?
+ //xxx do we need to do anything else?
X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
- pkcs10Processor.fillCertInfo(pkcs10, certInfo,
- authToken, httpParams);
+ pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams);
- /*
- * fillPKCS10(pkcs10,certInfo, authToken, httpParams);
+ /* fillPKCS10(pkcs10,certInfo,
+ authToken, httpParams);
*/
certInfoArray[i] = certInfo;
} catch (Exception e) {
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_PKCS10_ERROR", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_PKCS10_ERROR", e.toString()));
}
} else if (type.equals(TaggedRequest.CRMF)) {
- CRMFProcessor crmfProc = new CRMFProcessor(mRequest,
- mServlet, enforcePop);
+ CRMFProcessor crmfProc = new CRMFProcessor(mRequest, mServlet, enforcePop);
CertReqMsg crm = taggedRequest.getCrm();
CertRequest certReq = crm.getCertReq();
@@ -196,12 +195,10 @@ public class CMCProcessor extends PKIProcessor {
reqIdArray[i] = String.valueOf(srcId);
- certInfoArray[i] = crmfProc.processIndividualRequest(crm,
- authToken, httpParams);
+ certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams);
} else {
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
}
}
@@ -211,11 +208,13 @@ public class CMCProcessor extends PKIProcessor {
Hashtable digs = new Hashtable();
for (int i = 0; i < numDig; i++) {
- AlgorithmIdentifier dai = (AlgorithmIdentifier) dais
- .elementAt(i);
- String name = DigestAlgorithm.fromOID(dai.getOID()).toString();
+ AlgorithmIdentifier dai =
+ (AlgorithmIdentifier) dais.elementAt(i);
+ String name =
+ DigestAlgorithm.fromOID(dai.getOID()).toString();
- MessageDigest md = MessageDigest.getInstance(name);
+ MessageDigest md =
+ MessageDigest.getInstance(name);
byte[] digest = md.digest(content.toByteArray());
@@ -226,8 +225,9 @@ public class CMCProcessor extends PKIProcessor {
int numSis = sis.size();
for (int i = 0; i < numSis; i++) {
- org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis
- .elementAt(i);
+ org.mozilla.jss.pkix.cms.SignerInfo si =
+ (org.mozilla.jss.pkix.cms.SignerInfo)
+ sis.elementAt(i);
String name = si.getDigestAlgorithm().toString();
byte[] digest = (byte[]) digs.get(name);
@@ -243,10 +243,9 @@ public class CMCProcessor extends PKIProcessor {
SignerIdentifier sid = si.getSignerIdentifier();
- if (sid.getType().equals(
- SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
- IssuerAndSerialNumber issuerAndSerialNumber = sid
- .getIssuerAndSerialNumber();
+ if
+ (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
+ IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber();
// find from the certs in the signedData
X509Certificate cert = null;
@@ -255,23 +254,21 @@ public class CMCProcessor extends PKIProcessor {
int numCerts = certs.size();
for (int j = 0; j < numCerts; j++) {
- Certificate certJss = (Certificate) certs
- .elementAt(j);
- CertificateInfo certI = certJss.getInfo();
+ Certificate certJss =
+ (Certificate) certs.elementAt(j);
+ CertificateInfo certI =
+ certJss.getInfo();
Name issuer = certI.getIssuer();
byte[] issuerB = ASN1Util.encode(issuer);
INTEGER sn = certI.getSerialNumber();
- if (new String(issuerB)
- .equals(new String(ASN1Util
- .encode(issuerAndSerialNumber
- .getIssuer())))
- && sn.toString().equals(
- issuerAndSerialNumber
- .getSerialNumber()
- .toString())) {
- ByteArrayOutputStream os = new ByteArrayOutputStream();
+ if (
+ new String(issuerB).equals(new
+ String(ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
+ && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
+ ByteArrayOutputStream os = new
+ ByteArrayOutputStream();
certJss.encode(os);
cert = new X509CertImpl(os.toByteArray());
@@ -298,7 +295,8 @@ public class CMCProcessor extends PKIProcessor {
keyType = PrivateKey.DSA;
} else {
}
- PK11PubKey pubK = PK11PubKey.fromRaw(keyType,
+ PK11PubKey pubK =
+ PK11PubKey.fromRaw(keyType,
((X509Key) signKey).getKey());
