diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/request')
9 files changed, 1844 insertions, 1749 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java index 60a8d16d5..9cbae1ad4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.lang.reflect.Array; @@ -61,18 +60,15 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.RawJS; - /** * Output a 'pretty print' of a certificate request - * + * * @version $Revision$, $Date$ */ public class CertReqParser extends ReqParser { - - public static final CertReqParser - DETAIL_PARSER = new CertReqParser(true); - public static final CertReqParser - NODETAIL_PARSER = new CertReqParser(false); + + public static final CertReqParser DETAIL_PARSER = new CertReqParser(true); + public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false); private boolean mDetails = true; private IPrettyPrintFormat pp = null; @@ -86,7 +82,7 @@ public class CertReqParser extends ReqParser { /** * Constructs a certificate request parser. - * + * * @param details return detailed information (this can be time consuming) */ public CertReqParser(boolean details) { @@ -101,34 +97,34 @@ public class CertReqParser extends ReqParser { private static final String RB = "]"; private static final String EQ = " = "; - private static final String - HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB; - private static final String - HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB; - private static final String - AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB; - private static final String - SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB; + private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + + "httpParamsCount++" + RB; + private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + + LB + "httpHeadersCount++" + RB; + private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + + "authTokenCount++" + RB; + private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + + LB + "serverAttrsCount++" + RB; /** * Fills in certificate specific request attributes. */ - public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + public void fillRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) { - fillX509RequestIntoArg(l, req, argSet, arg); + fillX509RequestIntoArg(l, req, argSet, arg); } else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) { - fillRevokeRequestIntoArg(l, req, argSet, arg); + fillRevokeRequestIntoArg(l, req, argSet, arg); } else { - //o = req.get(IRequest.OLD_CERTS); - //if (o != null) - fillRevokeRequestIntoArg(l, req, argSet, arg); + // o = req.get(IRequest.OLD_CERTS); + // if (o != null) + fillRevokeRequestIntoArg(l, req, argSet, arg); } } - - private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { - + + private void fillX509RequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { + // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -138,7 +134,7 @@ public class CertReqParser extends ReqParser { Enumeration enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; @@ -150,32 +146,41 @@ public class CertReqParser extends ReqParser { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable http_params = req.getExtDataInHashtable(name); - // show certType specially - String certType = (String) http_params.get(IRequest.CERT_TYPE); + // show certType specially + String certType = (String) http_params + .get(IRequest.CERT_TYPE); if (certType != null) { arg.addStringValue(IRequest.CERT_TYPE, certType); } - String presenceServerExt = (String) http_params.get("PresenceServerExtension"); + String presenceServerExt = (String) http_params + .get("PresenceServerExtension"); if (presenceServerExt != null) { - arg.addStringValue("PresenceServerExtension", presenceServerExt); + arg.addStringValue("PresenceServerExtension", + presenceServerExt); } // show all http parameters in request int counter = 0; Enumeration elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = IRequest.HTTP_PARAMS + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n\r" + + prefix + + parami + + ".value=\"" + + CMSTemplate + .escapeJavaScriptStringHTML(http_params + .get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -186,16 +191,22 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = IRequest.HTTP_HEADERS + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n\r" + + prefix + + parami + + ".value=\"" + + CMSTemplate + .escapeJavaScriptStringHTML(http_hdrs + .get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -206,8 +217,8 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = IRequest.AUTH_TOKEN + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); Object authTokenValue = auth_token.getInStringArray(n); @@ -215,14 +226,16 @@ public class CertReqParser extends ReqParser { authTokenValue = auth_token.getInString(n); } String v = expandValue(prefix + parami + ".value", - authTokenValue); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + authTokenValue); + String rawJS = "new Object;\n\r" + prefix + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal modules. + } // all others are request attrs from policy or internal + // modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -235,41 +248,47 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; - - if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || - req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { - X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + String parami = IRequest.SERVER_ATTRS + LB + + String.valueOf(saCounter++) + RB; + + if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) + && mDetails + && (req.getRequestStatus().toString() + .equals(RequestStatus.COMPLETE_STRING) || req + .getRequestType().equals( + IRequest.GETREVOCATIONINFO_REQUEST))) { + X509CertImpl issuedCert[] = req + .getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCert != null && issuedCert[0] != null) { - val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>"; + val = "<pre>" + + CMS.getCertPrettyPrint(issuedCert[0]) + .toString(l) + "</pre>"; } - } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) { - X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) + && mDetails) { + X509CertInfo[] certInfo = req + .getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - val = "<pre>"+certInfo[0].toString()+"</pre>"; + val = "<pre>" + certInfo[0].toString() + "</pre>"; } } valstr = expandValue(prefix + parami + ".value", val); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + String rawJS = "new Object;\n\r" + prefix + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + + "\";\n" + valstr; // java string already escaped + // in expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -295,22 +314,24 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.ERROR)) { - arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name)); + arg.addStringValue(IRequest.ERRORS, + req.getExtDataInString(name)); } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request - X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + // Get the certificate info from the request + X509CertInfo[] certInfo = req + .getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - // Get the subject name if any set. + // Get the subject name if any set. CertificateSubjectName subjectName = null; String signatureAlgorithm = null; String signatureAlgorithmName = null; try { - subjectName = (CertificateSubjectName) certInfo[0].get(X509CertInfo.SUBJECT); + subjectName = (CertificateSubjectName) certInfo[0] + .get(X509CertInfo.SUBJECT); } catch (IOException e) { // XXX raise exception } catch (CertificateException e) { @@ -331,10 +352,10 @@ public class CertReqParser extends ReqParser { if (mDetails) { try { - CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) - certInfo[0].get(X509CertInfo.ALGORITHM_ID); - AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) certInfo[0] + .get(X509CertInfo.ALGORITHM_ID); + AlgorithmId algId = (AlgorithmId) certAlgId + .get(CertificateAlgorithmId.ALGORITHM); signatureAlgorithm = (algId.getOID()).toString(); signatureAlgorithmName = algId.getName(); @@ -342,16 +363,19 @@ public class CertReqParser extends ReqParser { // XXX raise exception } if (signatureAlgorithm != null) { - arg.addStringValue("signatureAlgorithm", signatureAlgorithm); + arg.addStringValue("signatureAlgorithm", + signatureAlgorithm); } if (signatureAlgorithmName != null) { - arg.addStringValue("signatureAlgorithmName", signatureAlgorithmName); + arg.addStringValue("signatureAlgorithmName", + signatureAlgorithmName); } CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) certInfo[0].get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo[0] + .get(X509CertInfo.EXTENSIONS); } catch (Exception e) { } if (extensions != null) { @@ -362,56 +386,88 @@ public class CertReqParser extends ReqParser { // only know about ns cert type if (ext instanceof NSCertTypeExtension) { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) ext; + NSCertTypeExtension nsExtensions = (NSCertTypeExtension) ext; try { - arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER, - nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT, - nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL, - nsExtensions.get(NSCertTypeExtension.EMAIL).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA, - nsExtensions.get(NSCertTypeExtension.SSL_CA).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA, - nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString()); + arg.addStringValue( + "ext_" + + NSCertTypeExtension.SSL_SERVER, + nsExtensions + .get(NSCertTypeExtension.SSL_SERVER) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.SSL_CLIENT, + nsExtensions + .get(NSCertTypeExtension.SSL_CLIENT) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.EMAIL, + nsExtensions + .get(NSCertTypeExtension.EMAIL) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.OBJECT_SIGNING, + nsExtensions + .get(NSCertTypeExtension.OBJECT_SIGNING) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.SSL_CA, + nsExtensions + .get(NSCertTypeExtension.SSL_CA) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.EMAIL_CA, + nsExtensions + .get(NSCertTypeExtension.EMAIL_CA) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.OBJECT_SIGNING_CA, + nsExtensions + .get(NSCertTypeExtension.OBJECT_SIGNING_CA) + .toString()); } catch (Exception e) { } } else if (ext instanceof BasicConstraintsExtension) { - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) ext; + BasicConstraintsExtension bcExt = (BasicConstraintsExtension) ext; Integer pathLength = null; Boolean isCA = null; try { - pathLength = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN); - isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA); + pathLength = (Integer) bcExt + .get(BasicConstraintsExtension.PATH_LEN); + isCA = (Boolean) bcExt + .get(BasicConstraintsExtension.IS_CA); } catch (IOException e) { } if (pathLength != null) - arg.addIntegerValue("pathLenBasicConstraints", pathLength.intValue()); + arg.addIntegerValue( + "pathLenBasicConstraints", + pathLength.intValue()); if (isCA != null) - arg.addBooleanValue("isCABasicConstraints", isCA.booleanValue()); + arg.addBooleanValue( + "isCABasicConstraints", + isCA.booleanValue()); } // pretty print all others. else { if (argSet != null) { IArgBlock rr = CMS.createArgBlock(); - rr.addStringValue( - EXT_PRETTYPRINT, - CMS.getExtPrettyPrint(ext, 0).toString()); + rr.addStringValue(EXT_PRETTYPRINT, CMS + .getExtPrettyPrint(ext, 0) + .toString()); argSet.addRepeatRecord(rr); } } @@ -419,11 +475,12 @@ public class CertReqParser extends ReqParser { } - // Get the public key + // Get the public key CertificateX509Key certKey = null; try { - certKey = (CertificateX509Key) certInfo[0].get(X509CertInfo.KEY); + certKey = (CertificateX509Key) certInfo[0] + .get(X509CertInfo.KEY); } catch (IOException e) { // XXX raise exception } catch (CertificateException e) { @@ -440,22 +497,29 @@ public class CertReqParser extends ReqParser { if (key != null) { arg.addStringValue("subjectPublicKeyInfo", - key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString()); + key.getAlgorithm() + + " - " + + key.getAlgorithmId().getOID() + .toString()); arg.addStringValue("subjectPublicKey", - pp.toHexString(key.getKey(), 0, 16)); + pp.toHexString(key.getKey(), 0, 16)); } - // Get the validity period + // Get the validity period CertificateValidity validity = null; try { - validity = - (CertificateValidity) - certInfo[0].get(X509CertInfo.VALIDITY); + validity = (CertificateValidity) certInfo[0] + .get(X509CertInfo.VALIDITY); if (validity != null) { - long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; - - arg.addLongValue("validityLength", validityLength); + long validityLength = (((Date) validity + .get(CertificateValidity.NOT_AFTER)) + .getTime() - ((Date) validity + .get(CertificateValidity.NOT_BEFORE)) + .getTime()) / 1000; + + arg.addLongValue("validityLength", + validityLength); } } catch (IOException e) { // XXX raise exception @@ -467,7 +531,8 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) { - BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); + BigInteger oldSerialNo[] = req + .