summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java418
1 files changed, 231 insertions, 187 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
index 127f2ce8b..3eca43901 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Check the status of a certificate request
- *
+ *
* @version $Revision$, $Date$
*/
public class CheckRequest extends CMSServlet {
@@ -116,15 +114,14 @@ public class CheckRequest extends CMSServlet {
/**
* Constructs request query servlet.
*/
- public CheckRequest()
- throws EBaseException {
+ public CheckRequest() throws EBaseException {
super();
}
/**
* initialize the servlet. This servlet uses the template file
* "requestStatus.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -140,12 +137,12 @@ public class CheckRequest extends CMSServlet {
* Process the HTTP request.
* <ul>
* <li>http.param requestId ID of the request to check
- * <li>http.param format if 'id', then check the request based on
- * the request ID parameter. If set to CMC, then use the
- * 'queryPending' parameter.
+ * <li>http.param format if 'id', then check the request based on the
+ * request ID parameter. If set to CMC, then use the 'queryPending'
+ * parameter.
* <li>http.param queryPending query formatted as a CMC request
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -162,14 +159,14 @@ public class CheckRequest extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -187,9 +184,10 @@ public class CheckRequest extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -207,27 +205,31 @@ public class CheckRequest extends CMSServlet {
// They may check the status using CMC queryPending
String queryPending = req.getParameter("queryPending");
- if (format != null && format.equals("cmc") && queryPending != null && !queryPending.equals("")) {
+ if (format != null && format.equals("cmc") && queryPending != null
+ && !queryPending.equals("")) {
try {
isCMCReq = true;
byte[] cmcBlob = CMS.AtoB(queryPending);
- ByteArrayInputStream cmcBlobIn =
- new ByteArrayInputStream(cmcBlob);
-
- org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo)
- org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
- SignedData cmcFullReq = (SignedData)
- cii.getInterpretedContent();
-
+ ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(
+ cmcBlob);
+
+ org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo
+ .getTemplate().decode(cmcBlobIn);
+ SignedData cmcFullReq = (SignedData) cii
+ .getInterpretedContent();
+
EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
OBJECT_IDENTIFIER id = ci.getContentType();
- if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) {
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
+ if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData)
+ || !ci.hasContent()) {
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
}
OCTET_STRING content = ci.getContent();
- ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
+ ByteArrayInputStream s = new ByteArrayInputStream(
+ content.toByteArray());
PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
SEQUENCE controlSequence = pkiData.getControlSequence();
@@ -235,7 +237,8 @@ public class CheckRequest extends CMSServlet {
for (int i = 0; i < numControls; i++) {
// decode message.
- TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i);
+ TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence
+ .elementAt(i);
OBJECT_IDENTIFIER type = taggedAttr.getType();
if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) {
@@ -245,19 +248,21 @@ public class CheckRequest extends CMSServlet {
// We only process one for now.
if (numReq > 0) {
- OCTET_STRING reqId = (OCTET_STRING)
- ASN1Util.decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(requestIds.elementAt(0)));
+ OCTET_STRING reqId = (OCTET_STRING) ASN1Util
+ .decode(OCTET_STRING.getTemplate(),
+ ASN1Util.encode(requestIds
+ .elementAt(0)));
requestId = new String(reqId.toByteArray());
}
- } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) {
+ } else if (type
+ .equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) {
transIds = taggedAttr.getValues();
- }else if
- (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
+ } else if (type
+ .equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
rNonces = taggedAttr.getValues();
- } else if
- (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+ } else if (type
+ .equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
sNonces = taggedAttr.getValues();
}
}
@@ -267,56 +272,63 @@ public class CheckRequest extends CMSServlet {
}
IArgBlock httpParams = cmsReq.getHttpParams();
- boolean importCert = httpParams.getValueAsBoolean("importCert",
- false);
+ boolean importCert = httpParams.getValueAsBoolean("importCert", false);
// xxx need to check why this is not available at startup
X509Certificate mCACerts[] = null;