si.verify(digest, id, pubK);
@@ -311,25 +309,21 @@ public class CMCProcessor extends PKIProcessor {
PublicKey signKey = null;
while (signKey == null && j < numReqs) {
- X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j]
- .get(X509CertInfo.KEY))
- .get(CertificateX509Key.KEY);
+ X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)).get(CertificateX509Key.KEY);
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(subjectKeyInfo.getEncoded());
byte[] skib = md.digest();
- if (new String(skib).equals(new String(ski
- .toByteArray()))) {
+ if (new String(skib).equals(new String(ski.toByteArray()))) {
signKey = subjectKeyInfo;
}
j++;
}
if (signKey == null) {
- throw new ECMSGWException(
- CMS.getUserMessage(
- "CMS_GW_CMC_ERROR",
- "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request."));
+ throw new
+ ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
+ "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request."));
} else {
PrivateKey.Type keyType = null;
String alg = signKey.getAlgorithm();
@@ -340,7 +334,8 @@ public class CMCProcessor extends PKIProcessor {
keyType = PrivateKey.DSA;
} else {
}
- PK11PubKey pubK = PK11PubKey.fromRaw(keyType,
+ PK11PubKey pubK = PK11PubKey.fromRaw(
+ keyType,
((X509Key) signKey).getKey());
si.verify(digest, id, pubK);
@@ -356,8 +351,8 @@ public class CMCProcessor extends PKIProcessor {
int numControls = controls.size();
for (int i = 0; i < numControls; i++) {
- TaggedAttribute control = (TaggedAttribute) controls
- .elementAt(i);
+ TaggedAttribute control =
+ (TaggedAttribute) controls.elementAt(i);
OBJECT_IDENTIFIER type = control.getType();
SET values = control.getValues();
int numVals = values.size();
@@ -368,9 +363,10 @@ public class CMCProcessor extends PKIProcessor {
if (numVals > 0)
vals = new String[numVals];
for (int j = 0; j < numVals; j++) {
- ANY val = (ANY) values.elementAt(j);
- INTEGER transId = (INTEGER) ((ANY) val)
- .decodeWith(INTEGER.getTemplate());
+ ANY val = (ANY)
+ values.elementAt(j);
+ INTEGER transId = (INTEGER) ((ANY) val).decodeWith(
+ INTEGER.getTemplate());
if (transId != null) {
vals[j] = transId.toString();
@@ -378,15 +374,17 @@ public class CMCProcessor extends PKIProcessor {
}
if (vals != null)
req.setExtData(IRequest.CMC_TRANSID, vals);
- } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+ } else if
+ (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
String[] vals = null;
if (numVals > 0)
vals = new String[numVals];
for (int j = 0; j < numVals; j++) {
- ANY val = (ANY) values.elementAt(j);
- OCTET_STRING nonce = (OCTET_STRING) ((ANY) val)
- .decodeWith(OCTET_STRING.getTemplate());
+ ANY val = (ANY)
+ values.elementAt(j);
+ OCTET_STRING nonce = (OCTET_STRING)
+ ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
if (nonce != null) {
vals[j] = new String(nonce.toByteArray());
@@ -411,31 +409,27 @@ public class CMCProcessor extends PKIProcessor {
return certInfoArray;
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
} catch (InvalidBERException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
} catch (InvalidKeyException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ }catch (Exception e) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
- } catch (Exception e) {
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
- e.toString()));
+ CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString()));
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
index 99b4c2b32..27648758b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
+
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -55,10 +56,11 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
+
/**
- * Process CRMF requests, according to RFC 2511 See
- * http://www.ietf.org/rfc/rfc2511.txt
- *
+ * Process CRMF requests, according to RFC 2511
+ * See http://www.ietf.org/rfc/rfc2511.txt
+ *
* @version $Revision$, $Date$
*/