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); if (oldSerialNo != null) { if (argSet != null) { @@ -475,37 +540,44 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } } } - if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || - req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { - X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); - - arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16); + if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) + && mDetails + && (req.getRequestStatus().toString() + .equals(RequestStatus.COMPLETE_STRING) || req + .getRequestType().equals( + IRequest.GETREVOCATIONINFO_REQUEST))) { + X509CertImpl issuedCert[] = req + .getExtDataInCertArray(IRequest.ISSUED_CERTS); + + arg.addBigIntegerValue("serialNumber", + issuedCert[0].getSerialNumber(), 16); // Set Serial No for 2nd certificate if (issuedCert.length == 2) - arg.addBigIntegerValue("serialNumber2", issuedCert[1].getSerialNumber(), 16); + arg.addBigIntegerValue("serialNumber2", + issuedCert[1].getSerialNumber(), 16); } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { - X509CertImpl oldCert[] = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + X509CertImpl oldCert[] = req + .getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCert != null && oldCert.length > 0) { - arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16); - arg.addStringValue("subject", oldCert[0].getSubjectDN().toString()); + arg.addBigIntegerValue("serialNumber", + oldCert[0].getSerialNumber(), 16); + arg.addStringValue("subject", oldCert[0].getSubjectDN() + .toString()); if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) { for (int i = 0; i < oldCert.length; i++) { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldCert[i].getSerialNumber(), 16); + oldCert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -513,12 +585,13 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.CACERTCHAIN) && mDetails) { - byte[] certChainData = req.getExtDataInByteArray( - IRequest.CACERTCHAIN); + byte[] certChainData = req + .getExtDataInByteArray(IRequest.CACERTCHAIN); if (certChainData != null) { CertificateChain certChain = new CertificateChain(); try { - certChain.decode(new ByteArrayInputStream(certChainData)); + certChain + .decode(new ByteArrayInputStream(certChainData)); X509Certificate cert[] = certChain.getChain(); @@ -526,7 +599,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert[i].getSerialNumber(), 16); + cert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } catch (IOException e) { @@ -535,22 +608,24 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) { - Hashtable fingerprints = - req.getExtDataInHashtable(IRequest.FINGERPRINTS); + Hashtable fingerprints = req + .getExtDataInHashtable(IRequest.FINGERPRINTS); if (fingerprints != null) { String namesAndHashes = null; Enumeration enumFingerprints = fingerprints.keys(); - while (enumFingerprints.hasMoreElements()) { - String hashname = (String) enumFingerprints.nextElement(); + while (enumFingerprints.hasMoreElements()) { + String hashname = (String) enumFingerprints + .nextElement(); String hashvalue = (String) fingerprints.get(hashname); byte[] fingerprint = CMS.AtoB(hashvalue); String ppFingerprint = pp.toHexString(fingerprint, 0); if (hashname != null && ppFingerprint != null) { if (namesAndHashes != null) { - namesAndHashes += "+" + hashname + "+" + ppFingerprint; + namesAndHashes += "+" + hashname + "+" + + ppFingerprint; } else { namesAndHashes = hashname + "+" + ppFingerprint; } @@ -577,7 +652,8 @@ public class CertReqParser extends ReqParser { int j = 0; StringBuffer sb = new StringBuffer(); - for (Enumeration n = ((Vector) v).elements(); n.hasMoreElements(); j++) { + for (Enumeration n = ((Vector) v).elements(); n + .hasMoreElements(); j++) { sb.append(";\n"); sb.append(valuename); sb.append(LB); @@ -585,10 +661,9 @@ public class CertReqParser extends ReqParser { sb.append(RB); sb.append(EQ); sb.append("\""); - sb.append( - CMSTemplate.escapeJavaScriptStringHTML( - n.nextElement().toString())); - sb.append( "\";\n"); + sb.append(CMSTemplate.escapeJavaScriptStringHTML(n + .nextElement().toString())); + sb.append("\";\n"); } sb.append("\n"); valstr = sb.toString(); @@ -598,7 +673,7 @@ public class CertReqParser extends ReqParser { // if an array. int len = -1; - try { + try { len = Array.getLength(v); } catch (IllegalArgumentException e) { } @@ -608,9 +683,15 @@ public class CertReqParser extends ReqParser { for (i = 0; i < len; i++) { if (Array.get(v, i) != null) - valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" + - CMSTemplate.escapeJavaScriptStringHTML( - Array.get(v, i).toString()) + "\";\n"; + valstr += ";\n" + + valuename + + LB + + i + + RB + + EQ + + "\"" + + CMSTemplate.escapeJavaScriptStringHTML(Array + .get(v, i).toString()) + "\";\n"; } return valstr; } @@ -618,17 +699,17 @@ public class CertReqParser extends ReqParser { } // if string or unrecognized type, just call its toString method. - return valuename + "=\"" + - CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; + return valuename + "=\"" + + CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; } public String getRequestorDN(IRequest request) { try { - X509CertInfo info = (X509CertInfo) - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = (X509CertInfo) request + .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); // retrieve the subject name - CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = (CertificateSubjectName) info + .get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -643,15 +724,16 @@ public class CertReqParser extends ReqParser { String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID); if (cid == null) { - cid = ""; + cid = ""; } - String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID); + String uid = request + .getExtDataInString(IRequest.NETKEY_ATTR_USERID); if (uid == null) { - uid = ""; + uid = ""; } - kid = cid+":"+uid; + kid = cid + ":" + uid; if (kid.equals(":")) { - kid = ""; + kid = ""; } return kid; @@ -661,15 +743,15 @@ public class CertReqParser extends ReqParser { return null; } - private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + private void fillRevokeRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); arg.addStringValue("certExtsEnabled", "yes"); String profile = req.getExtDataInString("profile"); - //CMS.debug("CertReqParser: profile=" + profile); + // CMS.debug("CertReqParser: profile=" + profile); if (profile != null) { arg.addStringValue("profile", profile); String requestorDN = getRequestorDN(req); @@ -690,7 +772,7 @@ public class CertReqParser extends ReqParser { Enumeration enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; @@ -702,8 +784,9 @@ public class CertReqParser extends ReqParser { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable http_params = req.getExtDataInHashtable(name); - // show certType specially - String certType = (String) http_params.get(IRequest.CERT_TYPE); + // show certType specially + String certType = (String) http_params + .get(IRequest.CERT_TYPE); if (certType != null) { arg.addStringValue(IRequest.CERT_TYPE, certType); @@ -713,16 +796,22 @@ public class CertReqParser extends ReqParser { Enumeration elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = IRequest.HTTP_PARAMS + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n\r" + + prefix + + parami + + ".value=\"" + + CMSTemplate + .escapeJavaScriptStringHTML(http_params + .get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -733,16 +822,22 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = IRequest.HTTP_HEADERS + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n\r" + + prefix + + parami + + ".value=\"" + + CMSTemplate + .escapeJavaScriptStringHTML(http_hdrs + .get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -753,20 +848,21 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = IRequest.AUTH_TOKEN + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String v = - expandValue(prefix + parami + ".value", + String v = expandValue(prefix + parami + ".value", auth_token.getInString(n)); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + String rawJS = "new Object;\n\r" + prefix + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal modules. + } // all others are request attrs from policy or internal + // modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -779,25 +875,25 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; + String parami = IRequest.SERVER_ATTRS + LB + + String.valueOf(saCounter++) + RB; valstr = expandValue(prefix + parami + ".value", val); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + String rawJS = "new Object;\n\r" + prefix + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + + "\";\n" + valstr; // java string already escaped + // in expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -823,12 +919,14 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.ERROR)) { - arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name)); + arg.addStringValue(IRequest.ERRORS, + req.getExtDataInString(name)); } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request - RevokedCertImpl revokedCert[] = req.getExtDataInRevokedCertArray(IRequest.CERT_INFO); + // Get the certificate info from the request + RevokedCertImpl revokedCert[] = req + .getExtDataInRevokedCertArray(IRequest.CERT_INFO); if (mDetails && revokedCert != null) { if (argSet != null) { @@ -836,35 +934,39 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - revokedCert[i].getSerialNumber(), 16); + revokedCert[i].getSerialNumber(), 16); - CRLExtensions crlExtensions = revokedCert[i].getExtensions(); + CRLExtensions crlExtensions = revokedCert[i] + .getExtensions(); if (crlExtensions != null) { for (int k = 0; k < crlExtensions.size(); k++) { - Extension ext = (Extension) crlExtensions.elementAt(k); + Extension ext = (Extension) crlExtensions + .elementAt(k); if (ext instanceof CRLReasonExtension) { rarg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext) + .getReason().toString()); } } } else { rarg.addStringValue("reason", - RevocationReason.UNSPECIFIED.toString()); + RevocationReason.UNSPECIFIED.toString()); } argSet.addRepeatRecord(rarg); } } else { arg.addBigIntegerValue("serialNumber", - revokedCert[0].getSerialNumber(), 16); + revokedCert[0].getSerialNumber(), 16); } } } if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) { - BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); + BigInteger oldSerialNo[] = req + .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); if (oldSerialNo != null) { if (argSet != null) { @@ -872,7 +974,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } @@ -880,24 +982,27 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { - //X509CertImpl oldCert[] = - // (X509CertImpl[])req.get(IRequest.OLD_CERTS); - Certificate oldCert[] = - (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS); - + // X509CertImpl oldCert[] = + // (X509CertImpl[])req.get(IRequest.OLD_CERTS); + Certificate oldCert[] = (Certificate[]) req + .getExtDataInCertArray(IRequest.OLD_CERTS); + if (oldCert != null && oldCert.length > 0) { if (oldCert[0] instanceof X509CertImpl) { X509CertImpl xcert = (X509CertImpl) oldCert[0]; - arg.addBigIntegerValue("serialNumber", xcert.getSerialNumber(), 16); - arg.addStringValue("subject", xcert.getSubjectDN().toString()); - if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) { + arg.addBigIntegerValue("serialNumber", + xcert.getSerialNumber(), 16); + arg.addStringValue("subject", xcert.getSubjectDN() + .toString()); + if (req.getRequestType().equals( + IRequest.GETCERTS_REQUEST)) { for (int i = 0; i < oldCert.length; i++) { IArgBlock rarg = CMS.createArgBlock(); xcert = (X509CertImpl) oldCert[i]; rarg.addBigIntegerValue("serialNumber", - xcert.getSerialNumber(), 16); + xcert.getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -905,21 +1010,23 @@ public class CertReqParser extends ReqParser { } } - if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails && - req.getRequestType().equals("getRevocationInfo")) { - RevokedCertImpl revokedCert[] = - req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails + && req.getRequestType().equals("getRevocationInfo")) { + RevokedCertImpl revokedCert[] = req + .getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); if (revokedCert != null && revokedCert[0] != null) { boolean reasonFound = false; - CRLExtensions crlExtensions = revokedCert[0].getExtensions(); + CRLExtensions crlExtensions = revokedCert[0] + .getExtensions(); for (int k = 0; k < crlExtensions.size(); k++) { Extension ext = (Extension) crlExtensions.elementAt(k); if (ext instanceof CRLReasonExtension) { arg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext).getReason() + .toString()); reasonFound = true; } } @@ -930,5 +1037,5 @@ public class CertReqParser extends ReqParser { } } } - + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java index 127f2ce8b..3eca43901 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Check the status of a certificate request - * + * * @version $Revision$, $Date$ */ public class CheckRequest extends CMSServlet { @@ -116,15 +114,14 @@ public class CheckRequest extends CMSServlet { /** * Constructs request query servlet. */ - public CheckRequest() - throws EBaseException { + public CheckRequest() throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "requestStatus.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -140,12 +137,12 @@ public class CheckRequest extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param requestId ID of the request to check - * <li>http.param format if 'id', then check the request based on - * the request ID parameter. If set to CMC, then use the - * 'queryPending' parameter. + * <li>http.param format if 'id', then check the request based on the + * request ID parameter. If set to CMC, then use the 'queryPending' + * parameter. * <li>http.param queryPending query formatted as a CMC request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -162,14 +159,14 @@ public class CheckRequest extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -187,9 +184,10 @@ public class CheckRequest extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -207,27 +205,31 @@ public class CheckRequest extends CMSServlet { // They may check the status using CMC queryPending String queryPending = req.getParameter("queryPending"); - if (format != null && format.equals("cmc") && queryPending != null && !queryPending.equals("")) { + if (format != null && format.equals("cmc") && queryPending != null + && !queryPending.equals("")) { try { isCMCReq = true; byte[] cmcBlob = CMS.AtoB(queryPending); - ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); - - org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - SignedData cmcFullReq = (SignedData) - cii.getInterpretedContent(); - + ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream( + cmcBlob); + + org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo + .getTemplate().decode(cmcBlobIn); + SignedData cmcFullReq = (SignedData) cii + .getInterpretedContent(); + EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); - if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) + || !ci.hasContent()) { + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); + ByteArrayInputStream s = new ByteArrayInputStream( + content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); SEQUENCE controlSequence = pkiData.getControlSequence(); @@ -235,7 +237,8 @@ public class CheckRequest extends CMSServlet { for (int i = 0; i < numControls; i++) { // decode message. - TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); + TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence + .elementAt(i); OBJECT_IDENTIFIER type = taggedAttr.getType(); if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) { @@ -245,19 +248,21 @@ public class CheckRequest extends CMSServlet { // We only process one for now. if (numReq > 0) { - OCTET_STRING reqId = (OCTET_STRING) - ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(requestIds.elementAt(0))); + OCTET_STRING reqId = (OCTET_STRING) ASN1Util + .decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(requestIds + .elementAt(0))); requestId = new String(reqId.toByteArray()); } - } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { + } else if (type + .equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { transIds = taggedAttr.getValues(); - }else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { + } else if (type + .equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { rNonces = taggedAttr.getValues(); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type + .equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { sNonces = taggedAttr.getValues(); } } @@ -267,56 +272,63 @@ public class CheckRequest extends CMSServlet { } IArgBlock httpParams = cmsReq.getHttpParams(); - boolean importCert = httpParams.getValueAsBoolean("importCert", - false); + boolean importCert = httpParams.getValueAsBoolean("importCert", false); // xxx need to check why this is not available at startup X509Certificate mCACerts[] = null; try { - mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); + mCACerts = ((ICertAuthority) mAuthority).getCACertChain() + .getChain(); } catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); } if (requestId == null || requestId.trim().equals("")) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); } try { Integer.parseInt(requestId); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId)); - throw new EBaseException( - CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "BASE_INVALID_NUMBER_FORMAT_1", requestId)); + throw new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + } IRequest r = mQueue.findRequest(new RequestId(requestId)); if (r == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_REQUEST_ID_NOT_FOUND_1", requestId)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - // if RA, requestOwner must match the group - String group = authToken.getInString("group"); - if ((group != null) && (group != "")) { - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String requestOwner = r.getExtDataInString("requestOwner"); - if (requestOwner != null) { - if (requestOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString())); - throw new EBaseException( - CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + // if RA, requestOwner must match the group + String group = authToken.getInString("group"); + if ((group != null) && (group != "")) { + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String requestOwner = r.getExtDataInString("requestOwner"); + if (requestOwner != null) { + if (requestOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "BASE_INVALID_NUMBER_FORMAT_1", + requestId.toString())); + throw new EBaseException(CMS.getUserMessage( + getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + } + } } - } } RequestStatus status = r.getRequestStatus(); @@ -327,35 +339,37 @@ public class CheckRequest extends CMSServlet { header.addStringValue(STATUS, status.toString()); header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000); header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000); - if (note != null && note.length() > 0) + if (note != null && note.length() > 0) header.addStringValue("requestNotes", note); String type = r.getRequestType(); Integer result = r.getExtDataInInteger(IRequest.RESULT); -/* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { - X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); - IArgBlock rarg = CMS.createArgBlock(); - - rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); - argSet.addRepeatRecord(rarg); - } -*/ + /* + * if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != + * null) && status.equals(RequestStatus.COMPLETE)) { X509CertImpl cert = + * (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); IArgBlock + * rarg = CMS.createArgBlock(); + * + * rarg.addBigIntegerValue("serialNumber", cert.getSerialNumber(), 16); + * argSet.addRepeatRecord(rarg); } + */ String profileId = r.getExtDataInString("profileId"); if (profileId != null) { - result = IRequest.RES_SUCCESS; + result = IRequest.RES_SUCCESS; } - if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) || - type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && - status.equals(RequestStatus.COMPLETE) && (result != null) && - result.equals(IRequest.RES_SUCCESS)) { + if ((type != null) + && (type.equals(IRequest.ENROLLMENT_REQUEST) || type + .equals(IRequest.RENEWAL_REQUEST)) && (status != null) + && status.equals(RequestStatus.COMPLETE) && (result != null) + && result.equals(IRequest.RES_SUCCESS)) { Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (profileId != null) { - X509CertImpl impl[] = new X509CertImpl[1]; - impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - o = impl; + X509CertImpl impl[] = new X509CertImpl[1]; + impl[0] = r + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + o = impl; } if (o != null && (o instanceof X509CertImpl[])) { X509CertImpl[] certs = (X509CertImpl[]) o; @@ -366,25 +380,25 @@ public class CheckRequest extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); // add pkcs7 cert for importing if (importCert || isCMCReq) { - //byte[] ba = certs[i].getEncoded(); - X509CertImpl[] certsInChain = new X509CertImpl[1];; + // byte[] ba = certs[i].getEncoded(); + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { if (certs[i].equals(mCACerts[ii])) { - certsInChain = new - X509CertImpl[mCACerts.length]; + certsInChain = new X509CertImpl[mCACerts.length]; break; } certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = certs[i]; - + // Set the Ca certificate chain if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { @@ -396,8 +410,10 @@ public class CheckRequest extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new netscape.security.pkcs.ContentInfo(new byte[0]), + PKCS7 p7 = new PKCS7( + new AlgorithmId[0], + new netscape.security.pkcs.ContentInfo( + new byte[0]), certsInChain, new netscape.security.pkcs.SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); @@ -407,7 +423,7 @@ public class CheckRequest extends CMSServlet { p7Str = CMS.BtoA(p7Bytes); - StringTokenizer tokenizer = null; + StringTokenizer tokenizer = null; if (File.separator.equals("\\")) { char[] nl = new char[2]; @@ -416,18 +432,22 @@ public class CheckRequest extends CMSServlet { nl[1] = 13; String nlstr = new String(nl); - tokenizer = new StringTokenizer(p7Str, nlstr); + tokenizer = new StringTokenizer(p7Str, + nlstr); } else - tokenizer = new StringTokenizer(p7Str, "\n"); + tokenizer = new StringTokenizer(p7Str, + "\n"); StringBuffer res = new StringBuffer(); while (tokenizer.hasMoreTokens()) { - String elem = (String) tokenizer.nextToken(); + String elem = (String) tokenizer + .nextToken(); res.append(elem); } - header.addStringValue("pkcs7ChainBase64", res.toString()); + header.addStringValue("pkcs7ChainBase64", + res.toString()); // compose full response if (isCMCReq) { @@ -437,152 +457,177 @@ public class CheckRequest extends CMSServlet { if (bodyPartId != null) bpids.addElement(bodyPartId); - CMCStatusInfo cmcStatusInfo = new - CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids); - TaggedAttribute ta = new TaggedAttribute(new - INTEGER(bpid++), + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.SUCCESS, bpids); + TaggedAttribute ta = new TaggedAttribute( + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(ta); - + // copy transactionID, senderNonce, // create recipientNonce if (transIds != null) { - ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_transactionId, - transIds); + ta = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_transactionId, + transIds); controlSeq.addElement(ta); } - + if (sNonces != null) { - ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_recipientNonce, - sNonces); + ta = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_recipientNonce, + sNonces); controlSeq.addElement(ta); } - + String salt = CMSServlet.generateSalt(); byte[] dig; try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + MessageDigest SHA1Digest = MessageDigest + .getInstance("SHA1"); - dig = SHA1Digest.digest(salt.getBytes()); + dig = SHA1Digest.digest(salt + .getBytes()); } catch (NoSuchAlgorithmException ex) { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = {b64E}; + String[] newNonce = { b64E }; - ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_senderNonce, - new OCTET_STRING(newNonce[0].getBytes())); + ta = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(newNonce[0] + .getBytes())); controlSeq.addElement(ta); - - ResponseBody rb = new ResponseBody(controlSeq, new - SEQUENCE(), new - SEQUENCE()); - EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, + + ResponseBody rb = new ResponseBody( + controlSeq, new SEQUENCE(), + new SEQUENCE()); + EncapsulatedContentInfo ci = new EncapsulatedContentInfo( + OBJECT_IDENTIFIER.id_cct_PKIResponse, rb); - + org.mozilla.jss.crypto.X509Certificate x509cert = null; if (mAuthority instanceof ICertificateAuthority) { - x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert(); - }else if (mAuthority instanceof IRegistrationAuthority) { - x509cert = ((IRegistrationAuthority) mAuthority).getRACert(); + x509cert = ((ICertificateAuthority) mAuthority) + .getCaX509Cert(); + } else if (mAuthority instanceof IRegistrationAuthority) { + x509cert = ((IRegistrationAuthority) mAuthority) + .getRACert(); } if (x509cert == null) - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); - - X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); - ByteArrayInputStream issuer1 = new - ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); - Name issuer = (Name) Name.getTemplate().decode(issuer1); - IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); - SignerIdentifier si = new - SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); - - // SHA1 is the default digest Alg for now. + throw new ECMSGWException( + CMS.getUserMessage( + "CMS_GW_CMC_ERROR", + "No signing cert found.")); + + X509CertImpl cert = new X509CertImpl( + x509cert.getEncoded()); + ByteArrayInputStream issuer1 = new ByteArrayInputStream( + ((X500Name) cert.getIssuerDN()) + .getEncoded()); + Name issuer = (Name) Name.getTemplate() + .decode(issuer1); + IssuerAndSerialNumber ias = new IssuerAndSerialNumber( + issuer, new INTEGER(cert + .getSerialNumber() + .toString())); + SignerIdentifier si = new SignerIdentifier( + SignerIdentifier.ISSUER_AND_SERIALNUMBER, + ias, null); + + // SHA1 is the default digest Alg for + // now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; - org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); - org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - - if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) + org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager + .getInstance() + .findPrivKeyByCert(x509cert); + org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey + .getType(); + + if (keyType + .equals(org.mozilla.jss.crypto.PrivateKey.RSA)) signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) + else if (keyType + .equals(org.mozilla.jss.crypto.PrivateKey.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; MessageDigest SHADigest = null; byte[] digest = null; try { - SHADigest = MessageDigest.getInstance("SHA1"); + SHADigest = MessageDigest + .getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; ByteArrayOutputStream ostream = new ByteArrayOutputStream(); rb.encode((OutputStream) ostream); - digest = SHADigest.digest(ostream.toByteArray()); + digest = SHADigest.digest(ostream + .toByteArray()); } catch (NoSuchAlgorithmException ex) { - //log("digest fail"); + // log("digest fail"); } - - org.mozilla.jss.pkix.cms.SignerInfo signInfo = new - org.mozilla.jss.pkix.cms.SignerInfo(si, null, null, + + org.mozilla.jss.pkix.cms.SignerInfo signInfo = new org.mozilla.jss.pkix.cms.SignerInfo( + si, + null, + null, OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, - privKey); + digest, signAlg, privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { - AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), - null); + AlgorithmIdentifier ai = new AlgorithmIdentifier( + digestAlg.toOID(), null); digestAlgs.addElement(ai); } - + SET jsscerts = new SET(); for (int j = 0; j < certsInChain.length; j++) { - ByteArrayInputStream is = new - ByteArrayInputStream(certsInChain[j].getEncoded()); - org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) - org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is); + ByteArrayInputStream is = new ByteArrayInputStream( + certsInChain[j] + .getEncoded()); + org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) org.mozilla.jss.pkix.cert.Certificate + .getTemplate().decode(is); jsscerts.addElement(certJss); } - - SignedData fResponse = new - SignedData(digestAlgs, ci, - jsscerts, null, signInfos); - org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new - org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); - ByteArrayOutputStream ostream = new - ByteArrayOutputStream(); - - fullResponse.encode((OutputStream) ostream); + + SignedData fResponse = new SignedData( + digestAlgs, ci, jsscerts, null, + signInfos); + org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new org.mozilla.jss.pkix.cms.ContentInfo( + org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, + fResponse); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + + fullResponse + .encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); - header.addStringValue(FULL_RESPONSE, CMS.BtoA(fr)); + header.addStringValue(FULL_RESPONSE, + CMS.BtoA(fr)); } } catch (Exception e) { e.printStackTrace(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERROR_FORMING_PKCS7_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } } argSet.addRepeatRecord(rarg); @@ -598,22 +643,21 @@ public class CheckRequest extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java index 0e3974a16..85a546abc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -25,13 +24,11 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** - * An interface representing a request parser which - * converts Java request object into name value - * pairs and vice versa. + * An interface representing a request parser which converts Java request object + * into name value pairs and vice versa. * <P> - * + * * @version $Revision$, $Date$ */ public interface IReqParser { @@ -39,6 +36,6 @@ public interface IReqParser { /** * Maps request object into argument block. */ - public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException; + public void fillRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java index 459aca633..4348a5451 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.math.BigInteger; import java.util.Locale; @@ -29,10 +28,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.key.KeyRecordParser; - /** * Output a 'pretty print' of a Key Archival request - * + * * @version $Revision$, $Date$ */ public class KeyReqParser extends ReqParser { @@ -49,8 +47,8 @@ public class KeyReqParser extends ReqParser { /** * Fills in certificate specific request attributes. */ - public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + public void fillRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -58,11 +56,11 @@ public class KeyReqParser extends ReqParser { if (type.equals(IRequest.ENROLLMENT_REQUEST)) { BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord"); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra"); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem("kra"); if (kra != null) { - KeyRecordParser.fillRecordIntoArg( - kra.getKeyRepository().readKeyRecord(recSerialNo), - arg); + KeyRecordParser.fillRecordIntoArg(kra.getKeyRepository() + .readKeyRecord(recSerialNo), arg); } else { throw new EBaseException("KRA is not available"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java index 76418a998..b5fe3c4c3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; @@ -79,12 +78,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Agent operations on Certificate requests. This servlet is used - * by an Agent to approve, reject, reassign, or change a certificate - * request. - * + * Agent operations on Certificate requests. This servlet is used by an Agent to + * approve, reject, reassign, or change a certificate request. + * * @version $Revision$, $Date$ */ public class ProcessCertReq extends CMSServlet { @@ -105,101 +102,85 @@ public class ProcessCertReq