try {
- mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
+ mCACerts = ((ICertAuthority) mAuthority).getCACertChain()
+ .getChain();
} catch (Exception e) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
+ CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
}
if (requestId == null || requestId.trim().equals("")) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
}
try {
Integer.parseInt(requestId);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId));
- throw new EBaseException(
- CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
- }
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ throw new EBaseException(CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ }
IRequest r = mQueue.findRequest(new RequestId(requestId));
if (r == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_ID_NOT_FOUND_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
}
if (authToken != null) {
- // if RA, requestOwner must match the group
- String group = authToken.getInString("group");
- if ((group != null) && (group != "")) {
- if (group.equals("Registration Manager Agents")) {
- boolean groupMatched = false;
- String requestOwner = r.getExtDataInString("requestOwner");
- if (requestOwner != null) {
- if (requestOwner.equals(group))
- groupMatched = true;
- }
- if (groupMatched == false) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString()));
- throw new EBaseException(
- CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
- }
+ // if RA, requestOwner must match the group
+ String group = authToken.getInString("group");
+ if ((group != null) && (group != "")) {
+ if (group.equals("Registration Manager Agents")) {
+ boolean groupMatched = false;
+ String requestOwner = r.getExtDataInString("requestOwner");
+ if (requestOwner != null) {
+ if (requestOwner.equals(group))
+ groupMatched = true;
+ }
+ if (groupMatched == false) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "BASE_INVALID_NUMBER_FORMAT_1",
+ requestId.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ }
+ }
}
- }
}
RequestStatus status = r.getRequestStatus();
@@ -327,35 +339,37 @@ public class CheckRequest extends CMSServlet {
header.addStringValue(STATUS, status.toString());
header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000);
header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000);
- if (note != null && note.length() > 0)
+ if (note != null && note.length() > 0)
header.addStringValue("requestNotes", note);
String type = r.getRequestType();
Integer result = r.getExtDataInInteger(IRequest.RESULT);
-/* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) {
- X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT);
- IArgBlock rarg = CMS.createArgBlock();
-
- rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
- argSet.addRepeatRecord(rarg);
- }
-*/
+ /*
+ * if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") !=
+ * null) && status.equals(RequestStatus.COMPLETE)) { X509CertImpl cert =
+ * (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); IArgBlock
+ * rarg = CMS.createArgBlock();
+ *
+ * rarg.addBigIntegerValue("serialNumber", cert.getSerialNumber(), 16);
+ * argSet.addRepeatRecord(rarg); }
+ */
String profileId = r.getExtDataInString("profileId");
if (profileId != null) {
- result = IRequest.RES_SUCCESS;
+ result = IRequest.RES_SUCCESS;
}
- if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) ||
- type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) &&
- status.equals(RequestStatus.COMPLETE) && (result != null) &&
- result.equals(IRequest.RES_SUCCESS)) {
+ if ((type != null)
+ && (type.equals(IRequest.ENROLLMENT_REQUEST) || type
+ .equals(IRequest.RENEWAL_REQUEST)) && (status != null)
+ && status.equals(RequestStatus.COMPLETE) && (result != null)
+ && result.equals(IRequest.RES_SUCCESS)) {
Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (profileId != null) {
- X509CertImpl impl[] = new X509CertImpl[1];
- impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- o = impl;
+ X509CertImpl impl[] = new X509CertImpl[1];
+ impl[0] = r
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+ o = impl;
}
if (o != null && (o instanceof X509CertImpl[])) {
X509CertImpl[] certs = (X509CertImpl[]) o;
@@ -366,25 +380,25 @@ public class CheckRequest extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- certs[i].getSerialNumber(), 16);
+ certs[i].getSerialNumber(), 16);
// add pkcs7 cert for importing
if (importCert || isCMCReq) {
- //byte[] ba = certs[i].getEncoded();
- X509CertImpl[] certsInChain = new X509CertImpl[1];;
+ // byte[] ba = certs[i].getEncoded();
+ X509CertImpl[] certsInChain = new X509CertImpl[1];
+ ;
if (mCACerts != null) {
for (int ii = 0; ii < mCACerts.length; ii++) {
if (certs[i].equals(mCACerts[ii])) {
- certsInChain = new