public class CRMFProcessor extends PKIProcessor {
@@ -67,36 +69,37 @@ public class CRMFProcessor extends PKIProcessor {
private boolean enforcePop = false;
- private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+ private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
+ "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
public CRMFProcessor() {
super();
}
- public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet,
- boolean doEnforcePop) {
+ public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) {
super(cmsReq, servlet);
enforcePop = doEnforcePop;
mRequest = cmsReq;
}
- public void process(CMSRequest cmsReq) throws EBaseException {
+ public void process(CMSRequest cmsReq)
+ throws EBaseException {
}
/**
* Verify Proof of Possession (POP)
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof
* of possession is checked during certificate enrollment
* </ul>
- *
* @param certReqMsg the certificate request message
* @exception EBaseException an error has occurred
*/
- private void verifyPOP(CertReqMsg certReqMsg) throws EBaseException {
+ private void verifyPOP(CertReqMsg certReqMsg)
+ throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -115,55 +118,59 @@ public class CRMFProcessor extends PKIProcessor {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID, ILogger.SUCCESS);
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.SUCCESS );
- audit(auditMessage);
+ audit( auditMessage );
} catch (Exception e) {
CMS.debug("CRMFProcessor: Failed POP verify!");
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+ CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID, ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.FAILURE );
- audit(auditMessage);
+ audit( auditMessage );
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+ CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
}
}
} else {
if (enforcePop == true) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+ CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID, ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.FAILURE );
- audit(auditMessage);
+ audit( auditMessage );
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+ CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
}
}
- } catch (EBaseException eAudit1) {
+ } catch( EBaseException eAudit1 ) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID,
+ ILogger.FAILURE );
- audit(auditMessage);
+ audit( auditMessage );
}
}
- public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg,
- IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
+ public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("CRMFProcessor::processIndividualRequest!");
try {
@@ -189,39 +196,38 @@ public class CRMFProcessor extends PKIProcessor {
// field suggested notBefore and notAfter in CRMF
// Tech Support #383184
- if (certTemplate.getNotBefore() != null
- || certTemplate.getNotAfter() != null) {
- CertificateValidity certValidity = new CertificateValidity(
- certTemplate.getNotBefore(), certTemplate.getNotAfter());
+ if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) {
+ CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter());
certInfo.set(X509CertInfo.VALIDITY, certValidity);
}
if (certTemplate.hasSubject()) {
Name subjectdn = certTemplate.getSubject();
- ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream();
+ ByteArrayOutputStream subjectEncStream =
+ new ByteArrayOutputStream();
subjectdn.encode(subjectEncStream);
byte[] subjectEnc = subjectEncStream.toByteArray();
X500Name subject = new X500Name(subjectEnc);
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- subject));
- } else if (authToken == null
- || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ certInfo.set(X509CertInfo.SUBJECT,
+ new CertificateSubjectName(subject));
+ } else if (authToken == null ||
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
// No subject name - error!
