diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/authentication')
8 files changed, 439 insertions, 535 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java index b044f8569..d3793e344 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -39,10 +40,11 @@ import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmscore.util.Debug; + /** * Default authentication subsystem * <P> - * + * * @author cfu * @author lhsiao * @version $Revision$, $Date$ @@ -71,30 +73,29 @@ public class AuthSubsystem implements IAuthSubsystem { } /** - * Initializes the authentication subsystem from the config store. Load - * Authentication manager plugins, create and initialize initialize - * authentication manager instances. - * + * Initializes the authentication subsystem from the config store. + * Load Authentication manager plugins, create and initialize + * initialize authentication manager instances. * @param owner The owner of this module. * @param config The configuration store. */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { try { mLogger = CMS.getLogger(); mConfig = config; - - // hardcode admin and agent plugins required for the server to be + + // hardcode admin and agent plugins required for the server to be // functional. AuthMgrPlugin newPlugin = null; - newPlugin = new AuthMgrPlugin(PASSWDUSERDB_PLUGIN_ID, + newPlugin = new AuthMgrPlugin(PASSWDUSERDB_PLUGIN_ID, PasswdUserDBAuthentication.class.getName()); newPlugin.setVisible(false); mAuthMgrPlugins.put(PASSWDUSERDB_PLUGIN_ID, newPlugin); - newPlugin = new AuthMgrPlugin(CERTUSERDB_PLUGIN_ID, + newPlugin = new AuthMgrPlugin(CERTUSERDB_PLUGIN_ID, CertUserDBAuthentication.class.getName()); newPlugin.setVisible(false); mAuthMgrPlugins.put(CERTUSERDB_PLUGIN_ID, newPlugin); @@ -105,12 +106,12 @@ public class AuthSubsystem implements IAuthSubsystem { mAuthMgrPlugins.put(CHALLENGE_PLUGIN_ID, newPlugin); // Bugscape #56659 - // Removed NullAuthMgr to harden CMS. Otherwise, - // any request submitted for nullAuthMgr will - // be approved automatically + // Removed NullAuthMgr to harden CMS. Otherwise, + // any request submitted for nullAuthMgr will + // be approved automatically // // newPlugin = new AuthMgrPlugin(NULL_PLUGIN_ID, - // NullAuthentication.class.getName()); + // NullAuthentication.class.getName()); // newPlugin.setVisible(false); // mAuthMgrPlugins.put(NULL_PLUGIN_ID, newPlugin); @@ -127,7 +128,7 @@ public class AuthSubsystem implements IAuthSubsystem { while (mImpls.hasMoreElements()) { String id = (String) mImpls.nextElement(); String pluginPath = c.getString(id + "." + PROP_CLASS); - + AuthMgrPlugin plugin = new AuthMgrPlugin(id, pluginPath); mAuthMgrPlugins.put(id, plugin); @@ -141,59 +142,50 @@ public class AuthSubsystem implements IAuthSubsystem { IAuthManager passwdUserDBAuth = new PasswdUserDBAuthentication(); - passwdUserDBAuth.init(PASSWDUSERDB_AUTHMGR_ID, - PASSWDUSERDB_PLUGIN_ID, null); - mAuthMgrInsts.put(PASSWDUSERDB_AUTHMGR_ID, new AuthManagerProxy( - true, passwdUserDBAuth)); + passwdUserDBAuth.init(PASSWDUSERDB_AUTHMGR_ID, PASSWDUSERDB_PLUGIN_ID, null); + mAuthMgrInsts.put(PASSWDUSERDB_AUTHMGR_ID, new + AuthManagerProxy(true, passwdUserDBAuth)); if (Debug.ON) { Debug.trace("loaded password based auth manager"); } IAuthManager certUserDBAuth = new CertUserDBAuthentication(); - certUserDBAuth.init(CERTUSERDB_AUTHMGR_ID, CERTUSERDB_PLUGIN_ID, - config); - mAuthMgrInsts.put(CERTUSERDB_AUTHMGR_ID, new AuthManagerProxy(true, - certUserDBAuth)); + certUserDBAuth.init(CERTUSERDB_AUTHMGR_ID, CERTUSERDB_PLUGIN_ID, config); + mAuthMgrInsts.put(CERTUSERDB_AUTHMGR_ID, new AuthManagerProxy(true, certUserDBAuth)); if (Debug.ON) { Debug.trace("loaded certificate based auth manager"); } IAuthManager challengeAuth = new ChallengePhraseAuthentication(); - challengeAuth.init(CHALLENGE_AUTHMGR_ID, CHALLENGE_PLUGIN_ID, - config); - mAuthMgrInsts.put(CHALLENGE_AUTHMGR_ID, new AuthManagerProxy(true, - challengeAuth)); + challengeAuth.init(CHALLENGE_AUTHMGR_ID, CHALLENGE_PLUGIN_ID, config); + mAuthMgrInsts.put(CHALLENGE_AUTHMGR_ID, new AuthManagerProxy(true, challengeAuth)); if (Debug.ON) { Debug.trace("loaded challenge