extends CMSServlet { private boolean mExtraAgentParams = false; // for RA only since it does not have a database. - private final static String - REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; - private final static String - PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; - private final static String - PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; - private static ICMSTemplateFiller - REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); + private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; + private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; + private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; + private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); private String mReqCompletedTemplate = null; - private final static String - CERT_TYPE = "certType"; + private final static String CERT_TYPE = "certType"; private String auditServiceID = ILogger.UNIDENTIFIED; - private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = - "caProcessCertReq"; - private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = - "raProcessCertReq"; + private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = "caProcessCertReq"; + private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = "raProcessCertReq"; private final static String SIGNED_AUDIT_ACCEPTANCE = "accept"; private final static String SIGNED_AUDIT_CANCELLATION = "cancel"; private final static String SIGNED_AUDIT_CLONING = "clone"; private final static String SIGNED_AUDIT_REJECTION = "reject"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request cancellation: " - + "request cannot be processed due to an " - + "authorization failure", - - /* 1 */ "manual non-profile cert request cancellation: " - + "no reason has been given for cancelling this " - + "cert request", - - /* 2 */ "manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to a NoSuchAlgorithmException" - }; - private final static String[] - SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request rejection: " - + "request cannot be processed due to an " - + "authorization failure", - - /* 1 */ "manual non-profile cert request rejection: " - + "no reason has been given for rejecting this " - + "cert request", - - /* 2 */ "manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to a NoSuchAlgorithmException" - }; - private final static String - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { + + /* 0 */"manual non-profile cert request cancellation: " + + "request cannot be processed due to an " + + "authorization failure", + + /* 1 */"manual non-profile cert request cancellation: " + + "no reason has been given for cancelling this " + + "cert request", + + /* 2 */"manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to an EBaseException", + + /* 3 */"manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to an IOException", + + /* 4 */"manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to a CertificateException", + + /* 5 */"manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to a NoSuchAlgorithmException" }; + private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { + + /* 0 */"manual non-profile cert request rejection: " + + "request cannot be processed due to an " + + "authorization failure", + + /* 1 */"manual non-profile cert request rejection: " + + "no reason has been given for rejecting this " + + "cert request", + + /* 2 */"manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to an EBaseException", + + /* 3 */"manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to an IOException", + + /* 4 */"manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to a CertificateException", + + /* 5 */"manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to a NoSuchAlgorithmException" }; + private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; /** * Process request. */ - public ProcessCertReq() - throws EBaseException { + public ProcessCertReq() throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "processCertReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -210,10 +191,9 @@ public class ProcessCertReq extends CMSServlet { String id = sc.getInitParameter(CMSServlet.PROP_ID); if (id != null) { - if (!(auditServiceID.equals( - AGENT_CA_CLONE_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { + if (!(auditServiceID.equals(AGENT_CA_CLONE_ENROLLMENT_SERVLET)) + && !(auditServiceID + .equals(AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); @@ -221,20 +201,20 @@ public class ProcessCertReq extends CMSServlet { } mQueue = mAuthority.getRequestQueue(); - mPublisherProcessor = - ((ICertAuthority) mAuthority).getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority) + .getPublisherProcessor(); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; mParser = CertReqParser.DETAIL_PARSER; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); try { - mReqCompletedTemplate = sc.getInitParameter( - PROP_REQ_COMPLETED_TEMPLATE); + mReqCompletedTemplate = sc + .getInitParameter(PROP_REQ_COMPLETED_TEMPLATE); if (mReqCompletedTemplate == null) mReqCompletedTemplate = REQ_COMPLETED_TEMPLATE; String tmp = sc.getInitParameter(PROP_EXTRA_AGENT_PARAMS); @@ -252,25 +232,24 @@ public class ProcessCertReq extends CMSServlet { } } - /** * Process the HTTP request. * <ul> - * <li>http.param seqNum request id - * <li>http.param notValidBefore certificate validity - * - notBefore - in seconds since jan 1, 1970 - * <li>http.param notValidAfter certificate validity - * - notAfter - in seconds since jan 1, 1970 - * <li>http.param subject certificate subject name - * <li>http.param toDo requested action - * (can be one of: clone, reject, accept, cancel) + * <li>http.param seqNum request id + * <li>http.param notValidBefore certificate validity - notBefore - in + * seconds since jan 1, 1970 + * <li>http.param notValidAfter certificate validity - notAfter - in seconds + * since jan 1, 1970 + * <li>http.param subject certificate subject name + * <li>http.param toDo requested action (can be one of: clone, reject, + * accept, cancel) * <li>http.param signatureAlgorithm certificate signing algorithm - * <li>http.param addExts base-64, DER encoded Extension or - * SEQUENCE OF Extensions to add to certificate - * <li>http.param pathLenConstraint integer path length constraint to - * use in BasicConstraint extension if applicable + * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF + * Extensions to add to certificate + * <li>http.param pathLenConstraint integer path length constraint to use in + * BasicConstraint extension if applicable * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -297,15 +276,16 @@ public class ProcessCertReq extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { if (req.getParameter(SEQNUM) != null) { - CMS.debug( - "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM)); + CMS.debug("ProcessCertReq: parameter seqNum " + + req.getParameter(SEQNUM)); seqNum = Integer.parseInt(req.getParameter(SEQNUM)); } String notValidBeforeStr = req.getParameter("notValidBefore"); @@ -326,31 +306,30 @@ public class ProcessCertReq extends CMSServlet { subject = req.getParameter("subject"); signatureAlgorithm = req.getParameter("signatureAlgorithm"); - IRequest r = null; if (seqNum > -1) { - r = mQueue.findRequest(new RequestId( - Integer.toString(seqNum))); + r = mQueue.findRequest(new RequestId(Integer.toString(seqNum))); } - if(seqNum > -1 && r != null) - { - processX509(cmsReq, argSet, header, seqNum, req, resp, - toDo, signatureAlgorithm, subject, - notValidBefore, notValidAfter, locale[0], startTime); + if (seqNum > -1 && r != null) { + processX509(cmsReq, argSet, header, seqNum, req, resp, toDo, + signatureAlgorithm, subject, notValidBefore, + notValidAfter, locale[0], startTime); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum))); - error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", + String.valueOf(seqNum))); + error = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, "Error " + e); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); - } + error = new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); + } try { ServletOutputStream out = resp.getOutputStream(); @@ -358,46 +337,47 @@ public class ProcessCertReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } - + } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** * Process X509 certificate enrollment request and send request information - * to the caller. + * to the caller. * <P> - * + * * (Certificate Request - an "agent" cert request for "cloning") * <P> - * - * (Certificate Request Processed - either a manual "agent" non-profile - * based cert acceptance, a manual "agent" non-profile based cert - * cancellation, or a manual "agent" non-profile based cert rejection) + * + * (Certificate Request Processed - either a manual "agent" non-profile + * based cert acceptance, a manual "agent" non-profile based cert + * cancellation, or a manual "agent" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a - * non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when + * a non-profile cert request is made (before approval process) * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq a certificate enrollment request * @param argSet CMS template parameters * @param header argument block @@ -405,26 +385,22 @@ public class ProcessCertReq extends CMSServlet { * @param req HTTP servlet request * @param resp HTTP servlet response * @param toDo string representing the requested action (can be one of: - * clone, reject, accept, cancel) + * clone, reject, accept, cancel) * @param signatureAlgorithm string containing the signature algorithm * @param subject string containing the subject name of the certificate - * @param notValidBefore certificate validity - notBefore - in seconds - * since Jan 1, 1970 + * @param notValidBefore certificate validity - notBefore - in seconds since + * Jan 1, 1970 * @param notValidAfter certificate validity - notAfter - in seconds since - * Jan 1, 1970 + * Jan 1, 1970 * @param locale the system locale * @param startTime the current date * @exception EBaseException an error has occurred */ - private void processX509(CMSRequest cmsReq, - CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String toDo, String signatureAlgorithm, - String subject, - long notValidBefore, long notValidAfter, - Locale locale, long startTime) - throws EBaseException { + private void processX509(CMSRequest cmsReq, CMSTemplateParams argSet, + IArgBlock header, int seqNum, HttpServletRequest req, + HttpServletResponse resp, String toDo, String signatureAlgorithm, + String subject, long notValidBefore, long notValidAfter, + Locale locale, long startTime) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -434,16 +410,16 @@ public class ProcessCertReq extends CMSServlet { // "normalize" the "auditCertificateSubjectName" if (auditCertificateSubjectName != null) { - // NOTE: This is ok even if the cert subject name is "" (empty)! + // NOTE: This is ok even if the cert subject name is "" (empty)! auditCertificateSubjectName = auditCertificateSubjectName.trim(); } else { - // NOTE: Here, the cert subject name is MISSING, not "" (empty)! + // NOTE: Here, the cert subject name is MISSING, not "" (empty)! auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } try { - IRequest r = mQueue.findRequest(new RequestId( - Integer.toString(seqNum))); + IRequest r = mQueue.findRequest(new RequestId(Integer + .toString(seqNum))); if (r != null) { // overwrite "auditRequesterID" if and only if "id" != null @@ -453,7 +429,7 @@ public class ProcessCertReq extends CMSServlet { } } - if (mAuthority != null) + if (mAuthority != null) header.addStringValue("authorityid", mAuthority.getId()); if (toDo != null) { @@ -463,15 +439,15 @@ public class ProcessCertReq extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "execute"); + mAuthzResourceName, "execute"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -481,45 +457,37 @@ public class ProcessCertReq extends CMSServlet { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditServiceID, + auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[0]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[0]); audit(auditMessage); } @@ -530,14 +498,16 @@ public class ProcessCertReq extends CMSServlet { String authMgr = AuditFormat.NOAUTH; if (authToken != null) { - authMgr = - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } String agentID = authToken.getInString("userid"); - String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; + String initiative = AuditFormat.FROMAGENT + " agentID: " + + agentID; // Get the certificate info from the request - X509CertInfo certInfo[] = r.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certInfo[] = r + .getExtDataInCertInfoArray(IRequest.CERT_INFO); header.addStringValue("toDo", toDo); if (toDo.equals("accept")) { @@ -546,89 +516,95 @@ public class ProcessCertReq extends CMSServlet { int alterationCounter = 0; for (int i = 0; i < certInfo.length; i++) { - CertificateAlgorithmId certAlgId = - (CertificateAlgorithmId) - certInfo[i].get(X509CertInfo.ALGORITHM_ID); + CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) certInfo[i] + .get(X509CertInfo.ALGORITHM_ID); - AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + AlgorithmId algId = (AlgorithmId) certAlgId + .get(CertificateAlgorithmId.ALGORITHM); if (!(algId.getName().equals(signatureAlgorithm))) { alterationCounter++; - AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm); + AlgorithmId newAlgId = AlgorithmId + .getAlgorithmId(signatureAlgorithm); certInfo[i].set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(newAlgId)); + new CertificateAlgorithmId(newAlgId)); } - CertificateSubjectName certSubject = - (CertificateSubjectName) - certInfo[i].get(X509CertInfo.SUBJECT); + CertificateSubjectName certSubject = (CertificateSubjectName) certInfo[i] + .get(X509CertInfo.SUBJECT); - if (subject != null && - !(certSubject.toString().equals(subject))) { + if (subject != null + && !