diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms')
116 files changed, 1039 insertions, 444 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java index e9b1fb3d0..eaaea5efe 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java @@ -193,9 +193,11 @@ class AVAPattern { in.read() != 'd' || in.read() != 'n' || in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } StringBuffer rdnNumberBuf = new StringBuffer(); @@ -214,11 +216,13 @@ class AVAPattern { String rdnNumber = rdnNumberBuf.toString().trim(); if (rdnNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; } catch (NumberFormatException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $rdn number in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $rdn number in ava pattern")); } return; } @@ -242,7 +246,8 @@ class AVAPattern { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } if (c != '=') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Missing \"=\" in ava pattern")); // read value //System.out.println("reading value"); @@ -257,7 +262,8 @@ class AVAPattern { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString())); } if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "no value after = in ava pattern")); if (c == '$') { // check for $dn or $attr @@ -304,7 +310,8 @@ class AVAPattern { //System.out.println("----- attrName "+attrName); if (attrName.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "attribute name expected")); try { ObjectIdentifier attrOid = mLdapDNStrConverter.parseAVAKeyword(attrName); diff --git a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java index c699be925..0e747dbe2 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java +++ b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java @@ -158,8 +158,10 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, static { mExtendedPluginInfo = new Vector(); - mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT + - ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\""); + mExtendedPluginInfo + .add(IExtendedPluginInfo.HELP_TEXT + + + ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\""); mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN + ";configuration-authentication"); } @@ -231,7 +233,8 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, * If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken */ - public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException { + public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditReqType = ILogger.UNIDENTIFIED; @@ -836,7 +839,8 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); // if this cert is the signer cert, not a cert in the chain - if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) + if (new String(issuerB).equals(new String( + ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java index d2142ea3a..028cea376 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java +++ b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java @@ -210,7 +210,8 @@ public class FlatFileAuth CMS.debug("FlatFileAuth: " + CMS.getLogMessage("CMS_AUTH_READ_ENTRIES", mFilename)); // printAllEntries(); } catch (IOException e) { - throw new EBaseException(mName + " authentication: Could not open file " + mFilename + " (" + e.getMessage() + ")"); + throw new EBaseException(mName + " authentication: Could not open file " + mFilename + " (" + + e.getMessage() + ")"); } catch (java.lang.StringIndexOutOfBoundsException ee) { CMS.debug("FlatFileAuth: " + CMS.getLogMessage("OPERATION_ERROR", ee.toString())); } diff --git a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java index ac13a02fd..e2c3ec871 100644 --- a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java +++ b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java @@ -202,11 +202,13 @@ public class PortalEnroll extends DirBasedAuthentication { if (res.hasMoreElements()) { LDAPEntry entry = (LDAPEntry) res.nextElement(); - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "UID already exists.")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", + "UID already exists.")); } else { dn = regist(token, uid); if (dn == null) - throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Could not add user " + uid + ".")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", + "Could not add user " + uid + ".")); } // bind as user dn and pwd - authenticates user with pwd. @@ -225,8 +227,10 @@ public class PortalEnroll extends DirBasedAuthentication { switch (e.getLDAPResultCode()) { case LDAPException.NO_SUCH_OBJECT: case LDAPException.LDAP_PARTIAL_RESULTS: - log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort()))); - throw new EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail.")); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort()))); + throw new EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", + "Check Configuration detail.")); case LDAPException.INVALID_CREDENTIALS: log(ILogger.LL_SECURITY, diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java index 19b6180dc..f3aa5180b 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java @@ -139,7 +139,8 @@ public class CMSAuthInfoAccessExtension accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; } URIName uriName = new URIName(accessLocation); - authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName(uriName)); + authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName( + uriName)); } } } diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java index 89ededb65..96d73d4c4 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java @@ -122,7 +122,8 @@ public class CMSAuthorityKeyIdentifierExtension gNames.addElement(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getX500Name()); authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, null, gNames, - new SerialNumber(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().getSerialNumber())); + new SerialNumber(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()) + .getCACert().getSerialNumber())); } } catch (IOException e) { diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java index 68d6128d3..02556d495 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java @@ -87,9 +87,11 @@ public class CMSCertificateIssuerExtension try { nameType = config.getString("nameType" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); } if (nameType != null) { @@ -98,9 +100,11 @@ public class CMSCertificateIssuerExtension try { name = config.getString("name" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); } if (name != null && name.length() > 0) { @@ -156,7 +160,8 @@ public class CMSCertificateIssuerExtension try { nameType = config.getString("nameType" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); } @@ -172,7 +177,8 @@ public class CMSCertificateIssuerExtension try { name = config.getString("name" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); } diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java index 45aa5038f..199d32f95 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java @@ -119,7 +119,8 @@ public class CMSHoldInstructionExtension } if (instruction != null) { if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE) || - instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) { + instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || instruction + .equalsIgnoreCase(PROP_INSTR_REJECT))) { instruction = PROP_INSTR_NONE; } } else { diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java index 204048c9a..183de1b43 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java @@ -73,7 +73,8 @@ public class CMSIssuerAlternativeNameExtension GeneralNames names = null; try { - names = (GeneralNames) ((IssuerAlternativeNameExtension) ext).get(IssuerAlternativeNameExtension.ISSUER_NAME); + names = (GeneralNames) ((IssuerAlternativeNameExtension) ext) + .get(IssuerAlternativeNameExtension.ISSUER_NAME); issuerAltNameExt = new IssuerAlternativeNameExtension(Boolean.valueOf(critical), names); } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString())); @@ -102,9 +103,11 @@ public class CMSIssuerAlternativeNameExtension try { nameType = config.getString("nameType" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString())); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); } if (nameType != null && nameType.length() > 0) { @@ -113,9 +116,11 @@ public class CMSIssuerAlternativeNameExtension try { name = config.getString("name" + i); } catch (EPropertyNotFound e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", + Integer.toString(i), e.toString())); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); } if (name != null && name.length() > 0) { diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java index 4a3b3cb0d..143e59d8d 100644 --- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java @@ -816,7 +816,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { try { pushSignature(); } catch (ELogException le) { - ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName, le.toString()))); + ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName, + le.toString()))); } } @@ -1019,7 +1020,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { } } } catch (IOException e) { - ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_WRITE_FAILED", mFileName, entry, e.toString()))); + ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_WRITE_FAILED", mFileName, entry, + e.toString()))); if (mLogSigning) { // Failed to write to audit log, shut down CMS e.printStackTrace(); @@ -1453,7 +1455,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) { String[] params = { - PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", + PROP_TYPE + + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", PROP_ON + ";boolean;Turn on the listener", PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + ILogger.LL_INFO_STRING + "," + @@ -1461,10 +1464,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ILogger.LL_FAILURE_STRING + "," + ILogger.LL_MISCONF_STRING + "," + ILogger.LL_CATASTRPHE_STRING + "," + - ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", + ILogger.LL_SECURITY_STRING + + ");Only log message with level higher than this filter will be written by this listener", PROP_FILE_NAME + ";string;The name of the file the log is written to", PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", - PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", + PROP_FLUSH_INTERVAL + + ";integer;The maximum time in seconds before the buffer is flushed to the file", IExtendedPluginInfo.HELP_TOKEN + ";configuration-logrules-logfile", IExtendedPluginInfo.HELP_TEXT + @@ -1473,7 +1478,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ";boolean;Enable audit logs to be signed", PROP_SIGNED_AUDIT_CERT_NICKNAME + ";string;The nickname of the certificate to be used to sign audit logs", - PROP_SIGNED_AUDIT_EVENTS + + PROP_SIGNED_AUDIT_EVENTS + + ";string;A comma-separated list of strings used to specify particular signed audit log events", }; @@ -1482,7 +1488,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { // mType.equals( ILogger.PROP_AUDIT ) || // mType.equals( ILogger.PROP_SYSTEM ) String[] params = { - PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", + PROP_TYPE + + ";choice(transaction,signedAudit,system);The log event type this instance is listening to", PROP_ON + ";boolean;Turn on the listener", PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," + ILogger.LL_INFO_STRING + "," + @@ -1490,10 +1497,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { ILogger.LL_FAILURE_STRING + "," + ILogger.LL_MISCONF_STRING + "," + ILogger.LL_CATASTRPHE_STRING + "," + - ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener", + ILogger.LL_SECURITY_STRING + + ");Only log message with level higher than this filter will be written by this listener", PROP_FILE_NAME + ";string;The name of the file the log is written to", PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)", - PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file", + PROP_FLUSH_INTERVAL + + ";integer;The maximum time in seconds before the buffer is flushed to the file", IExtendedPluginInfo.HELP_TOKEN + ";configuration-logrules-logfile", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java index 967c79038..783534485 100644 --- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java @@ -423,7 +423,8 @@ public class RollingLogFile extends LogFile { rotate(); } catch (IOException e) { ConsoleError.send(new - SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString()))); + SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), + e.toString()))); break; } } @@ -618,9 +619,12 @@ public class RollingLogFile extends LogFile { if (!p[i].startsWith(IExtendedPluginInfo.HELP_TOKEN) && !p[i].startsWith(IExtendedPluginInfo.HELP_TEXT)) info.addElement(p[i]); } - info.addElement(PROP_MAX_FILE_SIZE + ";integer;If the current log file size if bigger than this parameter in kilobytes(KB), the file will be rotated."); - info.addElement(PROP_ROLLOVER_INTERVAL + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated."); - info.addElement(PROP_EXPIRATION_TIME + ";integer;The amount of time before a backed up log is removed in seconds"); + info.addElement(PROP_MAX_FILE_SIZE + + ";integer;If the current log file size if bigger than this parameter in kilobytes(KB), the file will be rotated."); + info.addElement(PROP_ROLLOVER_INTERVAL + + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated."); + info.addElement(PROP_EXPIRATION_TIME + + ";integer;The amount of time before a backed up log is removed in seconds"); info.addElement(IExtendedPluginInfo.HELP_TOKEN + //";configuration-logrules-rollinglogfile"); ";configuration-adminbasics"); diff --git a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java index 328725e2f..3c2e14b22 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java @@ -124,9 +124,11 @@ public class DefStore implements IDefStore, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { Vector v = new Vector(); - v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD")); + v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD")); v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME")); - v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE")); + v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE")); v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC")); v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); diff --git a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java index 83ec664bf..6fa3d300c 100644 --- a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java +++ b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java @@ -112,12 +112,15 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { Vector v = new Vector(); - v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD")); - v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE")); + v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD")); + v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE")); v.addElement(PROP_NUM_CONNS + ";number; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NUM_CONNS")); v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_BY_NAME")); v.addElement(PROP_CRL_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR")); - v.addElement(PROP_CA_CERT_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR")); + v.addElement(PROP_CA_CERT_ATTR + ";string; " + + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR")); v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC")); v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore"); return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java index b9a6e24ad..5ad1f6c49 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java @@ -193,7 +193,9 @@ public class DSAKeyConstraints extends APolicyRule Object[] params = new Object[] { getInstanceName(), String.valueOf(i + 1) }; - setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEY_PARAMS", getInstanceName(), String.valueOf(i + 1)), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_NO_KEY_PARAMS", getInstanceName(), String.valueOf(i + 1)), + ""); return PolicyResult.REJECTED; } BigInteger p = keyParams.getP(); diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java index f79688f4a..09feb2766 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java @@ -65,7 +65,8 @@ public class IssuerConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_ISSUER_DN + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here", + PROP_ISSUER_DN + + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-issuerconstraints", IExtendedPluginInfo.HELP_TEXT + @@ -131,7 +132,8 @@ public class IssuerConstraints extends APolicyRule log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); CMS.debug( - NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString); + NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + + "; expected issuerDN = " + mIssuerDNString); } } else { @@ -167,7 +169,8 @@ public class IssuerConstraints extends APolicyRule getInstanceName()), ""); result = PolicyResult.REJECTED; log(ILogger.LL_FAILURE, - NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString); + NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + + "; expected issuerDN = " + mIssuerDNString); } } } diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java index 499e2663b..8b7f90202 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java @@ -77,7 +77,8 @@ public class RenewalConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to renew an already-expired certificate", - PROP_RENEWAL_NOT_AFTER + ";number;Number of days since certificate expiry after which renewal request would be rejected", + PROP_RENEWAL_NOT_AFTER + + ";number;Number of days since certificate expiry after which renewal request would be rejected", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-renewalconstraints", IExtendedPluginInfo.HELP_TEXT + @@ -164,7 +165,8 @@ public class RenewalConstraints extends APolicyRule if (renewedNotAfter.before(now)) { CMS.debug( - "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days"); + "One or more certificates is expired for more than " + + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days"); String params[] = { getInstanceName(), Long.toString(mRenewalNotAfter / DAYS_TO_MS_FACTOR) }; setError(req, diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java index b3f9298cb..b65e97773 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java @@ -88,7 +88,8 @@ public class RenewalValidityConstraints extends APolicyRule String[] params = { PROP_MIN_VALIDITY + ";number;Specifies the minimum validity period, in days, for renewed certificates.", PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.", - PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.", + PROP_RENEWAL_INTERVAL + + ";number;Specifies how many days before its expiration that a certificate can be renewed.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-renewalvalidityconstraints", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java index b8ffa86ea..94a4ebda9 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java @@ -374,7 +374,9 @@ public class SigningAlgorithmConstraints extends APolicyRule String[] params = null; String[] params_BOTH = { - PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," + + PROP_ALGORITHMS + ";" + + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," + + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," + "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," + diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java index 0cec678cd..ae3d66a1f 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java @@ -152,7 +152,10 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli if (certSubjectName.equalsIgnoreCase(mIssuerNameStr)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_SUBJECT_NAME_EXIST_1", mIssuerNameStr)); - setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", NAME + ":" + "Same As Issuer Name " + mIssuerNameStr), ""); + setError( + req, + CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", NAME + ":" + "Same As Issuer Name " + + mIssuerNameStr), ""); result = PolicyResult.REJECTED; } } diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java index f1df2bb5e..f4b3367b8 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java @@ -85,8 +85,10 @@ public class UniqueSubjectNameConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_PRE_AGENT_APPROVAL_CHECKING + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)", - PROP_KEY_USAGE_EXTENSION_CHECKING + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs", + PROP_PRE_AGENT_APPROVAL_CHECKING + + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)", + PROP_KEY_USAGE_EXTENSION_CHECKING + + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-uniquesubjectname", IExtendedPluginInfo.HELP_TEXT + @@ -117,11 +119,13 @@ public class UniqueSubjectNameConstraints extends APolicyRule if (certAuthority == null) { // should never get here. log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager or Registration Manager")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + "Cannot find the Certificate Manager or Registration Manager")); } if (!(certAuthority instanceof ICertificateAuthority)) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + "Cannot find the Certificate Manager")); } mCA = (ICertificateAuthority) certAuthority; @@ -186,7 +190,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule ICertRecord rec = (ICertRecord) matched.nextElement(); String status = rec.getStatus(); - if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { + if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) + || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { // accept this only if we have a REVOKED, // EXPIRED or REVOKED_EXPIRED certificate continue; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java index 023d704fb..059782570 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java @@ -116,9 +116,16 @@ public class AuthInfoAccessExt extends APolicyRule implements ";configuration-policyrules-authinfoaccess"); for (int i = 0; i < MAX_AD; i++) { - v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD + ";string;" + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)"); - v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION_TYPE + ";" + IGeneralNameUtil.GENNAME_CHOICE_INFO); - v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO); + v.addElement(PROP_AD + + Integer.toString(i) + + "_" + + PROP_METHOD + + ";string;" + + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)"); + v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION_TYPE + ";" + + IGeneralNameUtil.GENNAME_CHOICE_INFO); + v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION + ";" + + IGeneralNameUtil.GENNAME_VALUE_INFO); } return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java index 545d972dc..12f2a74ff 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java @@ -331,7 +331,8 @@ public class BasicConstraintsExt extends APolicyRule if (mMaxPathLen > -1) { if (pathLen > mMaxPathLen || pathLen < 0) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen))); + CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", + String.valueOf(pathLen))); if (pathLen < 0) setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG", NAME, "unlimited", Integer.toString(mMaxPathLen)), ""); @@ -489,7 +490,8 @@ public class BasicConstraintsExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_MAXPATHLEN + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.", + PROP_MAXPATHLEN + + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.", PROP_IS_CRITICAL + ";boolean;" + "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.", PROP_IS_CA + ";boolean;" + diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java index cc8753cee..4ba2a44dc 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java @@ -174,18 +174,25 @@ public class CRLDistributionPointsExt extends APolicyRule "The type of the CRL distribution point."); v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" + "The name of the CRL distribution point depending on the CRLDP type."); - v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" + + v.addElement(PROP_REASONS + + Integer.toString(i) + + ";string;" + + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" + "DirectoryName,URI);" + "The type of the issuer that has signed the CRL maintained at this distribution point."); - v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" + + v.addElement(PROP_ISSUER_NAME + + Integer.toString(i) + + ";string;" + + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); } v.addElement(PROP_NUM_POINTS + ";number;The total number of CRL distribution points to be contained or allowed in the extension."); - v.addElement(PROP_IS_CRITICAL + + v.addElement(PROP_IS_CRITICAL + + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-crldistributionpoints"); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java index 7a42cc6f1..76f4f04c7 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java @@ -281,7 +281,8 @@ public class CertificatePoliciesExt extends APolicyRule Vector theparams = new Vector(); theparams.addElement(PROP_CRITICAL + ";boolean;RFC 3280 recommendation: MUST be non-critical."); - theparams.addElement(PROP_NUM_CERTPOLICIES + ";number; Number of certificate policies. The value must be greater than or equal to 1"); + theparams.addElement(PROP_NUM_CERTPOLICIES + + ";number; Number of certificate policies. The value must be greater than or equal to 1"); for (int k = 0; k < 5; k++) { String certPolicykDot = PROP_CERTPOLICY + k + "."; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java index 37a11343b..305c11b2e 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java @@ -202,8 +202,10 @@ public class CertificateRenewalWindowExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.", - PROP_BEGIN_TIME + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", - PROP_END_TIME + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", + PROP_BEGIN_TIME + + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", + PROP_END_TIME + + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-certificaterenewalwindow", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java index bf89d486a..35e5be1ad 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java @@ -89,8 +89,10 @@ public class CertificateScopeOfUseExt extends APolicyRule implements for (int i = 0; i < MAX_ENTRY; i++) { v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO); - v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME_TYPE + ";" + IGeneralNameUtil.GENNAME_CHOICE_INFO); - v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_PORT_NUMBER + ";string;" + "The port number (optional)."); + v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME_TYPE + ";" + + IGeneralNameUtil.GENNAME_CHOICE_INFO); + v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_PORT_NUMBER + ";string;" + + "The port number (optional)."); } return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java index 4bba5d371..98ab09166 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java @@ -198,12 +198,16 @@ public class ExtendedKeyUsageExt extends APolicyRule } } for (int i = 0; i < mNum; i++) { - v.addElement(PROP_PURPOSE_ID + Integer.toString(i) + ";string;" + + v.addElement(PROP_PURPOSE_ID + + Integer.toString(i) + + ";string;" + + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99"); } v.addElement(PROP_NUM_IDS + ";number;The total number of policy IDs."); - v.addElement(PROP_CRITICAL + + v.addElement(PROP_CRITICAL + + ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical."); v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-extendedkeyusage"); diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java index 0ebe6c136..d8c176130 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java @@ -124,45 +124,195 @@ public class GenericASN1Ext extends APolicyRule implements PROP_OID + ";string;OID number for this extension. It should be unique.", PROP_PATTERN + ";string;Pattern for extension; {012}34", // Attribute 0 - PROP_ATTRIBUTE + "." + "0" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "0" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "0" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "0" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "0" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "0" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 1 - PROP_ATTRIBUTE + "." + "1" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "1" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "1" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "1" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "1" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "1" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 2 - PROP_ATTRIBUTE + "." + "2" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "2" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "2" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "2" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "2" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "2" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 3 - PROP_ATTRIBUTE + "." + "3" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "3" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "3" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "3" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "3" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "3" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 4 - PROP_ATTRIBUTE + "." + "4" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "4" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "4" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "4" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "4" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "4" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 5 - PROP_ATTRIBUTE + "." + "5" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "5" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "5" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "5" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "5" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "5" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 6 - PROP_ATTRIBUTE + "." + "6" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "6" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "6" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "6" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "6" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "6" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 7 - PROP_ATTRIBUTE + "." + "7" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "7" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "7" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "7" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "7" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "7" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 8 - PROP_ATTRIBUTE + "." + "8" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "8" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "8" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "8" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "8" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "8" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", // Attribute 9 - PROP_ATTRIBUTE + "." + "9" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", - PROP_ATTRIBUTE + "." + "9" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", - PROP_ATTRIBUTE + "." + "9" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", + PROP_ATTRIBUTE + + "." + + "9" + + "." + + PROP_TYPE + + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension", + PROP_ATTRIBUTE + + "." + + "9" + + "." + + PROP_SOURCE + + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.", + PROP_ATTRIBUTE + + "." + + "9" + + "." + + PROP_VALUE + + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-genericasn1ext", IExtendedPluginInfo.HELP_TEXT + @@ -329,7 +479,8 @@ public class GenericASN1Ext extends APolicyRule implements certInfo = ci[j]; if (certInfo == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", "")); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, "Configuration Info Error"); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, + "Configuration Info Error"); return PolicyResult.REJECTED; // unrecoverable error. } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java index 7dc35a1a0..e89aa8488 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java @@ -315,15 +315,24 @@ public class KeyUsageExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD be critical", - PROP_DIGITAL_SIGNATURE + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_NON_REPUDIATION + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_KEY_ENCIPHERMENT + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_DATA_ENCIPHERMENT + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_KEY_AGREEMENT + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_KEY_CERTSIGN + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_CRL_SIGN + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_ENCIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", - PROP_DECIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_DIGITAL_SIGNATURE + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_NON_REPUDIATION + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_KEY_ENCIPHERMENT + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_DATA_ENCIPHERMENT + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_KEY_AGREEMENT + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_KEY_CERTSIGN + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_CRL_SIGN + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_ENCIPHER_ONLY + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", + PROP_DECIPHER_ONLY + + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-keyusage", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java index a349d2868..ec0de7355 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java @@ -274,8 +274,10 @@ public class PolicyConstraintsExt extends APolicyRule String[] params = { PROP_CRITICAL + ";boolean;RFC 2459 recommendation: may be critical or non-critical.", - PROP_REQ_EXPLICIT_POLICY + ";integer;Number of addional certificates that may appear in the path before an explicit policy is required. If less than 0 this field is unset in the extension.", - PROP_INHIBIT_POLICY_MAPPING + ";integer;Number of addional certificates that may appear in the path before policy mapping is no longer permitted. If less than 0 this field is unset in the extension.", + PROP_REQ_EXPLICIT_POLICY + + ";integer;Number of addional certificates that may appear in the path before an explicit policy is required. If less than 0 this field is unset in the extension.", + PROP_INHIBIT_POLICY_MAPPING + + ";integer;Number of addional certificates that may appear in the path before policy mapping is no longer permitted. If less than 0 this field is unset in the extension.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-policyconstraints" }; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java index 2174485ff..22c2e85bc 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java @@ -296,7 +296,8 @@ public class PolicyMappingsExt extends APolicyRule Vector theparams = new Vector(); theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be non-critical."); - theparams.addElement(PROP_NUM_POLICYMAPPINGS + ";number; Number of policy mappings. The value must be greater than or equal to 1"); + theparams.addElement(PROP_NUM_POLICYMAPPINGS + + ";number; Number of policy mappings. The value must be greater than or equal to 1"); String policyInfo = ";string;An object identifier in the form n.n.n.n"; diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java index 1c2e89ff6..197d1585e 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java @@ -95,7 +95,8 @@ public class RemoveBasicConstraintsExt extends APolicyRule if (extensions != null) { try { extensions.delete(BasicConstraintsExtension.NAME); - CMS.debug("PolicyRule RemoveBasicConstraintsExt: removed the extension from request " + req.getRequestId().toString()); + CMS.debug("PolicyRule RemoveBasicConstraintsExt: removed the extension from request " + + req.getRequestId().toString()); } catch (IOException e) { } } diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java index 33a8c3719..86263e484 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java @@ -93,7 +93,8 @@ public class SubjAltNameExt extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_CRITICAL + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.", + PROP_CRITICAL + + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-subjaltname", IExtendedPluginInfo.HELP_TEXT + diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java index f74578394..9a54a7aad 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java @@ -306,7 +306,8 @@ public class SubjectAltNameExt extends APolicyRule // extended plugin info. Vector info = new Vector(); - info.addElement(PROP_CRITICAL + ";boolean;RFC2459 recommendation: If the certificate subject field contains an empty sequence, the extension MUST be marked critical."); + info.addElement(PROP_CRITICAL + + ";boolean;RFC2459 recommendation: If the certificate subject field contains an empty sequence, the extension MUST be marked critical."); info.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES_INFO); for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) { CMS.getSubjAltNameConfigExtendedPluginInfo( diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java index 26009141c..f7e18e8ca 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java @@ -236,7 +236,8 @@ public class SubjectDirectoryAttributesExt extends APolicyRule v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-subjectdirectoryattributes"); - v.addElement(IExtendedPluginInfo.HELP_TEXT + + v.addElement(IExtendedPluginInfo.HELP_TEXT + + ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments."); mEPI = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java index 2f95f91bc..0cba2f685 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java @@ -877,18 +877,22 @@ public abstract class BasicProfile implements IProfile { // noDefaultImpl, genericExtDefaultImpl if ((curDefaultClassId.equals(defaultClassId) && - !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT))) { + !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId + .equals(PROP_GENERIC_EXT_DEFAULT))) { matches++; if (createConfig) { if (matches == 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + + constraintClassId + " Contact System Administrator."); - throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); + throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + + constraintClassId); } } else { if (matches > 1) { - CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + + constraintClassId + " Contact System Administrator."); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index 44d7454e0..64abe57a5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -376,7 +376,8 @@ public abstract class EnrollProfile extends BasicProfile org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent(); + org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq + .getInterpretedContent(); org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); @@ -728,14 +729,16 @@ public abstract class EnrollProfile extends BasicProfile INTEGER num = (INTEGER) (bodyIds.elementAt(i)); if (num.toString().equals(reqId.toString())) { donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + " because LRA POP Witness control is found."); + CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + + " because LRA POP Witness control is found."); break; } } } if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + " because this request id is not part of the body list in LRA Pop witness control."); + CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + + " because this request id is not part of the body list in LRA Pop witness control."); verifyPOP(locale, crm); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java index f71d8b23a..8a00f3f32 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java @@ -89,8 +89,10 @@ public class ServerCertCAEnrollProfile extends CAEnrollProfile IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); defConfig4.putString("params.signingAlg", "-"); - defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4 + .putString( + "params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java index 34cd4bf54..69414707e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java @@ -93,8 +93,10 @@ public class UserCertCAEnrollProfile extends CAEnrollProfile IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); defConfig4.putString("params.signingAlg", "-"); - defConfig4.putString("params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4 + .putString( + "params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java index eb66783ec..8bc16544c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java @@ -55,13 +55,20 @@ public class KeyConstraint extends EnrollConstraint { public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA) public static final String CONFIG_KEY_PARAMETERS = "keyParameters"; - private static final String[] ecCurves = { "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2", - "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283", - "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571", - "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1", - "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "c2pnb163v1", - "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", - "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1", "sect113r2", + private static final String[] ecCurves = { "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", + "sect163r1", "sect163r2", + "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", + "sect283k1", "nistk283", + "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", + "sect571r1", "nistb571", + "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", + "nistp224", "secp256k1", + "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", + "prime239v2", "prime239v3", "c2pnb163v1", + "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", + "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", + "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", + "secp128r1", "secp128r2", "sect113r1", "sect113r2", "sect131r1", "sect131r2" }; diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java index 6dce4e6e7..8f78945f6 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java @@ -122,7 +122,8 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { Date current = CMS.getCurrentDate(); long millisDiff = origExpDate.getTime() - current.getTime(); - CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); + CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + + " current=" + current.getTime()); /* * "days", if positive, has to be less than renew_grace_before diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java index 2c5785501..2125bb81e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java @@ -144,7 +144,8 @@ public class SigningAlgConstraint extends EnrollConstraint { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", getConfig(CONFIG_ALGORITHMS_ALLOWED)); + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", + getConfig(CONFIG_ALGORITHMS_ALLOWED)); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java index 53fe471ae..abfef548d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java @@ -141,7 +141,8 @@ public class ValidityConstraint extends EnrollConstraint { } long millisDiff = notAfter.getTime() - notBefore.getTime(); - CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime()); + CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + + notBefore.getTime()); long long_days = (millisDiff / 1000) / 86400; CMS.debug("ValidityConstraint: long_days: " + long_days); int days = (int) long_days; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java index 1726ec6b1..c9ea70624 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java @@ -150,7 +150,8 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java index 4a5c72a15..6668ee823 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java @@ -172,7 +172,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + + CONFIG_USERNOTICE_NUMBERS); addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); } } @@ -301,23 +302,30 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = getPolicyId(policyId); - String qualifersNum = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); + String qualifersNum = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + + CONFIG_POLICY_QUALIFIERS_NUM); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); int num = 0; if (qualifersNum != null && qualifersNum.length() > 0) num = Integer.parseInt(qualifersNum); for (int j = 0; j < num; j++) { - String cpsuriEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE); - String usernoticeEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + String cpsuriEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_CPSURI_ENABLE); + String usernoticeEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE); + String cpsuri = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_CPSURI_VALUE); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) policyQualifiers.add(qualifierInfo); } else if (usernoticeEnable != null && enable.equals("true")) { - String org = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG); - String noticenumbers = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); - String explicitText = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); + String org = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_USERNOTICE_ORG); + String noticenumbers = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + String explicitText = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + + SEPARATOR + CONFIG_USERNOTICE_TEXT); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, noticenumbers, explicitText); if (qualifierInfo != null) @@ -447,7 +455,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + + CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); @@ -455,7 +464,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(""); sb.append("\n"); @@ -517,7 +527,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(":"); sb.append(org); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + + CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(noticeNum.toString()); sb.append("\n"); @@ -633,7 +644,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { if (enable != null && enable.equals("true")) { String policyId = substore.getString(CONFIG_POLICY_ID); CertificatePolicyId cpolicyId = getPolicyId(policyId); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " policyId=" + policyId); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " policyId=" + + policyId); int qualifierNum = getNumQualifiers(); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); for (int j = 0; j < qualifierNum; j++) { @@ -709,7 +721,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { CPSuri cpsURI = new CPSuri(uri); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, + cpsURI); return policyQualifierInfo2; } @@ -762,7 +775,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { userNotice = new UserNotice(noticeReference, explicitText); netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = - new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); + new netscape.security.x509.PolicyQualifierInfo( + netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); return policyQualifierInfo1; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java index e0f044351..d56eebc02 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java @@ -75,7 +75,8 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "RFC822Name", CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java index c40836518..c14f3239f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java @@ -183,7 +183,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", + return new Descriptor(IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", "RFC822Name", CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); @@ -404,7 +405,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } ; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), + sb.toString()); } /** @@ -467,7 +469,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { // function gname = mapPattern(randUUID.toString(), request, pattern); } else { //expand more server-gen types here - CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + source + ". Supported: UUID4"); + CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + + source + ". Supported: UUID4"); continue; } } else { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java index afc5f1f90..a145378ee 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java @@ -145,7 +145,8 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + return new Descriptor(IDescriptor.CHOICE, + "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", "URIName", CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java index 6e36302ed..476db0e02 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java @@ -379,11 +379,13 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist"); throw new EProfileException("screenname does not exist"); } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + request.getExtDataInString("aoluid")); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + + request.getExtDataInString("aoluid")); ; LDAPEntry entry = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + + " attributes"); LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", mLdapStringAttrs, false); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java index 8f9759417..bbb3369ce 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java @@ -406,10 +406,12 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist"); throw new EProfileException("id does not exist"); } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + searchName + " = " + request.getExtDataInString("uid")); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + searchName + " = " + + request.getExtDataInString("uid")); LDAPEntry entry = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes"); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + + mLdapStringAttrs.length + " attributes"); LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", mLdapStringAttrs, false); @@ -425,7 +427,8 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { entry.getAttribute(mLdapStringAttrs[i]); if (la != null) { String[] sla = la.getStringValueArray(); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + mLdapStringAttrs[i] + + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + + mLdapStringAttrs[i] + "=" + escapeValueRfc1779(sla[0], false).toString()); request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); } @@ -443,7 +446,8 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { if (conn != null) mConnFactory.returnConn(conn); } catch (Exception e) { - throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); + throw new EProfileException( + "nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); } } return sbjname; diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java index 0cb367031..7f70722d0 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java @@ -331,7 +331,8 @@ class AVAPattern { attrNumberBuf1.toString().trim(); if (attrNumber1.length() == 0) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req or $ext expected")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "nth element $req or $ext expected")); } try { diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java index 368143442..89f1ab8ee 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java @@ -231,7 +231,8 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) { try { createCAEntry(conn, dn); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java index a1f79a481..33c186c14 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java @@ -164,7 +164,8 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java index e12606b27..15f845cb6 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java @@ -233,7 +233,8 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); @@ -303,7 +304,8 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java index e2457b882..73549f1b5 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java @@ -285,7 +285,8 @@ public class LdapDNCompsMap // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java index 52074a939..5db61f94d 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java @@ -533,7 +533,8 @@ public class LdapEnhancedMap log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateEntry) { diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java index 2757bc588..4cb73e1d8 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java @@ -203,7 +203,8 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { LDAPEntry entry = results.next(); if (results.hasMoreElements()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); + log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req + .getRequestId().toString()))); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? "" : req.getRequestId().toString()))); } @@ -211,7 +212,8 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { return entry.getDN(); else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString()))); + CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId() + .toString()))); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", "null entry")); } @@ -223,7 +225,8 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java index 00ddbde57..076ba6b30 100644 --- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java +++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java @@ -192,9 +192,11 @@ class MapAVAPattern { in.read() != 'd' || in.read() != 'n' || in.read() != '.') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } catch (IOException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $ syntax, expecting $rdn")); } StringBuffer rdnNumberBuf = new StringBuffer(); @@ -214,11 +216,13 @@ class MapAVAPattern { String rdnNumber = rdnNumberBuf.toString().trim(); if (rdnNumber.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "$rdn number not set in ava pattern")); try { mElement = Integer.parseInt(rdnNumber) - 1; } catch (NumberFormatException e) { - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $rdn number in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Invalid $rdn number in ava pattern")); } return; } @@ -243,7 +247,8 @@ class MapAVAPattern { CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } if (c != '=') - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "Missing \"=\" in ava pattern")); // read value //System.out.println("reading value"); @@ -259,7 +264,8 @@ class MapAVAPattern { CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString())); } if (c == -1) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "no value after = in ava pattern")); if (c == '$') { // check for $subj $ext or $req @@ -323,7 +329,8 @@ class MapAVAPattern { //System.out.println("----- attrName "+attrName); if (attrName.length() == 0) - throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected")); + throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", + "attribute name expected")); mAttr = attrName; /* @@ -525,7 +532,8 @@ class MapAVAPattern { if (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) { try { GeneralNames subjectNames = (GeneralNames) - ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME); + ((SubjectAlternativeNameExtension) ext) + .get(SubjectAlternativeNameExtension.SUBJECT_NAME); if (subjectNames.size() == 0) break; diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java index aa49225c0..b8d6a8e54 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java @@ -94,17 +94,21 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo { public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_DIR + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", + PROP_DIR + + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).", PROP_DER + ";boolean;Store certificates or CRLs into *.der files.", PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.", - PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", - PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '" + PROP_DER + "' to be enabled.", + PROP_GMT + + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.", + PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '" + PROP_DER + + "' to be enabled.", PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.", PROP_ZIP + ";boolean;Generate compressed CRLs.", PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.", IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-publisher-filepublisher", - IExtendedPluginInfo.HELP_TEXT + + IExtendedPluginInfo.HELP_TEXT + + ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." }; diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java index ac1d26026..29b874a94 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java @@ -314,7 +314,8 @@ public class LdapCaCertPublisher // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString())); @@ -399,7 +400,8 @@ public class LdapCaCertPublisher // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CACERT_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java index 791b8acc9..e2c41a591 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java @@ -211,7 +211,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); @@ -325,7 +326,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java index 152a1efb6..624cb1478 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java @@ -289,7 +289,8 @@ public class LdapCertificatePairPublisher // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString())); throw new ELdapException("error publishing cross cert pair:" + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java index 07b62e900..7c069f398 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java @@ -285,7 +285,8 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString())); @@ -361,7 +362,8 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo { // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CRL_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java index 67f0fca90..337c5a383 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java @@ -168,7 +168,8 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); @@ -215,7 +216,8 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java index aa1a7ef75..8c74382a7 100644 --- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java +++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java @@ -205,7 +205,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString())); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString())); @@ -272,7 +273,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf // "DSA is unavailable" which confuses with DSA PKI. log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER")); - throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort())); + throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + + conn.getPort())); } else { log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR")); throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString())); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index 5b3a8c5a5..1d68d3bc4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -190,10 +190,12 @@ public class AdminServlet extends HttpServlet { } CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", mServletID)); } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP)); } } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); } } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java