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
// get extensions
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions) certInfo
- .get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions)
+ certInfo.get(X509CertInfo.EXTENSIONS);
} catch (CertificateException e) {
extensions = null;
} catch (IOException e) {
@@ -236,32 +242,35 @@ public class CRMFProcessor extends PKIProcessor {
int numexts = certTemplate.numExtensions();
for (int j = 0; j < numexts; j++) {
- org.mozilla.jss.pkix.cert.Extension jssext = certTemplate
- .extensionAt(j);
+ org.mozilla.jss.pkix.cert.Extension jssext =
+ certTemplate.extensionAt(j);
boolean isCritical = jssext.getCritical();
- org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext
- .getExtnId();
+ org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
+ jssext.getExtnId();
long[] numbers = jssoid.getNumbers();
int[] oidNumbers = new int[numbers.length];
for (int k = numbers.length - 1; k >= 0; k--) {
oidNumbers[k] = (int) numbers[k];
}
- ObjectIdentifier oid = new ObjectIdentifier(oidNumbers);
- org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext
- .getExtnValue();
- ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream();
+ ObjectIdentifier oid =
+ new ObjectIdentifier(oidNumbers);
+ org.mozilla.jss.asn1.OCTET_STRING jssvalue =
+ jssext.getExtnValue();
+ ByteArrayOutputStream jssvalueout =
+ new ByteArrayOutputStream();
jssvalue.encode(jssvalueout);
byte[] extValue = jssvalueout.toByteArray();
- Extension ext = new Extension(oid, isCritical, extValue);
+ Extension ext =
+ new Extension(oid, isCritical, extValue);
extensions.parseExtension(ext);
}
- certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
- CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION,
+ new CertificateVersion(CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
@@ -273,8 +282,8 @@ public class CRMFProcessor extends PKIProcessor {
// to have the control of the subject name
// formulation.
// -- CRMFfillCert
- if (authToken != null
- && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+ if (authToken != null &&
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
// if authenticated override subect name, validity and
// extensions if any from authtoken.
fillCertInfoFromAuthToken(certInfo, authToken);
@@ -291,34 +300,31 @@ public class CRMFProcessor extends PKIProcessor {
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
- } /*
- * catch (InvalidBERException e) { log(ILogger.LL_FAILURE,
- * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
- * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO);
- * }
- */catch (InvalidKeyException e) {
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ } /* catch (InvalidBERException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
+ throw new ECMSGWException(
+ CMSGWResources.ERROR_CRMF_TO_CERTINFO);
+ } */ catch (InvalidKeyException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
- public X509CertInfo[] fillCertInfoArray(String protocolString,
- IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ public X509CertInfo[] fillCertInfoArray(
+ String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
CMS.debug("CRMFProcessor.fillCertInfoArray!");
@@ -326,10 +332,11 @@ public class CRMFProcessor extends PKIProcessor {
try {
byte[] crmfBlob = CMS.AtoB(crmf);
- ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob);
+ ByteArrayInputStream crmfBlobIn =
+ new ByteArrayInputStream(crmfBlob);
- SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template(
- new CertReqMsg.Template()).decode(crmfBlobIn);
+ SEQUENCE crmfMsgs = (SEQUENCE)
+ new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
int nummsgs = crmfMsgs.size();
X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -337,33 +344,31 @@ public class CRMFProcessor extends PKIProcessor {
for (int i = 0; i < nummsgs; i++) {
// decode message.
CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
-
+
CertRequest certReq = certReqMsg.getCertReq();
INTEGER certReqId = certReq.getCertReqId();
int srcId = certReqId.intValue();
req.setExtData(IRequest.CRMF_REQID, String.valueOf(srcId));
- certInfoArray[i] = processIndividualRequest(certReqMsg,
- authToken, httpParams);
+ certInfoArray[i] = processIndividualRequest(certReqMsg, authToken, httpParams);
}
- // do_testbed_hack(nummsgs, certInfoArray, httpParams);
+ //do_testbed_hack(nummsgs, certInfoArray, httpParams);
return certInfoArray;
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (InvalidBERException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
}
+
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
index 6ecb87c82..d021f6537 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
@@ -17,16 +17,19 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
+
import com.netscape.certsrv.base.EBaseException;
import com.netscape.cms.servlet.common.CMSRequest;
+
/**
* This represents the request parser.