(certSubject.toString().equals(subject))) { alterationCounter++; certInfo[i].set(X509CertInfo.SUBJECT, - new CertificateSubjectName( - (new X500Name(subject)))); + new CertificateSubjectName( + (new X500Name(subject)))); } - CertificateValidity certValidity = - (CertificateValidity) - certInfo[i].get(X509CertInfo.VALIDITY); + CertificateValidity certValidity = (CertificateValidity) certInfo[i] + .get(X509CertInfo.VALIDITY); Date currentTime = CMS.getCurrentDate(); boolean validityChanged = false; - // only override these values if agent specified them + // only override these values if agent specified + // them if (notValidBefore > 0) { - Date notBefore = (Date) certValidity.get( - CertificateValidity.NOT_BEFORE); + Date notBefore = (Date) certValidity + .get(CertificateValidity.NOT_BEFORE); - if (notBefore.getTime() == 0 || - notBefore.getTime() != notValidBefore) { + if (notBefore.getTime() == 0 + || notBefore.getTime() != notValidBefore) { Date validFrom = new Date(notValidBefore); - notBefore = (notValidBefore == 0) ? currentTime : validFrom; - certValidity.set(CertificateValidity.NOT_BEFORE, - notBefore); + notBefore = (notValidBefore == 0) ? currentTime + : validFrom; + certValidity.set( + CertificateValidity.NOT_BEFORE, + notBefore); validityChanged = true; } } if (notValidAfter > 0) { Date validTo = new Date(notValidAfter); - Date notAfter = (Date) - certValidity.get(CertificateValidity.NOT_AFTER); + Date notAfter = (Date) certValidity + .get(CertificateValidity.NOT_AFTER); - if (notAfter.getTime() == 0 || - notAfter.getTime() != notValidAfter) { + if (notAfter.getTime() == 0 + || notAfter.getTime() != notValidAfter) { notAfter = currentTime; - notAfter = (notValidAfter == 0) ? currentTime : validTo; - certValidity.set(CertificateValidity.NOT_AFTER, - notAfter); + notAfter = (notValidAfter == 0) ? currentTime + : validTo; + certValidity.set( + CertificateValidity.NOT_AFTER, + notAfter); validityChanged = true; } } if (validityChanged) { - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. - certInfo[i].set(X509CertInfo.VALIDITY, certValidity); + certInfo[i].set(X509CertInfo.VALIDITY, + certValidity); } if (certInfo[i].get(X509CertInfo.VERSION) == null) { certInfo[i].set(X509CertInfo.VERSION, - new CertificateVersion( - CertificateVersion.V3)); + new CertificateVersion( + CertificateVersion.V3)); } CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) - certInfo[i].get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo[i] + .get(X509CertInfo.EXTENSIONS); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERROR_PARSING_EXTENS", + e.toString())); } // 99/08/31 #361906 - handling additional extensions @@ -637,104 +613,131 @@ public class ProcessCertReq extends CMSServlet { if (addExts != null && !addExts.trim().equals("")) { Vector extsToBeAdded = new Vector(); - byte[] b = (byte[]) (com.netscape.osutil.OSUtil.AtoB(addExts)); + byte[] b = (byte[]) (com.netscape.osutil.OSUtil + .AtoB(addExts)); - // this b can be "Extension" Or "SEQUENCE OF Extension" + // this b can be "Extension" Or + // "SEQUENCE OF Extension" try { DerValue b_der = new DerValue(b); while (b_der.data.available() != 0) { - Extension de = new Extension(b_der.data.getDerValue()); + Extension de = new Extension( + b_der.data.getDerValue()); extsToBeAdded.addElement(de); } } catch (IOException e) { // it could be a single extension - Extension de = new Extension(new DerValue(b)); + Extension de = new Extension( + new DerValue(b)); extsToBeAdded.addElement(de); } if (extsToBeAdded.size() > 0) { if (extensions == null) { extensions = new CertificateExtensions(); - certInfo[i].set(X509CertInfo.EXTENSIONS, extensions); + certInfo[i].set( + X509CertInfo.EXTENSIONS, + extensions); } for (int j = 0; j < extsToBeAdded.size(); j++) { - Extension theExt = (Extension) extsToBeAdded.elementAt(j); + Extension theExt = (Extension) extsToBeAdded + .elementAt(j); - extensions.set(theExt.getExtensionId().toString(), theExt); + extensions.set(theExt.getExtensionId() + .toString(), theExt); } } } if (extensions != null) { try { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) - extensions.get( - NSCertTypeExtension.NAME); + NSCertTypeExtension nsExtensions = (NSCertTypeExtension) extensions + .get(NSCertTypeExtension.NAME); if (nsExtensions != null) { updateNSExtension(req, nsExtensions); - } + } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", + e.toString())); } - String pathLength = req.getParameter("pathLenConstraint"); + String pathLength = req + .getParameter("pathLenConstraint"); if (pathLength != null) { try { - int pathLen = Integer.parseInt(pathLength); - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) - extensions.get( - BasicConstraintsExtension.NAME); + int pathLen = Integer + .parseInt(pathLength); + BasicConstraintsExtension bcExt = (BasicConstraintsExtension) extensions + .get(BasicConstraintsExtension.NAME); if (bcExt != null) { - Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN); - Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA); - - if (bcPathLen != null && - bcPathLen.intValue() != pathLen && - isCA != null) { - BasicConstraintsExtension bcExt0 = - new BasicConstraintsExtension(isCA.booleanValue(), pathLen); - - extensions.delete(BasicConstraintsExtension.NAME); - extensions.set(BasicConstraintsExtension.NAME, (Extension) bcExt0); + Integer bcPathLen = (Integer) bcExt + .get(BasicConstraintsExtension.PATH_LEN); + Boolean isCA = (Boolean) bcExt + .get(BasicConstraintsExtension.IS_CA); + + if (bcPathLen != null + && bcPathLen.intValue() != pathLen + && isCA != null) { + BasicConstraintsExtension bcExt0 = new BasicConstraintsExtension( + isCA.booleanValue(), + pathLen); + + extensions + .delete(BasicConstraintsExtension.NAME); + extensions + .set(BasicConstraintsExtension.NAME, + (Extension) bcExt0); alterationCounter++; } } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", + e.toString())); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", + e.toString())); } } // handle Presence Server Extension - String PSE_Enable = req.getParameter("PSE_Enable"); + String PSE_Enable = req + .getParameter("PSE_Enable"); if (PSE_Enable != null) { - boolean Critical = (req.getParameter("PSE_Critical") != null); + boolean Critical = (req + .getParameter("PSE_Critical") != null); int Version = 0; try { - Version = Integer.parseInt(req.getParameter("PSE_Version")); + Version = Integer.parseInt(req + .getParameter("PSE_Version")); } catch (Exception e1) { } - String StreetAddress = req.getParameter("PSE_StreetAddress"); + String StreetAddress = req + .getParameter("PSE_StreetAddress"); if (StreetAddress == null) { StreetAddress = ""; } - String TelephoneNumber = req.getParameter("PSE_TelephoneNumber"); + String TelephoneNumber = req + .getParameter("PSE_TelephoneNumber"); if (TelephoneNumber == null) { TelephoneNumber = ""; } - String RFC822Name = req.getParameter("PSE_RFC822Name"); + String RFC822Name = req + .getParameter("PSE_RFC822Name"); if (RFC822Name == null) { RFC822Name = ""; @@ -744,7 +747,8 @@ public class ProcessCertReq extends CMSServlet { if (IMID == null) { IMID = ""; } - String HostName = req.getParameter("PSE_HostName"); + String HostName = req + .getParameter("PSE_HostName"); if (HostName == null) { HostName = ""; @@ -752,61 +756,80 @@ public class ProcessCertReq extends CMSServlet { int PortNumber = 0; try { - PortNumber = Integer.parseInt(req.getParameter("PSE_PortNumber")); + PortNumber = Integer + .parseInt(req + .getParameter("PSE_PortNumber")); } catch (Exception e1) { } int MaxUsers = 0; try { - MaxUsers = Integer.parseInt(req.getParameter("PSE_MaxUsers")); + MaxUsers = Integer.parseInt(req + .getParameter("PSE_MaxUsers")); } catch (Exception e1) { } int ServiceLevel = 0; try { - ServiceLevel = Integer.parseInt(req.getParameter("PSE_ServiceLevel")); + ServiceLevel = Integer + .parseInt(req + .getParameter("PSE_ServiceLevel")); } catch (Exception e1) { } // create extension - PresenceServerExtension pseExt = new PresenceServerExtension(Critical, Version, StreetAddress, TelephoneNumber, RFC822Name, IMID, HostName, PortNumber, MaxUsers, ServiceLevel); - - extensions.set(pseExt.getExtensionId().toString(), pseExt); + PresenceServerExtension pseExt = new PresenceServerExtension( + Critical, Version, StreetAddress, + TelephoneNumber, RFC822Name, IMID, + HostName, PortNumber, MaxUsers, + ServiceLevel); + + extensions.set(pseExt.getExtensionId() + .toString(), pseExt); } if (mExtraAgentParams) { - Enumeration extraparams = req.getParameterNames(); + Enumeration extraparams = req + .getParameterNames(); int l = IRequest.AGENT_PARAMS.length() + 1; int ap_counter = 0; Hashtable agentparamsargblock = new Hashtable(); if (extraparams != null) { while (extraparams.hasMoreElements()) { - String s = (String) extraparams.nextElement(); + String s = (String) extraparams + .nextElement(); if (s.startsWith(IRequest.AGENT_PARAMS)) { - String param_value = req.getParameter(s); + String param_value = req + .getParameter(s); if (param_value != null) { - String new_name = s.substring(l); + String new_name = s + .substring(l); - agentparamsargblock.put(new_name, param_value); + agentparamsargblock.put( + new_name, + param_value); ap_counter += 1; } } } } if (ap_counter > 0) { - r.setExtData(IRequest.AGENT_PARAMS, agentparamsargblock); + r.setExtData(IRequest.AGENT_PARAMS, + agentparamsargblock); alterationCounter++; } } - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. - certInfo[i].set(X509CertInfo.EXTENSIONS, extensions); + certInfo[i].set(X509CertInfo.EXTENSIONS, + extensions); } - alterationCounter += updateExtensionsInRequest(req, r); + alterationCounter += updateExtensionsInRequest(req, + r); } if (alterationCounter > 0) { mQueue.updateRequest(r); @@ -818,100 +841,87 @@ public class ProcessCertReq extends CMSServlet { if (r.getRequestStatus().equals(RequestStatus.PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.PENDING); - if (certInfo != null) { + if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "pending", subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending"} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "pending" }); } } } else if (r.getRequestStatus().equals( - RequestStatus.APPROVED) || - r.getRequestStatus().equals( - RequestStatus.SVC_PENDING)) { + RequestStatus.APPROVED) + || r.getRequestStatus().equals( + RequestStatus.SVC_PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.SVC_PENDING); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, r.getRequestStatus(), + subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, r.getRequestStatus() }); } } } else if (r.getRequestStatus().equals( @@ -920,100 +930,98 @@ public class ProcessCertReq extends CMSServlet { // XXX make the repeat record. // Get the certificate(s) from the request - X509CertImpl issuedCerts[] = - r.getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl issuedCerts[] = r + .getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (issuedCerts != null) { long endTime = CMS.getCurrentDate().getTime(); StringBuffer sbuf = new StringBuffer(); - //header.addBigIntegerValue("serialNumber", - //issuedCerts[0].getSerialNumber(),16); + // header.addBigIntegerValue("serialNumber", + // issuedCerts[0].getSerialNumber(),16); for (int i = 0; i < issuedCerts.length; i++) { - if (i != 0) + if (i != 0) sbuf.append(", "); - sbuf.append("0x" + - issuedCerts[i].getSerialNumber().toString(16)); - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[i].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)} - ); + sbuf.append("0x" + + issuedCerts[i].getSerialNumber() + .toString(16)); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[i].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[i] + .getSerialNumber() + .toString(16) + + " time: " + + (endTime - startTime) }); // store a message in the signed audit log file // (one for each manual "agent" - // cert request processed - "accepted") - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditInfoName, - auditInfoCertValue(issuedCerts[i])); + // cert request processed - "accepted") + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditInfoName, + auditInfoCertValue(issuedCerts[i])); audit(auditMessage); } - header.addStringValue( - "serialNumber", sbuf.toString()); + header.addStringValue("serialNumber", + sbuf.toString()); } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "completed", subject, + "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "completed" }); } // store a message in the signed audit log file // (manual "agent" cert request processed - // - "accepted") - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + // - "accepted") + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } - // grant trusted manager or agent privileges + // grant trusted manager or agent privileges Object grantError = null; - try { - int res = grant_privileges( - cmsReq, r, issuedCerts, header); + try { + int res = grant_privileges(cmsReq, r, issuedCerts, + header); if (res != 0) { header.addStringValue(GRANT_ERROR, "SUCCESS"); @@ -1027,45 +1035,41 @@ public class ProcessCertReq extends CMSServlet { // if this is a RA, show the certificate right away // since ther is no cert database. /* - if (mAuthority instanceof RegistrationAuthority) { - Object[] results = - new Object[] { issuedCerts, grantError }; - cmsReq.setResult(results); - renderTemplate(cmsReq, - mReqCompletedTemplate, REQ_COMPLETED_FILLER); - - return; - } + * if (mAuthority instanceof RegistrationAuthority) { + * Object[] results = new Object[] { issuedCerts, + * grantError }; cmsReq.setResult(results); + * renderTemplate(cmsReq, mReqCompletedTemplate, + * REQ_COMPLETED_FILLER); + * + * return; } */ cmsReq.setResult(r); String scheme = req.getScheme(); - if (scheme.equals("http") && - connectionIsSSL(req)) scheme = "https"; + if (scheme.equals("http") && connectionIsSSL(req)) + scheme = "https"; - /* - header.addStringValue( - "authorityid", mAuthority.getId()); - header.addStringValue("serviceURL", scheme +"://"+ - req.getServerName() + ":"+ - req.getServerPort() + - req.getRequestURI()); - */ + /* + * header.addStringValue( "authorityid", + * mAuthority.getId()); + * header.addStringValue("serviceURL", scheme +"://"+ + * req.getServerName() + ":"+ req.getServerPort() + + * req.getRequestURI()); + */ - if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null + && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - r.