index ceffb7c28..d1924aa93 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java @@ -407,8 +407,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", + id)).toString(), null, resp); return; } @@ -709,8 +711,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -762,8 +766,10 @@ public class AuthAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (InstantiationException e) { @@ -777,8 +783,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (IllegalAccessException e) { @@ -792,8 +800,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } @@ -1011,8 +1021,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), null, resp); return; } @@ -1181,8 +1193,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + sendResponse( + ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", + id)).toString(), null, resp); return; } @@ -1330,8 +1344,10 @@ public class AuthAdminServlet extends AdminServlet { // does auth manager instance exist? if (mAuths.getInstances().containsKey(id) == false) { - sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), + sendResponse( + ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -1469,8 +1485,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -1546,8 +1564,10 @@ public class AuthAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (InstantiationException e) { @@ -1561,8 +1581,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (IllegalAccessException e) { @@ -1576,8 +1598,10 @@ public class AuthAdminServlet extends AdminServlet { audit(auditMessage); restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index 7faae935f..7f5a96e9d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -2072,7 +2072,8 @@ public final class CMSAdminServlet extends AdminServlet { // nickname). // - CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + + nicknameWithoutTokenName); try { jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, certType); @@ -2082,7 +2083,8 @@ public final class CMSAdminServlet extends AdminServlet { String eString = e.toString(); if (eString.contains("Failed to find certificate that was just imported")) { - CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + " TokenException: " + eString); + CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + + " TokenException: " + eString); X509Certificate cert = null; try { @@ -2109,7 +2111,8 @@ public final class CMSAdminServlet extends AdminServlet { } else { nickname = tokenName + ":" + newNickname; } - CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + nickname); + CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + + nickname); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java index b310f8c95..7ebb64af1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java @@ -290,7 +290,8 @@ public class JobsAdminServlet extends AdminServlet { // is the job plugin id unique? if (mJobsSched.getPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), + new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)) + .toString(), null, resp); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java index 95ed2361f..256792245 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java @@ -474,7 +474,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)) + .toString(), null, resp); return; } @@ -803,8 +804,10 @@ public class LogAdminServlet extends AdminServlet { audit(auditMessage); } - sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)) + .toString(), null, resp); return; } @@ -862,7 +865,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { @@ -880,7 +884,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { @@ -898,7 +903,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } @@ -1133,7 +1139,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -1296,7 +1303,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)).toString(), + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -1543,8 +1551,10 @@ public class LogAdminServlet extends AdminServlet { audit(auditMessage); } - sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); + sendResponse( + ERROR, + new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)) + .toString(), null, resp); return; } @@ -1812,7 +1822,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { @@ -1862,7 +1873,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { @@ -1912,7 +1924,8 @@ public class LogAdminServlet extends AdminServlet { } sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), + new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java index 99f619358..47771a190 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java @@ -1968,7 +1968,9 @@ public class ProfileAdminServlet extends AdminServlet { if (desc == null) { nvp.add(name, ";" + ";" + rule.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); + nvp.add(name, + desc.getSyntax() + ";" + ";" + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); @@ -2016,7 +2018,9 @@ public class ProfileAdminServlet extends AdminServlet { if (desc == null) { nvp.add(name, ";" + rule.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); + nvp.add(name, + desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java index 22aa306e5..e8d80640e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java @@ -353,8 +353,10 @@ public class PublisherAdminServlet extends AdminServlet { String epi[] = new String[] { "type;choice(cacert,crl,certs,xcert);The certType of the request", - "mapper;choice(" + map.toString() + ");Use the mapper to find the ldap dn to publish the certificate or crl", - "publisher;choice(" + publish.toString() + ");Use the publisher to publish the certificate or crl a directory etc", + "mapper;choice(" + map.toString() + + ");Use the mapper to find the ldap dn to publish the certificate or crl", + "publisher;choice(" + publish.toString() + + ");Use the publisher to publish the certificate or crl a directory etc", "enable;boolean;", "predicate;string;" }; @@ -713,7 +715,8 @@ public class PublisherAdminServlet extends AdminServlet { try { //certNickName = authInfo.getParms()[0]; certNickName = ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); + ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString( + ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory( certNickName)); CMS.debug("Publishing Test certNickName=" + certNickName); @@ -723,7 +726,8 @@ public class PublisherAdminServlet extends AdminServlet { } catch (Exception ex) { params.add(Constants.PR_CONN_INIT_FAIL, "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); + certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + + " exception: " + ex); params.add(Constants.PR_SAVE_NOT, "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + "Do you want to save the configuration anyway?"); @@ -735,7 +739,8 @@ public class PublisherAdminServlet extends AdminServlet { params.add(Constants.PR_CONN_OK, "Connect to directory server " + host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Success"); params.add(Constants.PR_AUTH_OK, "Authentication: SSL client authentication" + dashes(70 - 41) + " Success" + @@ -796,7 +801,8 @@ public class PublisherAdminServlet extends AdminServlet { params.add(Constants.PR_CONN_OK, "Connect to directory server " + host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is @@ -804,13 +810,15 @@ public class PublisherAdminServlet extends AdminServlet { params.add(Constants.PR_CONN_FAIL, "Connect to directory server " + host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure" + "\nerror: server unavailable"); } else { params.add(Constants.PR_CONN_FAIL, "Connect to directory server " + host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + + dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + + " Failure" + "\nexception: " + ex); } params.add(Constants.PR_SAVE_NOT, @@ -1003,7 +1011,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the manager id unique? if (mProcessor.getMapperPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)) + .toString(), null, resp); return; } @@ -1036,7 +1045,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the class an ILdapMapper? try { if (ILdapMapper.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, + resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. @@ -1121,8 +1131,10 @@ public class PublisherAdminServlet extends AdminServlet { implname); if (plugin == null) { - sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", + implname)).toString(), null, resp); return; } @@ -1160,19 +1172,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -1289,7 +1304,8 @@ public class PublisherAdminServlet extends AdminServlet { // does a`mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { - sendResponse(ERROR, + sendResponse( + ERROR, new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null, resp); return; @@ -1339,8 +1355,10 @@ public class PublisherAdminServlet extends AdminServlet { } if (mProcessor.getMapperPlugins().containsKey(id) == false) { - sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), + sendResponse( + ERROR, + new EMapperPluginNotFound(CMS + .getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), null, resp); return; } @@ -1428,7 +1446,8 @@ public class PublisherAdminServlet extends AdminServlet { // does mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { - sendResponse(ERROR, + sendResponse( + ERROR, new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null, resp); return; @@ -1489,8 +1508,10 @@ public class PublisherAdminServlet extends AdminServlet { (MapperPlugin) mProcessor.getMapperPlugins().get(implname); if (plugin == null) { - sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", + implname)).toString(), null, resp); return; } @@ -1557,19 +1578,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -1630,7 +1654,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the rule id unique? if (mProcessor.getRulePlugins().containsKey((Object) id)) { - sendResponse(ERROR, + sendResponse( + ERROR, new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), null, resp); return; @@ -1665,7 +1690,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the class an ILdapRule? try { if (ILdapRule.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, + resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. @@ -1739,8 +1765,10 @@ public class PublisherAdminServlet extends AdminServlet { implname); if (plugin == null) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -1783,19 +1811,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -1912,7 +1943,8 @@ public class PublisherAdminServlet extends AdminServlet { // does rule exist? if (mProcessor.getRulePlugins().containsKey(id) == false) { sendResponse(ERROR, - new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), + new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -2185,19 +2217,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -2259,7 +2294,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the manager id unique? if (mProcessor.getPublisherPlugins().containsKey((Object) id)) { sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)) + .toString(), null, resp); return; } @@ -2293,7 +2329,8 @@ public class PublisherAdminServlet extends AdminServlet { // is the class an ILdapPublisher? try { if (ILdapPublisher.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, + resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. @@ -2369,8 +2406,10 @@ public class PublisherAdminServlet extends AdminServlet { implname); if (plugin == null) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -2422,19 +2461,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } @@ -2553,8 +2595,10 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher exist? if (mProcessor.getPublisherPlugins().containsKey(id) == false) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), null, resp); return; } @@ -2614,7 +2658,8 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -2708,7 +2753,8 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -2779,8 +2825,10 @@ public class PublisherAdminServlet extends AdminServlet { (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); if (plugin == null) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), null, resp); return; } @@ -2872,19 +2920,22 @@ public class PublisherAdminServlet extends AdminServlet { // cleanup restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)) + .toString(), null, resp); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java index 36cc7100c..41c07d810 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java @@ -287,9 +287,12 @@ public class RegistryAdminServlet extends AdminServlet { CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName()); if (policyConstraintClass.isApplicable(policyDefaultClass)) { - CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName()); - nvp.add(constraintID, constraintInfo.getClassName() + "," + - constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); + CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + + constraintInfo.getClassName()); + nvp.add(constraintID, + constraintInfo.getClassName() + "," + + constraintInfo.getDescription(getLocale(req)) + "," + + constraintInfo.getName(getLocale(req))); } } } @@ -341,7 +344,8 @@ public class RegistryAdminServlet extends AdminServlet { if (desc != null) { try { - String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); + String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); CMS.debug("RegistryAdminServlet: getProfileImpl " + value); nvp.add(name, value); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java index 799638e8d..65c005835 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java @@ -1115,7 +1115,8 @@ public class UsrGrpAdminServlet extends AdminServlet { return; } - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length))); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length))); int j = 0; int jBegin = 0; @@ -1130,7 +1131,9 @@ public class UsrGrpAdminServlet extends AdminServlet { } // store the chain into cert db, except for the user cert for (j = jBegin; j < jEnd; j++) { - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN()))); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), + String.valueOf(p7certs[j].getSubjectDN()))); org.mozilla.jss.crypto.X509Certificate leafCert = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index a506a2b28..0c262fdf8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -493,7 +493,8 @@ public abstract class CMSServlet extends HttpServlet { Date endDate = CMS.getCurrentDate(); long endTime = endDate.getTime(); if (CMS.debugOn()) { - CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); + CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + + (endTime - startTime)); } iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java index 6d91e1b28..f8625ce30 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java @@ -213,7 +213,8 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("Free Memory / Total