- *
+ *
* @version $Revision$, $Date$
*/
public interface IPKIProcessor {
- public void process(CMSRequest cmsReq) throws EBaseException;
+ public void process(CMSRequest cmsReq)
+ throws EBaseException;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
index c78e0b7b0..cc035033a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
+
import java.io.IOException;
import java.security.cert.CertificateException;
@@ -36,10 +37,11 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
+
/**
- * KeyGenProcess parses Certificate request matching the KEYGEN tag format used
- * by Netscape Communicator 4.x
- *
+ * KeyGenProcess parses Certificate request matching the
+ * KEYGEN tag format used by Netscape Communicator 4.x
+ *
* @version $Revision$, $Date$
*/
public class KeyGenProcessor extends PKIProcessor {
@@ -53,11 +55,14 @@ public class KeyGenProcessor extends PKIProcessor {
}
- public void process(CMSRequest cmsReq) throws EBaseException {
+ public void process(CMSRequest cmsReq)
+ throws EBaseException {
}
- public void fillCertInfo(String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
+ public void fillCertInfo(
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("KeyGenProcessor: fillCertInfo");
@@ -67,30 +72,28 @@ public class KeyGenProcessor extends PKIProcessor {
KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo(
PKIProcessor.SUBJECT_KEYGEN_INFO, null);
-
+
// fill key
X509Key key = null;
key = keyGenInfo.getSPKI();
if (key == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
+ CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
}
try {
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- "Could not set key into certInfo from keygen. Error " + e);
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+ "Could not set key into certInfo from keygen. Error " + e);
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1",
- e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
}
String authMgr = mServlet.getAuthMgr();
@@ -103,13 +106,12 @@ public class KeyGenProcessor extends PKIProcessor {
if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
// allow special case for agent gateway in admin enroll
// and bulk issuance.
- if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)
- && !authMgr
- .equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
+ if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) &&
+ !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
fillCertInfoFromForm(certInfo, httpParams);
} else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
index 19e343e65..53d38455f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
+
import java.io.IOException;
import java.security.cert.CertificateException;
@@ -45,10 +46,12 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
+
/**
- * PKCS10Processor process Certificate Requests in PKCS10 format, as defined
- * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
- *
+ * PKCS10Processor process Certificate Requests in
+ * PKCS10 format, as defined here:
+ * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
+ *
* @version $Revision$, $Date$
*/
public class PKCS10Processor extends PKIProcessor {
@@ -58,7 +61,7 @@ public class PKCS10Processor extends PKIProcessor {
private final String USE_INTERNAL_PKCS10 = "internal";
public PKCS10Processor() {
-
+
super();
}
@@ -67,20 +70,25 @@ public class PKCS10Processor extends PKIProcessor {
}
- public void process(CMSRequest cmsReq) throws EBaseException {
+ public void process(CMSRequest cmsReq)
+ throws EBaseException {
}
- public void fillCertInfo(PKCS10 pkcs10, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
+ public void fillCertInfo(
+ PKCS10 pkcs10, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
mPkcs10 = pkcs10;
-
- fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
+
+ fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
}
- public void fillCertInfo(String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
+ public void fillCertInfo(
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
PKCS10 p10 = null;
@@ -91,13 +99,12 @@ public class PKCS10Processor extends PKIProcessor {
} else if (protocolString.equals(USE_INTERNAL_PKCS10)) {
p10 = mPkcs10;
} else {
- CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!");
- throw new EBaseException("p10 is null");
+ CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" );
+ throw new EBaseException( "p10 is null" );
}
if (mServlet == null) {
- EBaseException ex = new ECMSGWException(
- "Servlet property of PKCS10Processor is null.");
+ EBaseException ex = new ECMSGWException("Servlet property of PKCS10Processor is null.");
throw ex;
@@ -107,24 +114,22 @@ public class PKCS10Processor extends PKIProcessor {
X509Key key = p10.getSubjectPublicKeyInfo();
if (key == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10"));
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10"));
}
CertificateX509Key certKey = new CertificateX509Key(key);
try {
certInfo.set(X509CertInfo.KEY, certKey);
} catch (CertificateException e) {
- EBaseException ex = new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ EBaseException ex = new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
log(ILogger.LL_FAILURE, ex.toString());
throw ex;
} catch (IOException e) {
- EBaseException ex = new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ EBaseException ex = new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
log(ILogger.LL_FAILURE, ex.toString());
throw ex;
@@ -134,34 +139,33 @@ public class PKCS10Processor extends PKIProcessor {
if (subject != null) {
try {
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- subject));
- log(ILogger.LL_INFO, "Setting subject name " + subject
- + " from p10.");
+ certInfo.set(X509CertInfo.SUBJECT,
+ new CertificateSubjectName(subject));
+ log(ILogger.LL_INFO,
+ "Setting subject name " + subject + " from p10.");
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in X500 name parsing,
// this will catch it.