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = r + .getExtDataInIntegerArray("ldapPublishStatus"); int certsUpdated = 0; if (ldapPublishStatus != null) { - for (int i = 0; - i < ldapPublishStatus.length; i++) { - if (ldapPublishStatus[i] == - IRequest.RES_SUCCESS) { + for (int i = 0; i < ldapPublishStatus.length; i++) { + if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) { certsUpdated++; } } @@ -1081,59 +1085,50 @@ public class ProcessCertReq extends CMSServlet { mQueue.rejectRequest(r); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "rejected", subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected"} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "rejected" }); } } // store a message in the signed audit log file // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[1]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[1]); audit(auditMessage); @@ -1142,47 +1137,40 @@ public class ProcessCertReq extends CMSServlet { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "canceled", subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled"} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "canceled" }); } } @@ -1190,90 +1178,91 @@ public class ProcessCertReq extends CMSServlet { // store a message in the signed audit log file // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[1]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[1]); audit(auditMessage); } else if (toDo.equals("clone")) { IRequest clonedRequest = mQueue.cloneAndMarkPending(r); - header.addStringValue("clonedRequestId", - clonedRequest.getRequestId().toString()); + header.addStringValue("clonedRequestId", clonedRequest + .getRequestId().toString()); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest + .getRequestId() + .toString(), + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest + .getRequestId() + .toString(), + subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest + .getRequestId() + .toString() }); } } // store a message in the signed audit log file // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); header.addIntegerValue("seqNum", seqNum); @@ -1283,52 +1272,44 @@ public class ProcessCertReq extends CMSServlet { if (rid != null) header.addStringValue("remoteReqID", rid); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[2]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[2]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[2]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[2]); audit(auditMessage); } @@ -1336,172 +1317,149 @@ public class ProcessCertReq extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[3]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[3]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[3]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[3]); audit(auditMessage); } } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[4]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[4]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[4]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[4]); audit(auditMessage); } } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[5]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[5]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[5]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[5]); audit(auditMessage); } } - throw new EBaseException(CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", e.toString())); + throw new EBaseException(CMS.getUserMessage(locale, + "CMS_BASE_INTERNAL_ERROR", e.toString())); } return; } - - private void updateNSExtension(HttpServletRequest req, - NSCertTypeExtension ext) throws IOException { + + private void updateNSExtension(HttpServletRequest req, + NSCertTypeExtension ext) throws IOException { try { if (req.getParameter("certTypeSSLServer") == null) { @@ -1523,9 +1481,11 @@ public class ProcessCertReq extends CMSServlet { } if (req.getParameter("certTypeObjSigning") == null) { - ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(false)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING, + Boolean.valueOf(false)); } else { - ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(true)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING, + Boolean.valueOf(true)); } if (req.getParameter("certTypeEmailCA") == null) { @@ -1541,115 +1501,111 @@ public class ProcessCertReq extends CMSServlet { } if (req.getParameter("certTypeObjSigningCA") == null) { - ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(false)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, + Boolean.valueOf(false)); } else { - ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(true)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, + Boolean.valueOf(true)); } } catch (CertificateException e) { } } /** - * This method sets extensions parameter into the request so - * that the NSCertTypeExtension policy creates new - * NSCertTypExtension with this setting. Note that this - * setting will not be used if the NSCertType Extension - * already exist in CertificateExtension. In that case, - * updateExtensions() will be called to set the extension - * parameter into the extension directly. + * This method sets extensions parameter into the request so that the + * NSCertTypeExtension policy creates new NSCertTypExtension with this + * setting. Note that this setting will not be used if the NSCertType + * Extension already exist in CertificateExtension. In that case, + * updateExtensions() will be called to set the extension parameter into the + * extension directly. */ private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) { int nChanges = 0; - if (req.getParameter("certTypeSSLServer") != null) { - r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_SERVER); - nChanges++; - } + if (req.getParameter("certTypeSSLServer") != null) { + r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_SERVER); + nChanges++; + } - if (req.getParameter("certTypeSSLClient") != null) { - r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); - nChanges++; - } + if (req.getParameter("certTypeSSLClient") != null) { + r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); + nChanges++; + } - if (req.getParameter("certTypeEmail") != null) { - r.setExtData(NSCertTypeExtension.EMAIL, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL); - nChanges++; - } + if (req.getParameter("certTypeEmail") != null) { + r.setExtData(NSCertTypeExtension.EMAIL, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL); + nChanges++; + } - if (req.getParameter("certTypeObjSigning") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); - nChanges++; - } + if (req.getParameter("certTypeObjSigning") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); + nChanges++; + } - if (req.getParameter("certTypeEmailCA") != null) { - r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL_CA); - nChanges++; - } + if (req.getParameter("certTypeEmailCA") != null) { + r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL_CA); + nChanges++; + } - if (req.getParameter("certTypeSSLCA") != null) { - r.setExtData(NSCertTypeExtension.SSL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CA); - nChanges++; - } + if (req.getParameter("certTypeSSLCA") != null) { + r.setExtData(NSCertTypeExtension.SSL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CA); + nChanges++; + } - if (req.getParameter("certTypeObjSigningCA") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); - nChanges++; - } + if (req.getParameter("certTypeObjSigningCA") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); + nChanges++; + } return nChanges; } - + protected static final String GRANT_ERROR = "grantError"; - public static final String - GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; - public static final String - GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; - public static final String - GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; - public static final String - GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; + public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; + public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; + public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; + public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; public static final String GRANT_UID = "grantUID"; public static final String GRANT_PRIVILEGE = "grantPrivilege"; - protected int grant_privileges( - CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header) - throws EBaseException { + protected int grant_privileges(CMSRequest cmsReq, IRequest req, + Certificate[] certs, IArgBlock header) throws EBaseException { // get privileges to grant IArgBlock httpParams = cmsReq.getHttpParams(); - boolean grantTrustedMgr = - httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false); - boolean grantRMAgent = - httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false); - boolean grantCMAgent = - httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false); - boolean grantDRMAgent = - httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false); - - if (!grantTrustedMgr && - !grantCMAgent && !grantRMAgent && !grantDRMAgent) { + boolean grantTrustedMgr = httpParams.getValueAsBoolean( + GRANT_TRUSTEDMGR_PRIVILEGE, false); + boolean grantRMAgent = httpParams.getValueAsBoolean( + GRANT_RMAGENT_PRIVILEGE, false); + boolean grantCMAgent = httpParams.getValueAsBoolean( + GRANT_CMAGENT_PRIVILEGE, false); + boolean grantDRMAgent = httpParams.getValueAsBoolean( + GRANT_DRMAGENT_PRIVILEGE, false); + + if (!grantTrustedMgr && !grantCMAgent && !grantRMAgent + && !grantDRMAgent) { return 0; } else { IAuthToken authToken = getAuthToken(req); @@ -1657,8 +1613,8 @@ public class ProcessCertReq extends CMSServlet { String resourceName = "certServer." + mAuthority.getId() + ".group"; try { - authzToken = authorize(mAclMethod, authToken, - resourceName, "add"); + authzToken = authorize(mAclMethod, authToken, resourceName, + "add"); } catch (Exception e) { // do nothing for now } @@ -1668,7 +1624,7 @@ public class ProcessCertReq extends CMSServlet { if (grantTrustedMgr) obj[0] = TRUSTED_RA_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) obj[0] = RA_AGENT_GROUP; else if (grantCMAgent) obj[0] = CA_AGENT_GROUP; @@ -1677,14 +1633,16 @@ public class ProcessCertReq extends CMSServlet { else obj[0] = "unknown group"; - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_UNAUTHORIZED_CREATE_GROUP", obj[0])); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_UNAUTHORIZED_CREATE_GROUP", obj[0])); } } String uid = (String) httpParams.getValueAsString(GRANT_UID, null); if (uid == null || uid.length() == 0) { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_GRANT_UID")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_MISSING_GRANT_UID")); } header.addStringValue(GRANT_UID, uid); @@ -1695,22 +1653,22 @@ public class ProcessCertReq extends CMSServlet { groupname = TRUSTED_RA_GROUP; userType = Constants.PR_SUBSYSTEM_TYPE; } else { - if (grantCMAgent) + if (grantCMAgent) groupname = CA_AGENT_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) groupname = RA_AGENT_GROUP; if (grantDRMAgent) { - if (groupname != null) + if (groupname != null) groupname1 = KRA_AGENT_GROUP; - else + else groupname = KRA_AGENT_GROUP; } userType = Constants.PR_AGENT_TYPE; } - String privilege = - (groupname1 == null) ? groupname : groupname + " and " + groupname1; + String privilege = (groupname1 == null) ? groupname : groupname + + " and " + groupname1; header.addStringValue(GRANT_PRIVILEGE, privilege); @@ -1726,24 +1684,27 @@ public class ProcessCertReq extends CMSServlet { IGroup group = ug.findGroup(groupname), group1 = null; if (group == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_FIND_GROUP_ERROR", groupname)); } if (groupname1 != null) { group1 = ug.findGroup(groupname1); if (group1 == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERROR_FIND_GROUP_1", groupname)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_FIND_GROUP_ERROR", groupname1)); } } try { ug.addUser(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_ADDING_USER_ERROR", uid)); } try { if (certs[0] instanceof X509CertImpl) { @@ -1751,12 +1712,13 @@ public class ProcessCertReq extends CMSServlet { user.setX509Certificates(tmp); } - + ug.addUserCert(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_ADDING_CERT_ERROR", uid)); } try { group.addMemberName(uid); @@ -1764,44 +1726,43 @@ public class ProcessCertReq extends CMSServlet { // for audit log SessionContext sContext = SessionContext.getContext(); String adminId = (String) sContext.get(SessionContext.USER_ID); - - mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname} - ); + + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, AuditFormat.LEVEL, + AuditFormat.ADDUSERGROUPFORMAT, new Object[] { adminId, + uid, groupname }); if (group1 != null) { group1.addMemberName(uid); ug.modifyGroup(group1); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname1} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, uid, groupname1 }); } } catch (Exception e) { - String msg = - "Could not add user " + uid + " to group " + groupname; + String msg = "Could not add user " + uid + " to group " + groupname; if (group1 != null) msg += " or group " + groupname1; log(ILogger.LL_FAILURE, msg); - if (group1 == null) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); - else - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); + if (group1 == null) + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_ADDING_MEMBER", uid, groupname)); + else + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); } return 1; } /** * Signed Audit Log Info Name - * - * This method is called to obtain the "InfoName" for - * a signed audit log message. + * + * This method is called to obtain the "InfoName" for a signed audit log + * message. * <P> - * + * * @param type signed audit log request processing type * @return id string containing the signed audit log message InfoName */ @@ -1832,11 +1793,11 @@ public class ProcessCertReq extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1890,42 +1851,41 @@ public class ProcessCertReq extends CMSServlet { } } - class RAReqCompletedFiller extends ImportCertsTemplateFiller { private static final String RA_AGENT_GROUP = "Registration Manager Agents"; private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents"; + public RAReqCompletedFiller() { super(); } - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) throws Exception { Object[] results = (Object[]) cmsReq.getResult(); Object grantError = results[1]; - //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; + // X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; Certificate[] issuedCerts = (Certificate[]) results[0]; - + cmsReq.setResult(issuedCerts); - CMSTemplateParams params = - super.getTemplateParams(cmsReq, authority, locale, e); + CMSTemplateParams params = super.getTemplateParams(cmsReq, authority, + locale, e); if (grantError != null) { IArgBlock header = params.getHeader(); if (grantError instanceof String) { - header.addStringValue( - ProcessCertReq.GRANT_ERROR, (String) grantError); + header.addStringValue(ProcessCertReq.GRANT_ERROR, + (String) grantError); } else { EBaseException ex = (EBaseException) grantError; - header.addStringValue( - ProcessCertReq.GRANT_ERROR, ex.toString(locale)); + header.addStringValue(ProcessCertReq.GRANT_ERROR, + ex.toString(locale)); } IArgBlock httpParams = cmsReq.getHttpParams(); - String uid = httpParams.getValueAsString( - ProcessCertReq.GRANT_UID, null); + String uid = httpParams.getValueAsString(ProcessCertReq.GRANT_UID, + null); header.addStringValue(ProcessCertReq.GRANT_UID, uid); boolean grantRMAgent = httpParams.getValueAsBoolean( @@ -1940,7 +1900,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { if (grantDRMAgent) { if (privilege != null) privilege += " and " + KRA_AGENT_GROUP; - else + else privilege = KRA_AGENT_GROUP; } header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege); @@ -1948,4 +1908,3 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java index 0ac271971..7d74671b3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Locale; @@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display Generic Request detail to the user. - * + * * @version $Revision$, $Date$ */ public class ProcessReq extends CMSServlet { @@ -74,8 +72,9 @@ public class ProcessReq extends CMSServlet { private IReqParser mParser = null; private String[] mSigningAlgorithms = null; - private static String[] DEF_SIGNING_ALGORITHMS = new String[] - {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"}; + private static String[] DEF_SIGNING_ALGORITHMS = new String[] { + "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", + "MD5withRSA", "MD2withRSA" }; /** * Process request. @@ -86,15 +85,15 @@ public class ProcessReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * "processReq.template" to process the response. - * The initialization parameter 'parser' is read from the - * servlet configration, and is used to set the type of request. - * The value of this parameter can be: - * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary - * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail - * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail - * </UL> - * + * "processReq.template" to process the response. The initialization + * parameter 'parser' is read from the servlet configration, and is used to + * set the type of request. The value of this parameter can be: + * <UL> + * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary + * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail + * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail + * </UL> + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -111,13 +110,13 @@ public class ProcessReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); - if (mOutputTemplatePath != null) + if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } @@ -126,9 +125,9 @@ public class ProcessReq extends CMSServlet { * <ul> * <li>http.param seqNum * <li>http.param doAssign reassign request. Value can be reassignToMe - * reassignToNobody + * reassignToNobody * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -152,10 +151,10 @@ public class ProcessReq extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting template " + mFormPath + " Error " + e); + log(ILogger.LL_FAILURE, "Error getting template " + mFormPath + + " Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -171,21 +170,23 @@ public class ProcessReq extends CMSServlet { try { if (doAssign == null) { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } else if (doAssign.equals("toMe") || - doAssign.equals("reassignToMe")) { + mAuthzResourceName, "read"); + } else if (doAssign.equals("toMe") + || doAssign.equals("reassignToMe")) { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "assign"); + mAuthzResourceName, "assign"); } else if (doAssign.equals("reassignToNobody")) { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "unassign"); + mAuthzResourceName, "unassign"); } } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -193,19 +194,18 @@ public class ProcessReq extends CMSServlet { return; } - process(argSet, header, seqNum, req, resp, - doAssign, locale[0]); + process(argSet, header, seqNum, req, resp, doAssign, locale[0]); } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); - error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + error = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { - error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + error = new EBaseException(CMS.getUserMessage(locale[0], + "CMS_BASE_INVALID_NUMBER_FORMAT")); + } try { ServletOutputStream out = resp.getOutputStream(); @@ -213,46 +213,44 @@ public class ProcessReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setError(error); cmsReq.setStatus(CMSRequest.ERROR); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting servlet output stream for rendering template. " + - "Error " + e); + log(ILogger.LL_FAILURE, + "Error getting servlet output stream for rendering template. " + + "Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** - * Sends request information to the calller. - * returns whether there was an error or not. + * Sends request information to the calller. returns whether there was an + * error or not. */ private void process(CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String doAssign, Locale locale) - throws EBaseException { + int seqNum, HttpServletRequest req, HttpServletResponse resp, + String doAssign, Locale locale) throws EBaseException { header.addIntegerValue("seqNum", seqNum); - IRequest r = - mQueue.findRequest(new RequestId(Integer.toString(seqNum))); + IRequest r = mQueue + .findRequest(new RequestId(Integer.toString(seqNum))); if (r != null) { if (doAssign != null) { if ((doAssign.equals("toMe")) - || (doAssign.equals("reassignToMe"))) { + || (doAssign.equals("reassignToMe"))) { SessionContext ctx = SessionContext.getContext(); String id = (String) ctx.get(SessionContext.USER_ID); @@ -264,32 +262,32 @@ public class ProcessReq extends CMSServlet { } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); - // DONT NEED TO DO THIS FOR DRM + // DONT NEED TO DO THIS FOR DRM if (mAuthority instanceof ICertAuthority) { // Check/set signing algorithms dynamically. - // In RA mSigningAlgorithms could be null at startup if CA is not - // up and set later when CA comes back up. + // In RA mSigningAlgorithms could be null at startup if CA is + // not + // up and set later when CA comes back up. // Once it's set assumed that it won't change. String[] allAlgorithms = mSigningAlgorithms; if (allAlgorithms == null) { - allAlgorithms = mSigningAlgorithms = - ((ICertAuthority) mAuthority).getCASigningAlgorithms(); + allAlgorithms = mSigningAlgorithms = ((ICertAuthority) mAuthority) + .getCASigningAlgorithms(); if (allAlgorithms == null) { - CMS.debug( - "ProcessReq: signing algorithms set to All algorithms"); + CMS.debug("ProcessReq: signing algorithms set to All algorithms"); allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS; - } else - CMS.debug( - "ProcessReq: First signing algorithms is " + allAlgorithms[0]); + } else + CMS.debug("ProcessReq: First signing algorithms is " + + allAlgorithms[0]); } String validAlgorithms = null; StringBuffer sb = new StringBuffer(); @@ -305,15 +303,19 @@ public class ProcessReq extends CMSServlet { if (validAlgorithms != null) header.addStringValue("validAlgorithms", validAlgorithms); if (mAuthority instanceof ICertificateAuthority) { - String signingAlgorithm = ((ICertificateAuthority) mAuthority).getDefaultAlgorithm(); + String signingAlgorithm = ((ICertificateAuthority) mAuthority) + .getDefaultAlgorithm(); if (signingAlgorithm != null) - header.addStringValue("caSigningAlgorithm", signingAlgorithm); + header.addStringValue("caSigningAlgorithm", + signingAlgorithm); header.addLongValue("defaultValidityLength", - ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000); + ((ICertificateAuthority) mAuthority) + .getDefaultValidity() / 1000); } else if (mAuthority instanceof IRegistrationAuthority) { header.addLongValue("defaultValidityLength", - ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000); + ((IRegistrationAuthority) mAuthority) + .getDefaultValidity() / 1000); } X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert(); @@ -327,9 +329,8 @@ public class ProcessReq extends CMSServlet { mParser.fillRequestIntoArg(locale, r, argSet, header); } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum))); } return; diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java index c065173ca..c08aecbb0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Show paged list of requests matching search criteria - * + * * @version $Revision$, $Date$ */ public class QueryReq extends CMSServlet { @@ -62,7 +60,7 @@ public class QueryReq extends CMSServlet { private final static String IN_SHOW_ALL = "showAll"; private final static String IN_SHOW_WAITING = "showWaiting"; private final static String IN_SHOW_IN_SERVICE = "showInService"; - private final static String IN_SHOW_PENDING= "showPending"; + private final static String IN_SHOW_PENDING = "showPending"; private final static String IN_SHOW_CANCELLED = "showCancelled"; private final static String IN_SHOW_REJECTED = "showRejected"; private final static String IN_SHOW_COMPLETED = "showCompleted"; @@ -86,17 +84,16 @@ public class QueryReq extends CMSServlet { private final static String OUT_UPDATE_ON = "updatedOn"; private final static String OUT_UPDATE_BY = "updatedBy"; private final static String OUT_REQUESTING_USER = "requestingUser"; - //keeps track of where to begin if page down + // keeps track of where to begin if page down private final static String OUT_FIRST_ENTRY_ON_PAGE = "firstEntryOnPage"; - //keeps track of where to begin if page up + // keeps track of where to begin if page up private final static String OUT_LAST_ENTRY_ON_PAGE = "lastEntryOnPage"; private final static String OUT_SUBJECT = "subject"; private final static String OUT_REQUEST_TYPE = "requestType"; private final static String OUT_COMMENTS = "requestorComments"; private final static String OUT_SERIALNO = "serialNumber"; private final static String OUT_OWNER_NAME = "ownerName"; - private final static String OUT_PUBLIC_KEY_INFO = - "subjectPublicKeyInfo"; + private final static String OUT_PUBLIC_KEY_INFO = "subjectPublicKeyInfo"; private final static String OUT_ERROR = "error"; private final static String OUT_AUTHORITY_ID = "authorityid"; @@ -120,7 +117,7 @@ public class QueryReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -143,9 +140,9 @@ public class QueryReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); @@ -153,7 +150,7 @@ public class QueryReq extends CMSServlet { if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } - + private String getRequestType(String p) { String filter = "(requestType=*)"; @@ -213,150 +210,145 @@ public class QueryReq extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param reqState request state - * (one of showAll, showWaiting, showInService, - * showCancelled, showRejected, showCompleted) + * <li>http.param reqState request state (one of showAll, showWaiting, + * showInService, showCancelled, showRejected, showCompleted) * <li>http.param reqType * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if - * when paging down - * seqNumFromDown starts with 0x) + * when paging down seqNumFromDown starts with 0x) * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if - * when paging up - * seqNumFromUp starts with 0x) + * when paging up seqNumFromUp starts with 0x) * <li>http.param maxCount maximum number of records to show * <li>http.param totalCount total number of records in set of pages * <li>http.param direction "up", "down", "begin", or "end" * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { - CMS.debug("in QueryReq servlet"); - - // Authentication / Authorization - - HttpServletRequest req = cmsReq.getHttpReq(); - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - - - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - // if get a EBaseException we just throw it. - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - /** - * WARNING: - * - * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. - * - **/ - String filter = null; - String reqState = req.getParameter("reqState"); - String reqType = req.getParameter("reqType"); - - if (reqState == null || reqType == null) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL) && - reqType.equals(IN_SHOW_ALL)) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL)) { - filter = getRequestType(reqType); - } else if (reqType.equals(IN_SHOW_ALL)) { - filter = getRequestState(reqState); - } else { - filter = "(&" + getRequestState(reqState) + - getRequestType(reqType) + ")"; - } - - String direction = "begin"; - if (req.getParameter("direction") != null) { - direction = req.getParameter("direction").trim(); - } - - - int top=0, bottom=0; - - try { - String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); - if (top_s == null) top_s = "0"; - - String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); - if (bottom_s == null) bottom_s = "0"; - - if (top_s.trim().startsWith("0x")) { - top = Integer.parseInt(top_s.trim().substring(2), 16); - } else { - top = Integer.parseInt(top_s.trim()); - } - if (bottom_s.trim().startsWith("0x")) { - bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); - } else { - bottom = Integer.parseInt(bottom_s.trim()); - } - - } catch (NumberFormatException e) { - - } - - // avoid NumberFormatException to the user interface - int maxCount = 10; - try { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); - } catch (Exception e) { - } + CMS.debug("in QueryReq servlet"); + + // Authentication / Authorization + + HttpServletRequest req = cmsReq.getHttpReq(); + IAuthToken authToken = authenticate(cmsReq); + AuthzToken authzToken = null; + + try { + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + try { + // if get a EBaseException we just throw it. + form = getTemplate(mFormPath, req, locale); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + + /** + * WARNING: + * + * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. + * + **/ + String filter = null; + String reqState = req.getParameter("reqState"); + String reqType = req.getParameter("reqType"); + + if (reqState == null || reqType == null) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL) && reqType.equals(IN_SHOW_ALL)) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL)) { + filter = getRequestType(reqType); + } else if (reqType.equals(IN_SHOW_ALL)) { + filter = getRequestState(reqState); + } else { + filter = "(&" + getRequestState(reqState) + getRequestType(reqType) + + ")"; + } + + String direction = "begin"; + if (req.getParameter("direction") != null) { + direction = req.getParameter("direction").trim(); + } + + int top = 0, bottom = 0; + + try { + String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); + if (top_s == null) + top_s = "0"; + + String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); + if (bottom_s == null) + bottom_s = "0"; + + if (top_s.trim().startsWith("0x")) { + top = Integer.parseInt(top_s.trim().substring(2), 16); + } else { + top = Integer.parseInt(top_s.trim()); + } + if (bottom_s.trim().startsWith("0x")) { + bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); + } else { + bottom = Integer.parseInt(bottom_s.trim()); + } + + } catch (NumberFormatException e) { + + } + + // avoid NumberFormatException to the user interface + int maxCount = 10; + try { + maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + } catch (Exception e) { + } if (maxCount > mMaxReturns) { - CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns); + CMS.debug("Resetting page size from " + maxCount + " to " + + mMaxReturns); maxCount = mMaxReturns; } - HttpServletResponse resp = cmsReq.getHttpResp(); - CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom ); - - - argset.getFixed().addStringValue("reqType",reqType); + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, + direction, top, bottom); + + argset.getFixed().addStringValue("reqType", reqType); argset.getFixed().addStringValue("reqState", reqState); - argset.getFixed().addIntegerValue("maxCount",maxCount); - - - try { - form.getOutput(argset); - resp.setContentType("text/html"); - form.renderOutput(resp.getOutputStream(), argset); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - return; + argset.getFixed().addIntegerValue("maxCount", maxCount); + + try { + form.getOutput(argset); + resp.setContentType("text/html"); + form.renderOutput(resp.getOutputStream(), argset); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + cmsReq.setStatus(CMSRequest.SUCCESS); + return; } private static String makeRequestStatusEq(RequestStatus s) { @@ -369,200 +361,197 @@ public class QueryReq extends CMSServlet { /** * Perform search based on direction button pressed - * @param filter ldap filter indicating which VLV to search through. This can be - * 'all requests', 'pending', etc + * + * @param filter ldap filter indicating which VLV to search through. This + * can be 'all requests', 'pending', etc * @param count the number of requests to show per page - * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end) - * @param top the number of the request shown on at the top of