Memory:"); response.getWriter().println("</td>"); response.getWriter().println("<td>"); - response.getWriter().println((Runtime.getRuntime().freeMemory() * 100) / Runtime.getRuntime().totalMemory() + "%"); + response.getWriter().println( + (Runtime.getRuntime().freeMemory() * 100) / Runtime.getRuntime().totalMemory() + "%"); response.getWriter().println("</td>"); response.getWriter().println("</tr>"); response.getWriter().println("</table>"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index 66ca897f6..629c0e2c9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -236,7 +236,8 @@ public class CMCRevReqServlet extends CMSServlet { certs = new X509CertImpl[serialNoArray.length]; for (int i = 0; i < serialNoArray.length; i++) { - certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]); + certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate( + serialNoArray[i]); } } else if (mAuthority instanceof IRegistrationAuthority) { @@ -439,7 +440,8 @@ public class CMCRevReqServlet extends CMSServlet { Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll + .indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java index 01245d4f1..d247dfa8b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java @@ -213,7 +213,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { certs = new X509CertImpl[serialNoArray.length]; for (int i = 0; i < serialNoArray.length; i++) { - certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]); + certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate( + serialNoArray[i]); } } else if (mAuthority instanceof IRegistrationAuthority) { @@ -370,7 +371,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet { Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll + .indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -576,14 +578,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", - updateStatusStr)); + CMS.debug("ChallengeRevcationServlet1: " + + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", + updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); + CMS.debug("ChallengeRevcationServlet1: " + + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); header.addStringValue(updateStatusStr, "no"); String error = revReq.getExtDataInString(updateErrorStr); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java index a38a42f7a..18b9ddd60 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java @@ -308,7 +308,8 @@ public class DisplayBySerial extends CMSServlet { String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); if (rid != null && mAuthority instanceof ICertificateAuthority) { - IRequest r = ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest(new RequestId(rid)); + IRequest r = ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest( + new RequestId(rid)); String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); if (certType != null && certType.equals(IRequest.CLIENT_CERT)) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java index 0f2cd4135..3e4a064ba 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java @@ -397,7 +397,8 @@ public class DisplayCRL extends CMSServlet { } catch (Exception e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")) + .toString()); } if (deltaCRL != null) { BigInteger crlNumber = crlRecord.getCRLNumber(); @@ -431,7 +432,8 @@ public class DisplayCRL extends CMSServlet { if (i >= length) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); argSet.addRepeatRecord(rarg); } } else { @@ -439,11 +441,13 @@ public class DisplayCRL extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, length)); i = length; } argSet.addRepeatRecord(rarg); @@ -464,8 +468,10 @@ public class DisplayCRL extends CMSServlet { } } else if (!isCRLCacheEnabled && crlDisplayType.equals("cachedCRL")) { - header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); - header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); + header.addStringValue("error", + CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); + header.addStringValue("crlPrettyPrint", + CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); } else { header.addStringValue("error", new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java index 9e0f1f5b5..44b339c5a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java @@ -474,7 +474,8 @@ public class DoRevoke extends CMSServlet { // we do not want to revoke the CA certificate accidentially if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber()); + CMS.debug("DoRevoke: skipped revocation request for system certificate " + + xcert.getSerialNumber()); continue; } @@ -486,7 +487,8 @@ public class DoRevoke extends CMSServlet { (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); + CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber() + .toString(16))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( @@ -529,7 +531,8 @@ public class DoRevoke extends CMSServlet { Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll + .indexOf('=', i)) { if (i > -1) { i++; while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { @@ -698,7 +701,8 @@ public class DoRevoke extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + if ((stat == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); @@ -779,7 +783,8 @@ public class DoRevoke extends CMSServlet { "completed", cert.getSubjectDN(), cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + RevocationReason.fromInt(reason).toString() + " time: " + + (endTime - startTime) } ); } } @@ -839,7 +844,8 @@ public class DoRevoke extends CMSServlet { if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); + CMS.debug("DoRevoke: " + + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index e1d81f30d..259625d14 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -390,7 +390,8 @@ public class DoRevokeTPS extends CMSServlet { // we do not want to revoke the CA certificate accidentially if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); + CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + + xcert.getSerialNumber()); badCertsRequested = true; continue; } @@ -506,7 +507,8 @@ public class DoRevokeTPS extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + if ((stat == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); @@ -587,7 +589,8 @@ public class DoRevokeTPS extends CMSServlet { "completed", cert.getSubjectDN(), cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) } + RevocationReason.fromInt(reason).toString() + " time: " + + (endTime - startTime) } ); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java index e5b3fe808..bafafb8fd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java @@ -292,7 +292,8 @@ public class DoUnrevoke extends CMSServlet { RequestStatus status = unrevReq.getRequestStatus(); String type = unrevReq.getRequestType(); - if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { + if ((status == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java index 65716c07e..1e18c3c4e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java @@ -296,7 +296,8 @@ public class DoUnrevokeTPS extends CMSServlet { RequestStatus status = unrevReq.getRequestStatus(); String type = unrevReq.getRequestType(); - if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { + if ((status == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java index 4328c7cbb..ed66f8441 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java @@ -331,7 +331,8 @@ public class EnrollServlet extends CMSServlet { log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); + CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", + "Attempt to access adminEnroll after already setup.")); } processX509(cmsReq); @@ -415,7 +416,8 @@ public class EnrollServlet extends CMSServlet { return true; } - private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert, + private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, + X509Certificate sslClientCert, ICertificateAuthority mCa, String certBasedOldSubjectDN, BigInteger certBasedOldSerialNum) throws EBaseException { @@ -460,7 +462,8 @@ public class EnrollServlet extends CMSServlet { } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + + "))(certStatus=VALID))"; ICertRecordList list = (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); int size = list.getSize(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java index 4d1fe7b93..1acbac7f3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java @@ -205,7 +205,8 @@ public class GetCertFromRequest extends CMSServlet { } } - if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) { + if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType() + .equals(IRequest.RENEWAL_REQUEST)))) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); throw new ECMSGWException( diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 4927a4c14..e42150f87 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -487,7 +487,8 @@ public class HashEnrollServlet extends CMSServlet { } String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; + "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + + certBasedOldSerialNum + "))(certStatus=VALID))"; ICertRecordList list = (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); @@ -946,7 +947,8 @@ public class HashEnrollServlet extends CMSServlet { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); + CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), + certTemplate.getNotAfter()); certInfo.set(X509CertInfo.VALIDITY, certValidity); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java index 30e714724..2e6bc228d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java @@ -128,7 +128,8 @@ public class ListCerts extends CMSServlet { sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { mUseClientFilter = true; } - if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { + if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null + || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { mAllowedClientFilters.addElement("(certStatus=*)"); mAllowedClientFilters.addElement("(certStatus=VALID)"); mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); @@ -152,12 +153,14 @@ public class ListCerts extends CMSServlet { // check to see if the filter is allowed while (filters.hasMoreElements()) { String filter = (String) filters.nextElement(); - com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter); + com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + + queryCertFilter); if (filter.equals(queryCertFilter)) { return queryCertFilter; } } - com.netscape.certsrv.apps.CMS.debug("Requested filter '" + queryCertFilter + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter"); + com.netscape.certsrv.apps.CMS.debug("Requested filter '" + queryCertFilter + + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter"); return null; } else { com.netscape.certsrv.apps.CMS.debug("useClientFilter=false"); @@ -315,7 +318,8 @@ public class ListCerts extends CMSServlet { } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java index 7db6ac930..bbe8a479e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java @@ -608,7 +608,8 @@ public class SrchCerts extends CMSServlet { CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); timeLimit = mTimeLimits; } - CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit); + CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + + timeLimit); Enumeration e = mCertDB.searchCertificates(filter, maxResults, timeLimit); int count = 0; diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java index 1abba1719..9d3e633d2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java @@ -481,7 +481,8 @@ public class UpdateCRL extends CMSServlet { crlIssuingPoint.getCRLNumber(), crlIssuingPoint.getLastUpdate(), crlIssuingPoint.getNextUpdate(), - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + + (endTime - startTime) } ); } else { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, @@ -495,7 +496,8 @@ public class UpdateCRL extends CMSServlet { crlIssuingPoint.getCRLNumber(), crlIssuingPoint.getLastUpdate(), "not set", - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) } + Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + + (endTime - startTime) } ); } } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java index 27de7b285..10330501b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java @@ -488,7 +488,8 @@ public class UpdateDir extends CMSServlet { i++; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), + CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", + certRecord.getSerialNumber().toString(16), e.toString())); validCertsError += "Failed to publish certificate: 0x" + diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 653ffb703..75ec99e13 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -697,7 +697,8 @@ public class CRSEnrollment extends HttpServlet { if (attr.getName().equals(ChallengePassword.NAME)) { if (attr.get(ChallengePassword.PASSWORD) != null) { pkcs10Attr = pkcs10Attr + - "<ChallengePassword><Password>" + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; + "<ChallengePassword><Password>" + + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; } } @@ -1306,7 +1307,9 @@ public class CRSEnrollment extends HttpServlet { } } catch (Exception sne) { - log(ILogger.LL_INFO, "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + " Using unmodified subjectname"); + log(ILogger.LL_INFO, + "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + + " Using unmodified subjectname"); } if (subject != null) @@ -1987,7 +1990,8 @@ public class CRSEnrollment extends HttpServlet { BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); byte[] encPubKey = bs.getBits(); if (bs.getPadCount() != 0) { - throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); + throw new CryptoContextException( + "Internal error: Invalid Public key. Not an integral number of bytes."); } SEQUENCE.Template inner = new SEQUENCE.Template(); inner.addElement(INTEGER.getTemplate()); @@ -2004,7 +2008,8 @@ public class CRSEnrollment extends HttpServlet { } } catch (InvalidBERException e) { - throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); + throw new CryptoContextException( + "Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); } catch (CryptoManager.NotInitializedException e) { throw new CryptoContextException("Crypto Manager not initialized"); } catch (NoSuchAlgorithmException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index a906ba43a..25f062657 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -778,10 +778,12 @@ public class CMCOutputTemplate { SignedData msgData = (SignedData) msgValue.decodeWith(SignedData.getTemplate()); if (!verifyRevRequestSignature(msgData)) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER( + OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, + (String) null, otherInfo); tagattr = new TaggedAttribute( new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); @@ -823,7 +825,8 @@ public class CMCOutputTemplate { if (!sharedSecretFound) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), + null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); @@ -842,7 +845,8 @@ public class CMCOutputTemplate { if (sharedSecret == null) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), + null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); @@ -860,7 +864,8 @@ public class CMCOutputTemplate { revoke = true; } else { CMS.debug("CMCOutputTemplate: Both client and server shared secret are not the same, cant revoke certificate."