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
}
- } else if (authToken == null
- || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ } else if (authToken == null ||
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
}
// fill extensions from pkcs 10 attributes if any.
@@ -172,49 +176,45 @@ public class PKCS10Processor extends PKIProcessor {
PKCS10Attributes p10Attrs = p10.getAttributes();
if (p10Attrs != null) {
- PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs
- .getAttribute(CertificateExtensions.NAME));
-
- if (p10Attr != null
- && p10Attr.getAttributeId().equals(
- PKCS9Attribute.EXTENSION_REQUEST_OID)) {
- Extensions exts0 = (Extensions) (p10Attr
- .getAttributeValue());
+ PKCS10Attribute p10Attr = (PKCS10Attribute)
+ (p10Attrs.getAttribute(CertificateExtensions.NAME));
+
+ if (p10Attr != null && p10Attr.getAttributeId().equals(
+ PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+ Extensions exts0 = (Extensions)
+ (p10Attr.getAttributeValue());
DerOutputStream extOut = new DerOutputStream();
exts0.encode(extOut);
byte[] extB = extOut.toByteArray();
DerInputStream extIn = new DerInputStream(extB);
- CertificateExtensions exts = new CertificateExtensions(
- extIn);
+ CertificateExtensions exts = new CertificateExtensions(extIn);
if (exts != null) {
certInfo.set(X509CertInfo.EXTENSIONS, exts);
}
}
}
- CMS.debug("PKCS10Processor: Seted cert extensions from pkcs10. ");
+ CMS.debug(
+ "PKCS10Processor: Seted cert extensions from pkcs10. ");
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
- e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
- e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in extensions parsing,
// this will catch it.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
- e.toString()));
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
}
// override pkcs10 attributes with authtoken attributes
@@ -222,9 +222,9 @@ public class PKCS10Processor extends PKIProcessor {
// adminEnroll is an exception
String authMgr = mServlet.getAuthMgr();
- if (authToken != null
- && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null
- && !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
+ if (authToken != null &&
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
+ !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
fillCertInfoFromAuthToken(certInfo, authToken);
}
@@ -233,11 +233,12 @@ public class PKCS10Processor extends PKIProcessor {
// from the http parameters.
if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) {
fillValidityFromForm(certInfo, httpParams);
- }
-
+ }
+
}
- private PKCS10 getPKCS10(IArgBlock httpParams) throws EBaseException {
+ private PKCS10 getPKCS10(IArgBlock httpParams)
+ throws EBaseException {
PKCS10 pkcs10 = null;
@@ -245,20 +246,17 @@ public class PKCS10Processor extends PKIProcessor {
// support Enterprise 3.5.1 server where CERT_TYPE=csrCertType
// instead of certType
- certType = httpParams
- .getValueAsString(PKIProcessor.OLD_CERT_TYPE, null);
+ certType = httpParams.getValueAsString(PKIProcessor.OLD_CERT_TYPE, null);
if (certType == null) {
- certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE,
- "client");
+ certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, "client");
} else {
// some policies may rely on the fact that
// CERT_TYPE is set. So for 3.5.1 or eariler
- // we need to set CERT_TYPE but not here.
+ // we need to set CERT_TYPE but not here.