the current page - * @param bottom the number of the request shown on at the bottom of the current page - * @return + * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to + * end) + * @param top the number of the request shown on at the top of the current + * page + * @param bottom the number of the request shown on at the bottom of the + * current page + * @return */ - - private CMSTemplateParams doSearch(Locale l, String filter, - int count, String direction, int top, int bottom) - { - CMSTemplateParams ctp = null; - if (direction.equals("previous")) { - ctp = doSearch(l, filter, -count, top-1); - } else if (direction.equals("next")) { - ctp = doSearch(l,filter, count, bottom+1); - } else if (direction.equals("begin")) { - ctp = doSearch(l,filter, count, 0); - } else if (direction.equals("first")) { - ctp = doSearch(l,filter, count, bottom); - } else { // if 'direction is 'end', default here - ctp = doSearch(l,filter, -count, -1); - } - return ctp; + + private CMSTemplateParams doSearch(Locale l, String filter, int count, + String direction, int top, int bottom) { + CMSTemplateParams ctp = null; + if (direction.equals("previous")) { + ctp = doSearch(l, filter, -count, top - 1); + } else if (direction.equals("next")) { + ctp = doSearch(l, filter, count, bottom + 1); + } else if (direction.equals("begin")) { + ctp = doSearch(l, filter, count, 0); + } else if (direction.equals("first")) { + ctp = doSearch(l, filter, count, bottom); + } else { // if 'direction is 'end', default here + ctp = doSearch(l, filter, -count, -1); + } + return ctp; } - - - - /** - * - * @param locale - * @param filter the types of requests to return - this must match the VLV index - * @param count maximum number of records to return - * @param marker indication of the request ID where the page is anchored - * @return - */ - - private CMSTemplateParams doSearch( - Locale locale, - String filter, - int count, - int marker) { - - IArgBlock header = CMS.createArgBlock(); - IArgBlock context = CMS.createArgBlock(); - CMSTemplateParams argset = new CMSTemplateParams(header, context); - - try { - long startTime = CMS.getCurrentDate().getTime(); - // preserve the type of request that we are - // requesting. - - header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); - header.addStringValue(OUT_REQUESTING_USER, "admin"); - - - boolean jumptoend = false; - if (marker == -1) { - marker = 0; // I think this is inconsequential - jumptoend = true; // override to '99' during search - } - - RequestId id = new RequestId(Integer.toString(marker)); - IRequestVirtualList list = mQueue.getPagedRequestsByFilter( - id, - jumptoend, - filter, - count+1, - "requestId"); - - int totalCount = list.getSize() - list.getCurrentIndex(); - header.addIntegerValue(OUT_TOTALCOUNT, totalCount); - header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); - - int numEntries = list.getSize() - list.getCurrentIndex(); - - Vector v = fetchRecords(list,Math.abs(count)); - v = normalizeOrder(v); - trim(v,id); - - - int currentCount = 0; - int curNum = 0; - int firstNum = -1; - Enumeration requests = v.elements(); - - while (requests.hasMoreElements()) { - IRequest request = null; - try { - request = (IRequest) requests.nextElement(); - } catch (Exception e) { - CMS.debug("Error displaying request:"+e.getMessage()); - // handled below - } - if (request == null) { - log(ILogger.LL_WARN, "Error display request on page"); - continue; - } - - curNum = Integer.parseInt( - request.getRequestId().toString()); - - if (firstNum == -1) { - firstNum = curNum; - } - - IArgBlock rec = CMS.createArgBlock(); - mParser.fillRequestIntoArg(locale, request, argset, rec); - mQueue.releaseRequest(request); - argset.addRepeatRecord(rec); - - currentCount++; - - }// while - long endTime = CMS.getCurrentDate().getTime(); - - header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); - header.addStringValue("time", Long.toString(endTime - startTime)); - header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); - header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } catch (Exception e) { - } - return argset; - + + /** + * + * @param locale + * @param filter the types of requests to return - this must match the VLV + * index + * @param count maximum number of records to return + * @param marker indication of the request ID where the page is anchored + * @return + */ + + private CMSTemplateParams doSearch(Locale locale, String filter, int count, + int marker) { + + IArgBlock header = CMS.createArgBlock(); + IArgBlock context = CMS.createArgBlock(); + CMSTemplateParams argset = new CMSTemplateParams(header, context); + + try { + long startTime = CMS.getCurrentDate().getTime(); + // preserve the type of request that we are + // requesting. + + header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); + header.addStringValue(OUT_REQUESTING_USER, "admin"); + + boolean jumptoend = false; + if (marker == -1) { + marker = 0; // I think this is inconsequential + jumptoend = true; // override to '99' during search + } + + RequestId id = new RequestId(Integer.toString(marker)); + IRequestVirtualList list = mQueue.getPagedRequestsByFilter(id, + jumptoend, filter, count + 1, "requestId"); + + int totalCount = list.getSize() - list.getCurrentIndex(); + header.addIntegerValue(OUT_TOTALCOUNT, totalCount); + header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); + + int numEntries = list.getSize() - list.getCurrentIndex(); + + Vector v = fetchRecords(list, Math.abs(count)); + v = normalizeOrder(v); + trim(v, id); + + int currentCount = 0; + int curNum = 0; + int firstNum = -1; + Enumeration requests = v.elements(); + + while (requests.hasMoreElements()) { + IRequest request = null; + try { + request = (IRequest) requests.nextElement(); + } catch (Exception e) { + CMS.debug("Error displaying request:" + e.getMessage()); + // handled below + } + if (request == null) { + log(ILogger.LL_WARN, "Error display request on page"); + continue; + } + + curNum = Integer.parseInt(request.getRequestId().toString()); + + if (firstNum == -1) { + firstNum = curNum; + } + + IArgBlock rec = CMS.createArgBlock(); + mParser.fillRequestIntoArg(locale, request, argset, rec); + mQueue.releaseRequest(request); + argset.addRepeatRecord(rec); + + currentCount++; + + }// while + long endTime = CMS.getCurrentDate().getTime(); + + header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); + header.addStringValue("time", Long.toString(endTime - startTime)); + header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); + header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); + + } catch (EBaseException e) { + header.addStringValue(OUT_ERROR, e.toString(locale)); + } catch (Exception e) { + } + return argset; + } /** * If the vector contains the marker element at the end, remove it. - * @param v The vector to trim - * @param marker the marker to look for. + * + * @param v The vector to trim + * @param marker the marker to look for. + */ + private void trim(Vector v, RequestId marker) { + int i = v.size() - 1; + if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) { + v.remove(i); + } + + } + + /** + * Sometimes the list comes back from LDAP in reverse order. This function + * makes sure the results are in 'forward' order. + * + * @param list + * @return */ - private void trim(Vector v, RequestId marker) { - int i = v.size()-1; - if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) { - v.remove(i); - } - - } - - /** - * Sometimes the list comes back from LDAP in reverse order. This function makes - * sure the results are in 'forward' order. - * @param list - * @return - */ private Vector fetchRecords(IRequestVirtualList list, int maxCount) { - - Vector v = new Vector(); - int count = list.getSize(); - int c=0; - for (int i=0; i<count; i++) { - IRequest request = list.getElementAt(i); - if (request != null) { - v.add(request); - c++; - } - if (c >= maxCount) break; - } - - return v; + + Vector v = new Vector(); + int count = list.getSize(); + int c = 0; + for (int i = 0; i < count; i++) { + IRequest request = list.getElementAt(i); + if (request != null) { + v.add(request); + c++; + } + if (c >= maxCount) + break; + } + + return v; } /** * If the requests are in backwards order, reverse the list + * * @param list * @return */ private Vector normalizeOrder(Vector list) { - - int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) - .getRequestId().toString()); - int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list - .size() - 1)).getRequestId().toString()); - boolean reverse = false; - if (firstrequestnum > lastrequestnum) { - reverse = true; // if the order is backwards, place items at the beginning - } - Vector v = new Vector(); - int count = list.size(); - for (int i = 0; i < count; i++) { - Object request = list.elementAt(i); - if (request != null) { - if (reverse) - v.add(0, request); - else - v.add(request); - } - } - - return v; + + int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) + .getRequestId().toString()); + int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list + .size() - 1)).getRequestId().toString()); + boolean reverse = false; + if (firstrequestnum > lastrequestnum) { + reverse = true; // if the order is backwards, place items at the + // beginning + } + Vector v = new Vector(); + int count = list.size(); + for (int i = 0; i < count; i++) { + Object request = list.elementAt(i); + if (request != null) { + if (reverse) + v.add(0, request); + else + v.add(request); + } + } + + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java index 29414ca5b..e37e4c768 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -26,11 +25,10 @@ import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** * A class representing a request parser. * <P> - * + * * @version $Revision$, $Date$ */ public class ReqParser implements IReqParser { @@ -50,30 +48,28 @@ public class ReqParser implements IReqParser { /** * Maps request object into argument block. */ - public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + public void fillRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { arg.addStringValue(TYPE, req.getRequestType()); - arg.addLongValue("seqNum", - Long.parseLong(req.getRequestId().toString())); - arg.addStringValue(STATUS, - req.getRequestStatus().toString()); - arg.addLongValue(CREATE_ON, - req.getCreationTime().getTime() / 1000); - arg.addLongValue(UPDATE_ON, - req.getModificationTime().getTime() / 1000); + arg.addLongValue("seqNum", + Long.parseLong(req.getRequestId().toString())); + arg.addStringValue(STATUS, req.getRequestStatus().toString()); + arg.addLongValue(CREATE_ON, req.getCreationTime().getTime() / 1000); + arg.addLongValue(UPDATE_ON, req.getModificationTime().getTime() / 1000); String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY); - if (updatedBy == null) updatedBy = ""; + if (updatedBy == null) + updatedBy = ""; arg.addStringValue(UPDATE_BY, updatedBy); SessionContext ctx = SessionContext.getContext(); - String id = (String) ctx.get(SessionContext.USER_ID); + String id = (String) ctx.get(SessionContext.USER_ID); arg.addStringValue("callerName", id); - + String owner = req.getRequestOwner(); - if (owner != null) + if (owner != null) arg.addStringValue("assignedTo", owner); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java index 04b21440c..917fdd403 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SearchReqs extends CMSServlet { @@ -90,8 +88,9 @@ public class SearchReqs extends CMSServlet { } /** - * initialize the servlet. This servlet uses queryReq.template - * to render the response + * initialize the servlet. This servlet uses queryReq.template to render the + * response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -105,7 +104,8 @@ public class SearchReqs extends CMSServlet { if (authConfig != null) { try { - mMaxReturns = authConfig.getInteger(PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); + mMaxReturns = authConfig.getInteger( + PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); } catch (EBaseException e) { // do nothing } @@ -120,7 +120,8 @@ public class SearchReqs extends CMSServlet { /* Server-Side time limit */ try { - int maxResults = Integer.parseInt(sc.getInitParameter("maxResults")); + int maxResults = Integer + .parseInt(sc.getInitParameter("maxResults")); if (maxResults < mMaxReturns) mMaxReturns = maxResults; } catch (Exception e) { @@ -154,10 +155,8 @@ public class SearchReqs extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? - * [maxCount=<number>] - * [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? [maxCount=<number>] [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -168,14 +167,14 @@ public class SearchReqs extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -198,10 +197,10 @@ public class SearchReqs extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -214,11 +213,13 @@ public class SearchReqs extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, req.getParameter("queryRequestFilter"), authToken, - maxResults, timeLimit, req, resp, locale[0]); + process(argSet, header, req.getParameter("queryRequestFilter"), + authToken, maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -229,33 +230,32 @@ public class SearchReqs extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, IAuthToken token, - int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, IAuthToken token, int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -272,25 +272,27 @@ public class SearchReqs extends CMSServlet { } else { if (owner.equals("self")) { String self_uid = token.getInString(IAuthToken.USER_ID); - requestowner_filter = "(requestowner="+self_uid+")"; + requestowner_filter = "(requestowner=" + self_uid + ")"; } else { String uid = req.getParameter("uid"); - requestowner_filter = "(requestowner="+uid+")"; + requestowner_filter = "(requestowner=" + uid + ")"; } - newfilter = "(&"+requestowner_filter+filter.substring(2); + newfilter = "(&" + requestowner_filter + filter.substring(2); } // xxx the filter includes serial number range??? if (maxResults == -1 || maxResults > mMaxReturns) { - CMS.debug("Resetting maximum of returned results from " + maxResults + " to " + mMaxReturns); + CMS.debug("Resetting maximum of returned results from " + + maxResults + " to " + mMaxReturns); maxResults = mMaxReturns; } if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + + mTimeLimits); timeLimit = mTimeLimits; } - IRequestList list = (timeLimit > 0) ? - mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) : - mQueue.listRequestsByFilter(newfilter, maxResults); + IRequestList list = (timeLimit > 0) ? mQueue.listRequestsByFilter( + newfilter, maxResults, timeLimit) : mQueue + .listRequestsByFilter(newfilter, maxResults); int count = 0; @@ -305,7 +307,8 @@ public class SearchReqs extends CMSServlet { long endTime = CMS.getCurrentDate().getTime(); header.addIntegerValue(OUT_CURRENTCOUNT, count); - header.addStringValue("time", Long.toString(endTime - startTime)); + header.addStringValue("time", + Long.toString(endTime - startTime)); } } header.addIntegerValue(OUT_TOTALCOUNT, count); @@ -323,7 +326,8 @@ public class SearchReqs extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); |