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), + null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); @@ -924,7 +929,8 @@ public class CMCOutputTemplate { entryExtn.set(crlReasonExtn.getName(), crlReasonExtn); } - RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1]; revCertImpls[0] = revCertImpl; IRequestQueue queue = ca.getRequestQueue(); @@ -944,10 +950,12 @@ public class CMCOutputTemplate { if (result.equals(IRequest.RES_ERROR)) { CMS.debug("CMCOutputTemplate: revReq exception: " + revReq.getExtDataInString(IRequest.ERROR)); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), + null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, + otherInfo); tagattr = new TaggedAttribute( new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); @@ -1072,7 +1080,8 @@ public class CMCOutputTemplate { Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && + if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber + .getIssuer()))) && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index 8482e71bf..16c5e6c65 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -249,7 +249,12 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - String content = "uid=" + uid + "&pwd=" + pwd + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString(); + String content = "uid=" + + uid + + "&pwd=" + + pwd + + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + + c1.toString() + "&substores=" + s1.toString(); boolean success = updateConfigEntries(host, httpsport, true, "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index 871177a17..d8d841e39 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -481,7 +481,8 @@ public class AdminPanel extends WizardPanelBase { String session_id = CMS.getConfigSDSessionId(); String subjectDN = HttpInput.getString(request, "subject"); - String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN; + String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN; HttpClient httpclient = new HttpClient(); String c = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index f80957d1e..ccaa78e0b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -282,7 +282,8 @@ public class CAInfoPanel extends WizardPanelBase { } } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) + throws IOException { CMS.debug("CAInfoPanel update: this is the CA in the security domain."); IConfigStore config = CMS.getConfigStore(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 72e145d69..f73e44c18 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -126,8 +126,10 @@ public class CertRequestPanel extends WizardPanelBase { return true; } catch (Exception ee) { if (hardware) { - CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); - throw new IOException("The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding."); + CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + + fullnickname + " has been found on HSM. Please remove it before proceeding."); + throw new IOException("The certificate with the same nickname: " + fullnickname + + " has been found on HSM. Please remove it before proceeding."); } return true; } @@ -210,7 +212,8 @@ public class CertRequestPanel extends WizardPanelBase { CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ")."); deleteCert(tokenname, nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + e.toString()); + CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + + e.toString()); } } } @@ -625,7 +628,8 @@ public class CertRequestPanel extends WizardPanelBase { if (/*(certchains.length <= 1) &&*/ (b64chain != null && b64chain.length() != 0)) { - CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); + CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + + b64chain); try { CryptoUtil.importCertificateChain( CryptoUtil.normalizeCertAndReq(b64chain)); @@ -731,7 +735,8 @@ public class CertRequestPanel extends WizardPanelBase { ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); if (tag.equals("audit_signing")) { - ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); + ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER + | InternalCertificate.TRUSTED_PEER); } else { ic.setObjectSigningTrust(InternalCertificate.USER); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index f87af9bda..5e1bd5e80 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -203,7 +203,8 @@ public class CertUtil { /* * create requests so renewal can work on these initial certs */ - public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException { + public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) + throws EBaseException { // RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue // IRequest r = new EnrollmentRequest(rid); @@ -237,7 +238,8 @@ public class CertUtil { * update local cert request with the actual request * called from CertRequestPanel.java */ - public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) { + public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, + String subjectName) { try { CMS.debug("Updating local request... certTag=" + certTag); RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId")); @@ -641,7 +643,8 @@ public class CertUtil { try { privKey = cm.findPrivKeyByCert(cert); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + + e.toString()); return false; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index d3867e52e..bd3a31770 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -581,7 +581,8 @@ public class DatabasePanel extends WizardPanelBase { if (foundDatabase) { CMS.debug("DatabasePanel update: This database has already been used."); if (remove == null) { - throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database"); + throw new IOException( + "This database has already been used. Select the checkbox below to remove all data and reuse this database"); } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); @@ -593,7 +594,10 @@ public class DatabasePanel extends WizardPanelBase { if (foundBaseDN) { CMS.debug("DatabasePanel update: This base DN has already been used."); if (remove == null) { - throw new IOException("This base DN (" + baseDN + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); + throw new IOException( + "This base DN (" + + baseDN + + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); @@ -676,7 +680,8 @@ public class DatabasePanel extends WizardPanelBase { if (!foundBaseDN) { if (!testing) { - context.put("errorString", "Base DN was not found. Please make sure to create the suffix in the internal database."); + context.put("errorString", + "Base DN was not found. Please make sure to create the suffix in the internal database."); throw new IOException("Base DN not found"); } @@ -1030,7 +1035,8 @@ public class DatabasePanel extends WizardPanelBase { // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on") ? "true" : "false"), (cloneStartTLS.equals("on") ? "true" : "false")); + setupReplication(request, context, (secure.equals("on") ? "true" : "false"), + (cloneStartTLS.equals("on") ? "true" : "false")); CMS.debug("Finish setting up replication."); try { @@ -1164,10 +1170,12 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); + master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, + cloneStartTLS); createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); + master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, + cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); @@ -1230,7 +1238,8 @@ public class DatabasePanel extends WizardPanelBase { } return; } else { - CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + e.toString()); + CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + + e.toString()); throw e; } } @@ -1309,7 +1318,8 @@ public class DatabasePanel extends WizardPanelBase { } return id; } else { - CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + + e.toString()); return id; } } @@ -1320,7 +1330,8 @@ public class DatabasePanel extends WizardPanelBase { private void createReplicationAgreement(String replicadn, LDAPConnection conn, String name, String replicahost, int replicaport, - String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { + String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) + throws LDAPException { String dn = "cn=" + name + "," + replicadn; CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn); LDAPEntry entry = null; @@ -1367,7 +1378,8 @@ public class DatabasePanel extends WizardPanelBase { throw ee; } } else { - CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + e.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + + e.toString()); throw e; } } @@ -1379,7 +1391,8 @@ public class DatabasePanel extends WizardPanelBase { String name) { String dn = "cn=" + name + "," + replicadn; CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + dn); - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort()); + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + + conn.getPort()); try { LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", "start"); @@ -1474,7 +1487,8 @@ public class DatabasePanel extends WizardPanelBase { try { String filter = "(objectclass=*)"; String[] attrs = { "nsslapd-directory" }; - LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, + LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", + LDAPv3.SCOPE_SUB, filter, attrs, false); while (results.hasMoreElements()) { @@ -1498,7 +1512,8 @@ public class DatabasePanel extends WizardPanelBase { } } } catch (LDAPException e) { - CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + e.toString()); + CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + + e.toString()); } return instancedir; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index d72984d22..c24992cb4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -195,9 +195,11 @@ public class DisplayCertChainPanel extends WizardPanelBase { String cs_hostname = cs.getString("machineName", ""); int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; + String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + + encodedValue; response.sendRedirect(sdurl); // The user previously specified the CA Security Domain's diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index b330b705d..388570531 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -495,12 +495,14 @@ public class DonePanel extends WizardPanelBase { } else { serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; } - LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString()); + LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum) + .toString()); LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange); conn.modify(serialdn, serialmod); String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; - LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString()); + LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum) + .toString()); LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange); conn.modify(requestdn, requestmod); @@ -540,9 +542,12 @@ public class DonePanel extends WizardPanelBase { cs.putString("cloning." + ss + ".keytype", cs.getString("preop.cert." + ss + ".keytype", "")); cs.putString("cloning." + ss + ".keyalgorithm", cs.getString("preop.cert." + ss + ".keyalgorithm", "")); cs.putString("cloning." + ss + ".privkey.id", cs.getString("preop.cert." + ss + ".privkey.id", "")); - cs.putString("cloning." + ss + ".pubkey.exponent", cs.getString("preop.cert." + ss + ".pubkey.exponent", "")); - cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString("preop.cert." + ss + ".pubkey.modulus", "")); - cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString("preop.cert." + ss + ".pubkey.encoded", "")); + cs.putString("cloning." + ss + ".pubkey.exponent", + cs.getString("preop.cert." + ss + ".pubkey.exponent", "")); + cs.putString("cloning." + ss + ".pubkey.modulus", + cs.getString("preop.cert." + ss + ".pubkey.modulus", "")); + cs.putString("cloning." + ss + ".pubkey.encoded", + cs.getString("preop.cert." + ss + ".pubkey.encoded", "")); } cs.putString("cloning.module.token", cs.getString("preop.module.token", "")); cs.putString("cloning.list", list); @@ -772,7 +777,12 @@ public class DonePanel extends WizardPanelBase { } else { CMS.debug("DonePanel: Transport certificate is being setup in " + url); String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost + "&ca.connector.KRA.port=" + ownagentsport + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert) + "&sessionID=" + session_id; + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + + ownagenthost + + "&ca.connector.KRA.port=" + + ownagentsport + + "&ca.connector.KRA.transportCert=" + + URLEncoder.encode(transportCert) + "&sessionID=" + session_id; updateConnectorInfo(host, port, true, content); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index 9a220032e..36ced4879 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -296,7 +296,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { user.setX509Certificates(certs); ug.addUserCert(user); } catch (LDAPException e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + + e.toString()); if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { context.put("updateStatus", "failure"); throw new IOException(e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index 63b9aaf1c..b8e1816f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -78,7 +78,8 @@ public class LDAPSecurityDomainSessionTable entry = new LDAPEntry(sessionsdn, attrs); conn.add(entry); } catch (Exception e) { - if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { + if ((e instanceof LDAPException) + && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { // continue } else { CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); @@ -129,7 +130,8 @@ public class LDAPSecurityDomainSessionTable conn.delete(dn); status = SUCCESS; } catch (Exception e) { - if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { + if ((e instanceof LDAPException) + && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { // continue } else { CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index 1a1fccdf9..4f6df0f0b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -491,7 +491,9 @@ public class NamePanel extends WizardPanelBase { String machineName = config.getString("machineName", ""); String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + + profileId + "&cert_request_type=pkcs10&cert_request=" + + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, content, response, this); if (cert == null) { @@ -506,7 +508,9 @@ public class NamePanel extends WizardPanelBase { } catch (Exception ee) { } - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; + String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + + profileId + "&cert_request_type=pkcs10&cert_request=" + + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id; cert = CertUtil.createRemoteCert(ca_hostname, ca_port, content, response, this); if (cert == null) { @@ -647,7 +651,8 @@ public class NamePanel extends WizardPanelBase { config.commit(false); } } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); + CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + + e.toString()); } configCert(request, response, context, cert); @@ -887,7 +892,8 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: update() done"); } - private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) + throws IOException { CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -920,7 +926,8 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsadminport", https_admin_port); } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) + throws IOException { CMS.debug("NamePanel update: this is the CA in the security domain."); CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr); String https_admin_port = ""; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index cc62fede0..dde150485 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -456,7 +456,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { s1.append("ca.connector.KRA"); } - content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id; + content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id; boolean success = updateConfigEntries(master_hostname, master_port, true, "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response); if (!success) { @@ -561,7 +562,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, param); - org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey); + org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), + publickey); } catch (Exception e) { CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString()); @@ -602,7 +604,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { | InternalCertificate.VALID_CA); } else if (name.startsWith("auditSigningCert")) { InternalCertificate icert = (InternalCertificate) xcert; - icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); + icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER + | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index a008d259b..c4329bda2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -70,8 +70,10 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, - "default,custom", null, /* no default parameter */ + Descriptor choiceDesc = new Descriptor( + IDescriptor.CHOICE, + "default,custom", + null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); @@ -464,7 +466,8 @@ public class SizePanel extends WizardPanelBase { } public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { CMS.debug("Generating ECC key pair with curvename=" + curveName + ", token=" + token); KeyPair pair = null; @@ -542,7 +545,8 @@ public class SizePanel extends WizardPanelBase { } public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { + throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { /* generate key pair */ KeyPair pair = null; do { @@ -621,7 +625,8 @@ public class SizePanel extends WizardPanelBase { s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); context.put("ecclist", s); - s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); + s = config.getString("preop.rsa.algorithm.list", + "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); context.put("rsalist", s); s = config.getString("keys.ecc.curve.list", "nistp256"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index c7910bc80..7b381383b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -1133,7 +1133,8 @@ public class WizardPanelBase implements IWizardPanel { Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i), "SecureAdminPort"); - if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { + if (v_host.elementAt(0).equals(hostname) + && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { // add security domain CA to the beginning of list v.add(0, v_name.elementAt(0) + " - https://" @@ -1629,7 +1630,8 @@ public class WizardPanelBase implements IWizardPanel { int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java index 4c734cee4..fbb5ce49f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java @@ -191,7 +191,8 @@ public class CheckCertServlet extends CMSServlet { } catch (Exception e) { header.addStringValue(ATTR_STATUS, STATUS_UNKNOWN); } - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status " + cert.getIssuerDN().getName() + " " + cert.getSerialNumber().toString()); + log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status " + cert.getIssuerDN().getName() + " " + + cert.getSerialNumber().toString()); try { ServletOutputStream out = resp.getOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index f2b3f57a2..81d34a65d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -117,7 +117,8 @@ public class CMCProcessor extends PKIProcessor { org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) + if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) + || !cmcReq.hasContent()) throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); SignedData cmcFullReq = (SignedData) @@ -304,7 +305,8 @@ public class CMCProcessor extends PKIProcessor { PublicKey signKey = null; while (signKey == null && j < numReqs) { - X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)).get(CertificateX509Key.KEY); + X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)) + .get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(subjectKeyInfo.getEncoded()); diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index dcfb3eaee..ea0358dbb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -195,7 +195,8 @@ public class CRMFProcessor extends PKIProcessor { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); + CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), + certTemplate.getNotAfter()); certInfo.set(X509CertInfo.VALIDITY, certValidity); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index 3a2a91dae..d1ee896a7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -140,7 +140,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { + private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, + IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index ad52d17a7..144823a26 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -191,7 +191,8 @@ public class ProfileSubmitServlet extends ProfileServlet { } - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { + private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, + IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { @@ -343,7 +344,8 @@ public class ProfileSubmitServlet extends ProfileServlet { if (request.getParameter(inputName) != null) { // special characters in subject names parameters must be escaped if (inputName.matches("^sn_.*")) { - req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); + req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false) + .toString()); } else { req.setExtData(inputName, request.getParameter(inputName)); } @@ -713,17 +715,21 @@ public class ProfileSubmitServlet extends ProfileServlet { } ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial); if (rec == null) { - CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { - CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + + certSerial.toString()); // check to see if the cert is revoked or revoked_expired - if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { - CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + certSerial.toString()); + if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) + || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { + CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); @@ -766,7 +772,8 @@ public class ProfileSubmitServlet extends ProfileServlet { origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); } else { //if origReq - CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + rid); + CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + + rid); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -774,7 +781,8 @@ public class ProfileSubmitServlet extends ProfileServlet { return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + + certSerial.toString()); CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -783,7 +791,8 @@ public class ProfileSubmitServlet extends ProfileServlet { return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); @@ -1188,7 +1197,8 @@ public class ProfileSubmitServlet extends ProfileServlet { // no profile set found CMS.debug("ProfileSubmitServlet: no profile policy set found"); if (xmlOutput) { - outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString()); + outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k] + .getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, @@ -1237,7 +1247,8 @@ public class ProfileSubmitServlet extends ProfileServlet { // throw new IOException("Profile " + profileId + // " cannot populate"); if (xmlOutput) { - outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k].getRequestId().toString()); + outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k] + .getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java index 51bb2af18..812a0318d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java @@ -444,7 +444,8 @@ public class CertReqParser extends ReqParser { (CertificateValidity) certInfo[0].get(X509CertInfo.VALIDITY); if (validity != null) { - long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; + long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity + .get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; arg.addLongValue("validityLength", validityLength); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java index 001fab7f5..6522bdf45 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java @@ -493,21 +493,24 @@ public class CheckRequest extends CMSServlet { x509cert = ((IRegistrationAuthority) mAuthority).getRACert(); } if (x509cert == null) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", + "No signing cert found.")); X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); ByteArrayInputStream issuer1 = new ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); + IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber() + .toString())); SignerIdentifier si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; - org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); + org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance() + .findPrivKeyByCert(x509cert); org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) @@ -562,7 +565,8 @@ public class CheckRequest extends CMSServlet { SignedData(digestAlgs, ci, jsscerts, null, signInfos); org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new - org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); + org.mozilla.jss.pkix.cms.ContentInfo( + org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); ByteArrayOutputStream ostream = new ByteArrayOutputStream(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java index ef016ed32..7a63e1a11 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -656,7 +656,8 @@ public class ProcessCertReq extends CMSServlet { updateNSExtension(req, nsExtensions); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); } String pathLength = req.getParameter("pathLenConstraint"); @@ -685,9 +686,13 @@ public class ProcessCertReq extends CMSServlet { } } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", + e.toString())); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", + e.toString())); } } @@ -746,7 +751,9 @@ public class ProcessCertReq extends CMSServlet { } catch (Exception e1) { } // create extension - PresenceServerExtension pseExt = new PresenceServerExtension(Critical, Version, StreetAddress, TelephoneNumber, RFC822Name, IMID, HostName, PortNumber, MaxUsers, ServiceLevel); + PresenceServerExtension pseExt = new PresenceServerExtension(Critical, Version, + StreetAddress, TelephoneNumber, RFC822Name, IMID, HostName, PortNumber, + MaxUsers, ServiceLevel); extensions.set(pseExt.getExtensionId().toString(), pseExt); } @@ -925,7 +932,8 @@ public class ProcessCertReq extends CMSServlet { "completed", issuedCerts[i].getSubjectDN(), "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime) } + issuedCerts[i].getSerialNumber().toString(16) + " time: " + + (endTime - startTime) } ); // store a message in the signed audit log file diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java index 3a6dda643..715a2baf8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -396,8 +396,10 @@ public class TokenServlet extends CMSServlet { try { - byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key")); - CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName); + byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + + keySet + ".mac_key")); + CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + + " keyNickName=" + keyNickName); session_key = SessionKey.ComputeSessionKey( selectedToken, keyNickName, card_challenge, host_challenge, keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName); @@ -408,7 +410,8 @@ public class TokenServlet extends CMSServlet { } - byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); + byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + + keySet + ".auth_key")); enc_session_key = SessionKey.ComputeEncSessionKey( selectedToken, keyNickName, card_challenge, host_challenge, keyInfo, CUID, encKeyArray, useSoftToken_s, keySet); @@ -430,7 +433,8 @@ public class TokenServlet extends CMSServlet { **/ CMS.debug("TokenServlet: calling ComputeKekKey"); - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + + keySet + ".kek_key")); kek_key = SessionKey.ComputeKekKey( selectedToken, keyNickName, card_challenge, @@ -541,7 +545,8 @@ public class TokenServlet extends CMSServlet { } // if (serversideKeygen == true) - byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); + byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + + keySet + ".auth_key")); host_cryptogram = SessionKey.ComputeCryptogram( selectedToken, keyNickName, card_challenge, host_challenge, keyInfo, CUID, 0, authKeyArray, useSoftToken_s, keySet); @@ -864,7 +869,8 @@ public class TokenServlet extends CMSServlet { " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + newKeyNickName); - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + + ".kek_key")); KeySetData = SessionKey.DiversifyKey(oldSelectedToken, newSelectedToken, oldKeyNickName, newKeyNickName, rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); @@ -1068,7 +1074,8 @@ public class TokenServlet extends CMSServlet { keyNickName = st.nextToken(); } - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + + ".kek_key")); encryptedData = SessionKey.EncryptData( selectedToken, keyNickName, data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); |