}
if (certType.equals("client")) {
// coming from MSIE
- String p10b64 = httpParams.getValueAsString(
- PKIProcessor.PKCS10_REQUEST, null);
+ String p10b64 = httpParams.getValueAsString(PKIProcessor.PKCS10_REQUEST, null);
if (p10b64 != null) {
try {
@@ -268,20 +266,18 @@ public class PKCS10Processor extends PKIProcessor {
} catch (Exception e) {
// ok, if the above fails, it could
// be a PKCS10 with header
- pkcs10 = httpParams.getValueAsPKCS10(
- PKIProcessor.PKCS10_REQUEST, false, null);
+ pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
// e.printStackTrace();
}
}
- // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
+ //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
} else {
try {
// coming from server cut & paste blob.
- pkcs10 = httpParams.getValueAsPKCS10(
- PKIProcessor.PKCS10_REQUEST, false, null);
- } catch (Exception ex) {
+ pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
+ }catch (Exception ex) {
ex.printStackTrace();
}
}
@@ -290,4 +286,4 @@ public class PKCS10Processor extends PKIProcessor {
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
index b81b68310..625808d79 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
+
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Date;
@@ -41,9 +42,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
+
/**
* Process Certificate Requests
- *
+ *
* @version $Revision$, $Date$
*/
public class PKIProcessor implements IPKIProcessor {
@@ -55,7 +57,7 @@ public class PKIProcessor implements IPKIProcessor {
public static final String PKCS10_REQUEST = "pkcs10Request";
public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo";
- protected CMSRequest mRequest = null;
+ protected CMSRequest mRequest = null;
protected HttpServletRequest httpReq = null;
protected String mServletId = null;
@@ -81,27 +83,31 @@ public class PKIProcessor implements IPKIProcessor {
}
- public void process(CMSRequest cmsReq) throws EBaseException {
+ public void process(CMSRequest cmsReq)
+ throws EBaseException {
}
- protected void fillCertInfo(String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
+ protected void fillCertInfo(
+ String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams)
+ throws EBaseException {
}
- protected X509CertInfo[] fillCertInfoArray(String protocolString,
- IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ protected X509CertInfo[] fillCertInfoArray(
+ String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
return null;
}
/**
- * fill subject name, validity, extensions from authoken if any, overriding
- * what was in pkcs10. fill subject name, extensions from http input if not
- * authenticated. requests not authenticated will need to be approved by an
- * agent.
+ * fill subject name, validity, extensions from authoken if any,
+ * overriding what was in pkcs10.
+ * fill subject name, extensions from http input if not authenticated.
+ * requests not authenticated will need to be approved by an agent.
*/
- public static void fillCertInfoFromAuthToken(X509CertInfo certInfo,
- IAuthToken authToken) throws EBaseException {
+ public static void fillCertInfoFromAuthToken(
+ X509CertInfo certInfo, IAuthToken authToken)
+ throws EBaseException {
// override subject, validity and extensions from auth token
// CA determines algorithm, version and issuer.
// take key from keygen, cmc, pkcs10 or crmf.
@@ -109,62 +115,61 @@ public class PKIProcessor implements IPKIProcessor {
CMS.debug("PKIProcessor: fillCertInfoFromAuthToken");
// subject name.
try {
- String subjectname = authToken
- .getInString(AuthToken.TOKEN_CERT_SUBJECT);
+ String subjectname =
+ authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
if (subjectname != null) {
- CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName(
- new X500Name(subjectname));
+ CertificateSubjectName certSubject = (CertificateSubjectName)
+ new CertificateSubjectName(new X500Name(subjectname));
certInfo.set(X509CertInfo.SUBJECT, certSubject);
- log(ILogger.LL_INFO, "cert subject set to " + certSubject
- + " from authtoken");
+ log(ILogger.LL_INFO,
+ "cert subject set to " + certSubject + " from authtoken");
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
// validity
try {
CertificateValidity validity = null;
- Date notBefore = authToken
- .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
- Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+ Date notBefore =
+ authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+ Date notAfter =
+ authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
if (notBefore != null && notAfter != null) {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
- log(ILogger.LL_INFO, "cert validity set to " + validity
- + " from authtoken");
+ log(ILogger.LL_INFO,
+ "cert validity set to " + validity + " from authtoken");
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
}
// extensions
try {
- CertificateExtensions extensions = authToken
- .getInCertExts(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions =
+ authToken.getInCertExts(X509CertInfo.EXTENSIONS);
if (extensions != null) {
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -172,78 +177,73 @@ public class PKIProcessor implements IPKIProcessor {
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
}
}
/**
- * fill subject name, extension from form. this is done for unauthenticated
- * requests. unauthenticated requests must be approved by agents so these
- * will all be seen by and agent.