- X509CertImpl[mCACerts.length];
+ certsInChain = new X509CertImpl[mCACerts.length];
break;
}
certsInChain = new X509CertImpl[mCACerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = certs[i];
-
+
// Set the Ca certificate chain
if (mCACerts != null) {
for (int ii = 0; ii < mCACerts.length; ii++) {
@@ -396,8 +410,10 @@ public class CheckRequest extends CMSServlet {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new netscape.security.pkcs.ContentInfo(new byte[0]),
+ PKCS7 p7 = new PKCS7(
+ new AlgorithmId[0],
+ new netscape.security.pkcs.ContentInfo(
+ new byte[0]),
certsInChain,
new netscape.security.pkcs.SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
@@ -407,7 +423,7 @@ public class CheckRequest extends CMSServlet {
p7Str = CMS.BtoA(p7Bytes);
- StringTokenizer tokenizer = null;
+ StringTokenizer tokenizer = null;
if (File.separator.equals("\\")) {
char[] nl = new char[2];
@@ -416,18 +432,22 @@ public class CheckRequest extends CMSServlet {
nl[1] = 13;
String nlstr = new String(nl);
- tokenizer = new StringTokenizer(p7Str, nlstr);
+ tokenizer = new StringTokenizer(p7Str,
+ nlstr);
} else
- tokenizer = new StringTokenizer(p7Str, "\n");
+ tokenizer = new StringTokenizer(p7Str,
+ "\n");
StringBuffer res = new StringBuffer();
while (tokenizer.hasMoreTokens()) {
- String elem = (String) tokenizer.nextToken();
+ String elem = (String) tokenizer
+ .nextToken();
res.append(elem);
}
- header.addStringValue("pkcs7ChainBase64", res.toString());
+ header.addStringValue("pkcs7ChainBase64",
+ res.toString());
// compose full response
if (isCMCReq) {
@@ -437,152 +457,177 @@ public class CheckRequest extends CMSServlet {
if (bodyPartId != null)
bpids.addElement(bodyPartId);
- CMCStatusInfo cmcStatusInfo = new
- CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids);
- TaggedAttribute ta = new TaggedAttribute(new
- INTEGER(bpid++),
+ CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.SUCCESS, bpids);
+ TaggedAttribute ta = new TaggedAttribute(
+ new INTEGER(bpid++),
OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
cmcStatusInfo);
controlSeq.addElement(ta);
-
+
// copy transactionID, senderNonce,
// create recipientNonce
if (transIds != null) {
- ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_transactionId,
- transIds);
+ ta = new TaggedAttribute(
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_transactionId,
+ transIds);
controlSeq.addElement(ta);
}
-
+
if (sNonces != null) {
- ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_recipientNonce,
- sNonces);
+ ta = new TaggedAttribute(
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_recipientNonce,
+ sNonces);
controlSeq.addElement(ta);
}
-
+
String salt = CMSServlet.generateSalt();
byte[] dig;
try {
- MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
+ MessageDigest SHA1Digest = MessageDigest
+ .getInstance("SHA1");
- dig = SHA1Digest.digest(salt.getBytes());
+ dig = SHA1Digest.digest(salt
+ .getBytes());
} catch (NoSuchAlgorithmException ex) {
dig = salt.getBytes();
}
String b64E = CMS.BtoA(dig);
- String[] newNonce = {b64E};
+ String[] newNonce = { b64E };
- ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_senderNonce,
- new OCTET_STRING(newNonce[0].getBytes()));
+ ta = new TaggedAttribute(
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_senderNonce,
+ new OCTET_STRING(newNonce[0]
+ .getBytes()));
controlSeq.addElement(ta);
-
- ResponseBody rb = new ResponseBody(controlSeq, new
- SEQUENCE(), new
- SEQUENCE());
- EncapsulatedContentInfo ci = new
- EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
+
+ ResponseBody rb = new ResponseBody(
+ controlSeq, new SEQUENCE(),
+ new SEQUENCE());
+ EncapsulatedContentInfo ci = new EncapsulatedContentInfo(
+ OBJECT_IDENTIFIER.id_cct_PKIResponse,
rb);
-
+
org.mozilla.jss.crypto.X509Certificate x509cert = null;
if (mAuthority instanceof ICertificateAuthority) {
- x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert();
- }else if (mAuthority instanceof IRegistrationAuthority) {
- x509cert = ((IRegistrationAuthority) mAuthority).getRACert();
+ x509cert = ((ICertificateAuthority) mAuthority)
+ .getCaX509Cert();
+ } else if (mAuthority instanceof IRegistrationAuthority) {
+ x509cert = ((IRegistrationAuthority) mAuthority)
+ .getRACert();
}
if (x509cert == null)
- throw new
- ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found."));
-
- X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
- ByteArrayInputStream issuer1 = new
- ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
- Name issuer = (Name) Name.getTemplate().decode(issuer1);
- IssuerAndSerialNumber ias = new
- IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
- SignerIdentifier si = new
- SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
-
- // SHA1 is the default digest Alg for now.