+ * fill subject name, extension from form.
+ * this is done for unauthenticated requests.
+ * unauthenticated requests must be approved by agents so these will
+ * all be seen by and agent.
*/
- public static void fillCertInfoFromForm(X509CertInfo certInfo,
- IArgBlock httpParams) throws EBaseException {
+ public static void fillCertInfoFromForm(
+ X509CertInfo certInfo, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("PKIProcessor: fillCertInfoFromForm");
// subject name.
try {
- String subject = httpParams.getValueAsString(
- PKIProcessor.SUBJECT_NAME, null);
+ String subject = httpParams.getValueAsString(PKIProcessor.SUBJECT_NAME, null);
if (subject == null) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
}
X500Name x500name = new X500Name(subject);
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- x500name));
+ certInfo.set(
+ X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
fillValidityFromForm(certInfo, httpParams);
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IllegalArgumentException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
+ CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
}
// requested extensions.
// let polcies form extensions from http input.
}
- public static void fillValidityFromForm(X509CertInfo certInfo,
- IArgBlock httpParams) throws EBaseException {
+ public static void fillValidityFromForm(
+ X509CertInfo certInfo, IArgBlock httpParams)
+ throws EBaseException {
CMS.debug("PKIProcessor: fillValidityFromForm!");
try {
- String notValidBeforeStr = httpParams.getValueAsString(
- "notValidBefore", null);
- String notValidAfterStr = httpParams.getValueAsString(
- "notValidAfter", null);
+ String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null);
+ String notValidAfterStr = httpParams.getValueAsString("notValidAfter", null);
if (notValidBeforeStr != null && notValidAfterStr != null) {
long notValidBefore = 0;
@@ -266,46 +266,44 @@ public class PKIProcessor implements IPKIProcessor {
if (notBefore != null && notAfter != null) {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
- log(ILogger.LL_INFO, "cert validity set to " + validity
- + " from authtoken");
+ log(ILogger.LL_INFO,
+ "cert validity set to " + validity + " from authtoken");
}
}
}
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
}
/**
* log according to authority category.
*/
- public static void log(int event, int level, String msg) {
+ public static void log(int event, int level, String msg) {
CMS.getLogger().log(event, ILogger.S_OTHER, level,
- "PKIProcessor " + ": " + msg);
+ "PKIProcessor " + ": " + msg);
}
public static void log(int level, String msg) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
- "PKIProcessor " + ": " + msg);
+ "PKIProcessor " + ": " + msg);
}
/**
* Signed Audit Log
- *
- * This method is inherited by all extended "CMSServlet"s, and is called to
- * store messages to the signed audit log.
+ *
+ * This method is inherited by all extended "CMSServlet"s,
+ * and is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -316,17 +314,21 @@ public class PKIProcessor implements IPKIProcessor {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
- ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is inherited by all extended "CMSServlet"s, and is called to
- * obtain the "SubjectID" for a signed audit log message.
+ *
+ * This method is inherited by all extended "CMSServlet"s,
+ * and is called to obtain the "SubjectID" for
+ * a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -341,7 +343,8 @@ public class PKIProcessor implements IPKIProcessor {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String) auditContext.get(SessionContext.USER_ID);
+ subjectID = (String)
+ auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
@@ -355,3 +358,4 @@ public class PKIProcessor implements IPKIProcessor {
return subjectID;
}
}
+
generated by cgit (git 2.34.1) at 2024-06-09 04:56:22 +0000