+ throw new ECMSGWException(
+ CMS.getUserMessage(
+ "CMS_GW_CMC_ERROR",
+ "No signing cert found."));
+
+ X509CertImpl cert = new X509CertImpl(
+ x509cert.getEncoded());
+ ByteArrayInputStream issuer1 = new ByteArrayInputStream(
+ ((X500Name) cert.getIssuerDN())
+ .getEncoded());
+ Name issuer = (Name) Name.getTemplate()
+ .decode(issuer1);
+ IssuerAndSerialNumber ias = new IssuerAndSerialNumber(
+ issuer, new INTEGER(cert
+ .getSerialNumber()
+ .toString()));
+ SignerIdentifier si = new SignerIdentifier(
+ SignerIdentifier.ISSUER_AND_SERIALNUMBER,
+ ias, null);
+
+ // SHA1 is the default digest Alg for
+ // now.
DigestAlgorithm digestAlg = null;
SignatureAlgorithm signAlg = null;
- org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert);
- org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
-
- if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA))
+ org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager
+ .getInstance()
+ .findPrivKeyByCert(x509cert);
+ org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey
+ .getType();
+
+ if (keyType
+ .equals(org.mozilla.jss.crypto.PrivateKey.RSA))
signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
- else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA))
+ else if (keyType
+ .equals(org.mozilla.jss.crypto.PrivateKey.DSA))
signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
MessageDigest SHADigest = null;
byte[] digest = null;
try {
- SHADigest = MessageDigest.getInstance("SHA1");
+ SHADigest = MessageDigest
+ .getInstance("SHA1");
digestAlg = DigestAlgorithm.SHA1;
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
rb.encode((OutputStream) ostream);
- digest = SHADigest.digest(ostream.toByteArray());
+ digest = SHADigest.digest(ostream
+ .toByteArray());
} catch (NoSuchAlgorithmException ex) {
- //log("digest fail");
+ // log("digest fail");
}
-
- org.mozilla.jss.pkix.cms.SignerInfo signInfo = new
- org.mozilla.jss.pkix.cms.SignerInfo(si, null, null,
+
+ org.mozilla.jss.pkix.cms.SignerInfo signInfo = new org.mozilla.jss.pkix.cms.SignerInfo(
+ si,
+ null,
+ null,
OBJECT_IDENTIFIER.id_cct_PKIResponse,
- digest, signAlg,
- privKey);
+ digest, signAlg, privKey);
SET signInfos = new SET();
signInfos.addElement(signInfo);
-
+
SET digestAlgs = new SET();
if (digestAlg != null) {
- AlgorithmIdentifier ai = new
- AlgorithmIdentifier(digestAlg.toOID(),
- null);
+ AlgorithmIdentifier ai = new AlgorithmIdentifier(
+ digestAlg.toOID(), null);
digestAlgs.addElement(ai);
}
-
+
SET jsscerts = new SET();
for (int j = 0; j < certsInChain.length; j++) {
- ByteArrayInputStream is = new
- ByteArrayInputStream(certsInChain[j].getEncoded());
- org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate)
- org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is);
+ ByteArrayInputStream is = new ByteArrayInputStream(
+ certsInChain[j]
+ .getEncoded());
+ org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) org.mozilla.jss.pkix.cert.Certificate
+ .getTemplate().decode(is);
jsscerts.addElement(certJss);
}
-
- SignedData fResponse = new
- SignedData(digestAlgs, ci,
- jsscerts, null, signInfos);
- org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new
- org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse);
- ByteArrayOutputStream ostream = new
- ByteArrayOutputStream();
-
- fullResponse.encode((OutputStream) ostream);
+
+ SignedData fResponse = new SignedData(
+ digestAlgs, ci, jsscerts, null,
+ signInfos);
+ org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new org.mozilla.jss.pkix.cms.ContentInfo(
+ org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA,
+ fResponse);
+ ByteArrayOutputStream ostream = new ByteArrayOutputStream();
+
+ fullResponse
+ .encode((OutputStream) ostream);
byte[] fr = ostream.toByteArray();
- header.addStringValue(FULL_RESPONSE, CMS.BtoA(fr));
+ header.addStringValue(FULL_RESPONSE,
+ CMS.BtoA(fr));
}
} catch (Exception e) {
e.printStackTrace();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERROR_FORMING_PKCS7_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+ CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
}
}
argSet.addRepeatRecord(rarg);
@@ -598,22 +643,21 @@ public class CheckRequest extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
-
generated by cgit (git 2.34.1) at 2024-07-03 12:44:59 +0000