phrase auth manager"); } - + IAuthManager cmcAuth = new com.netscape.cms.authentication.CMCAuth(); cmcAuth.init(CMCAUTH_AUTHMGR_ID, CMCAUTH_PLUGIN_ID, config); - mAuthMgrInsts.put(CMCAUTH_AUTHMGR_ID, new AuthManagerProxy(true, - cmcAuth)); + mAuthMgrInsts.put(CMCAUTH_AUTHMGR_ID, new AuthManagerProxy(true, cmcAuth)); if (Debug.ON) { Debug.trace("loaded cmc auth manager"); } - + // #56659 // IAuthManager nullAuth = new NullAuthentication(); // nullAuth.init(NULL_AUTHMGR_ID, NULL_PLUGIN_ID, config); - // mAuthMgrInsts.put(NULL_AUTHMGR_ID, new AuthManagerProxy(true, - // nullAuth)); + // mAuthMgrInsts.put(NULL_AUTHMGR_ID, new AuthManagerProxy(true, nullAuth)); // if (Debug.ON) { - // Debug.trace("loaded null auth manager"); + // Debug.trace("loaded null auth manager"); // } IAuthManager sslClientCertAuth = new SSLClientCertAuthentication(); - sslClientCertAuth.init(SSLCLIENTCERT_AUTHMGR_ID, - SSLCLIENTCERT_PLUGIN_ID, config); - mAuthMgrInsts.put(SSLCLIENTCERT_AUTHMGR_ID, new AuthManagerProxy( - true, sslClientCertAuth)); + sslClientCertAuth.init(SSLCLIENTCERT_AUTHMGR_ID, SSLCLIENTCERT_PLUGIN_ID, config); + mAuthMgrInsts.put(SSLCLIENTCERT_AUTHMGR_ID, new AuthManagerProxy(true, sslClientCertAuth)); if (Debug.ON) { Debug.trace("loaded sslClientCert auth manager"); } @@ -205,14 +197,12 @@ public class AuthSubsystem implements IAuthSubsystem { while (instances.hasMoreElements()) { String insName = (String) instances.nextElement(); String implName = c.getString(insName + "." + PROP_PLUGIN); - AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins - .get(implName); + AuthMgrPlugin plugin = + (AuthMgrPlugin) mAuthMgrPlugins.get(implName); if (plugin == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_AUTH_CANT_FIND_PLUGIN", implName)); - throw new EAuthMgrPluginNotFound(CMS.getUserMessage( - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_CANT_FIND_PLUGIN", implName)); + throw new EAuthMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName)); } String className = plugin.getClassPath(); @@ -221,56 +211,44 @@ public class AuthSubsystem implements IAuthSubsystem { IAuthManager authMgrInst = null; try { - authMgrInst = (IAuthManager) Class.forName(className) - .newInstance(); + authMgrInst = (IAuthManager) + Class.forName(className).newInstance(); IConfigStore authMgrConfig = c.getSubStore(insName); authMgrInst.init(insName, implName, authMgrConfig); isEnable = true; - log(ILogger.LL_INFO, CMS.getLogMessage( - "CMSCORE_AUTH_ADD_AUTH_INSTANCE", insName)); + log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_ADD_AUTH_INSTANCE", insName)); } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", - e.toString())); - throw new EAuthException(CMS.getUserMessage( - "CMS_ACL_CLASS_LOAD_FAIL", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString())); + throw new + EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", - e.toString())); - throw new EAuthException(CMS.getUserMessage( - "CMS_ACL_CLASS_LOAD_FAIL", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString())); + throw new + EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", - e.toString())); - throw new EAuthException(CMS.getUserMessage( - "CMS_ACL_CLASS_LOAD_FAIL", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString())); + throw new + EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_AUTH_AUTH_INIT_ERROR", insName, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString())); // Skip the authenticaiton instance if // it is mis-configurated. This give // administrator another chance to // fix the problem via console } catch (Throwable e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_AUTH_AUTH_INIT_ERROR", insName, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString())); // Skip the authenticaiton instance if // it is mis-configurated. This give // administrator another chance to // fix the problem via console } // add manager instance to list. - mAuthMgrInsts.put(insName, new AuthManagerProxy(isEnable, - authMgrInst)); + mAuthMgrInsts.put(insName, new + AuthManagerProxy(isEnable, authMgrInst)); if (Debug.ON) { - Debug.trace("loaded auth instance " + insName + " impl " - + implName); + Debug.trace("loaded auth instance " + insName + " impl " + implName); } } log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", getId())); @@ -284,73 +262,66 @@ public class AuthSubsystem implements IAuthSubsystem { /** * Authenticate to the named authentication manager instance * <p> - * - * @param authCred authentication credentials subject to the requirements of - * each authentication manager + * @param authCred authentication credentials subject to the + * requirements of each authentication manager * @param authMgrName name of the authentication manager instance - * @return authentication token with individualized authenticated - * information. + * @return authentication token with individualized authenticated + * information. * @exception EMissingCredential If a required credential for the - * authentication manager is missing. + * authentication manager is missing. * @exception EInvalidCredentials If the credentials cannot be authenticated * @exception EAuthMgrNotFound The auth manager is not found. * @exception EBaseException If an internal error occurred. */ - public IAuthToken authenticate(IAuthCredentials authCred, - String authMgrInstName) throws EMissingCredential, - EInvalidCredentials, EAuthMgrNotFound, EBaseException { - AuthManagerProxy proxy = (AuthManagerProxy) mAuthMgrInsts - .get(authMgrInstName); + public IAuthToken authenticate( + IAuthCredentials authCred, String authMgrInstName) + throws EMissingCredential, EInvalidCredentials, + EAuthMgrNotFound, EBaseException { + AuthManagerProxy proxy = (AuthManagerProxy) + mAuthMgrInsts.get(authMgrInstName); if (proxy == null) { - throw new EAuthMgrNotFound(CMS.getUserMessage( - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName)); + throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName)); } if (!proxy.isEnable()) { - throw new EAuthMgrNotFound(CMS.getUserMessage( - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName)); + throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName)); } IAuthManager authMgrInst = proxy.getAuthManager(); if (authMgrInst == null) { - throw new EAuthMgrNotFound(CMS.getUserMessage( - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName)); + throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName)); } return (authMgrInst.authenticate(authCred)); } /** - * Gets a list of required authentication credential names of the specified - * authentication manager. + * Gets a list of required authentication credential names + * of the specified authentication manager. */ public String[] getRequiredCreds(String authMgrInstName) - throws EAuthMgrNotFound { + throws EAuthMgrNotFound { IAuthManager authMgrInst = get(authMgrInstName); if (authMgrInst == null) { - throw new EAuthMgrNotFound(CMS.getUserMessage( - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName)); + throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName)); } return authMgrInst.getRequiredCreds(); } /** - * Gets configuration parameters for the given authentication manager - * plugin. - * + * Gets configuration parameters for the given + * authentication manager plugin. * @param implName Name of the authentication plugin. * @return Hashtable of required parameters. */ public String[] getConfigParams(String implName) - throws EAuthMgrPluginNotFound, EBaseException { + throws EAuthMgrPluginNotFound, EBaseException { // is this a registered implname? AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins.get(implName); if (plugin == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_AUTH_PLUGIN_NOT_FOUND", implName)); - throw new EAuthMgrPluginNotFound(CMS.getUserMessage( - "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_PLUGIN_NOT_FOUND", implName)); + throw new EAuthMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName)); } // a temporary instance @@ -358,32 +329,26 @@ public class AuthSubsystem implements IAuthSubsystem { String className = plugin.getClassPath(); try { - authMgrInst = (IAuthManager) Class.forName(className).newInstance(); + authMgrInst = (IAuthManager) + Class.forName(className).newInstance(); return (authMgrInst.getConfigParams()); } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", - e.toString())); - throw new EAuthException(CMS.getUserMessage( - "CMS_ACL_CLASS_LOAD_FAIL", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); + throw new + EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", - e.toString())); - throw new EAuthException(CMS.getUserMessage( - "CMS_ACL_CLASS_LOAD_FAIL", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); + throw new + EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", - e.toString())); - throw new EAuthException(CMS.getUserMessage( - "CMS_ACL_CLASS_LOAD_FAIL", className)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); + throw new + EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className)); } } /** * Add an authentication manager instance. - * * @param name name of the authentication manager instance * @param authMgr the authentication manager instance to be added */ @@ -393,7 +358,6 @@ public class AuthSubsystem implements IAuthSubsystem { /* * Removes a authentication manager instance. - * * @param name name of the authentication manager */ public void delete(String name) { @@ -402,7 +366,6 @@ public class AuthSubsystem implements IAuthSubsystem { /** * Gets the authentication manager instance of the specified name. - * * @param name name of the authentication manager instance * @return the named authentication manager instance */ @@ -446,9 +409,9 @@ public class AuthSubsystem implements IAuthSubsystem { } /** - * Retrieve a single auth manager instance + * Retrieve a single auth manager instance */ - + /* getconfigparams above should be recoded to use this func */ public IAuthManager getAuthManagerPlugin(String name) { AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins.get(name); @@ -459,27 +422,23 @@ public class AuthSubsystem implements IAuthSubsystem { authMgrInst = (IAuthManager) Class.forName(classpath).newInstance(); return (authMgrInst); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString())); return null; } } /** * Retrieves id (name) of this subsystem. - * * @return name of the authentication subsystem */ public String getId() { return (mId); } - + /** * Sets id string to this subsystem. * <p> - * Use with caution. Should not do it when sharing with others - * + * Use with caution. Should not do it when sharing with others * @param id name to be applied to an authentication sybsystem */ public void setId(String id) throws EBaseException { @@ -490,23 +449,22 @@ public class AuthSubsystem implements IAuthSubsystem { * registers the administration servlet with the administration subsystem. */ public void startup() throws EBaseException { - // remove the log since it's already logged from S_ADMIN - // String infoMsg = "Auth subsystem administration Servlet registered"; - // log(ILogger.LL_INFO, infoMsg); + //remove the log since it's already logged from S_ADMIN + //String infoMsg = "Auth subsystem administration Servlet registered"; + //log(ILogger.LL_INFO, infoMsg); } /** - * shuts down authentication managers one by one. + * shuts down authentication managers one by one. * <P> */ public void shutdown() { - for (Enumeration e = mAuthMgrInsts.keys(); e.hasMoreElements();) { + for (Enumeration e = mAuthMgrInsts.keys(); + e.hasMoreElements();) { IAuthManager mgr = (IAuthManager) get((String) e.nextElement()); - log(ILogger.LL_INFO, - CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_SHUTDOWN", - mgr.getName())); + log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_SHUTDOWN", mgr.getName())); mgr.shutdown(); } @@ -528,7 +486,7 @@ public class AuthSubsystem implements IAuthSubsystem { /** * Returns the root configuration storage of this system. * <P> - * + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { @@ -537,7 +495,6 @@ public class AuthSubsystem implements IAuthSubsystem { /** * gets the named authentication manager - * * @param name of the authentication manager * @return the named authentication manager */ @@ -551,8 +508,8 @@ public class AuthSubsystem implements IAuthSubsystem { public void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, - msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java index 5e9e8dea4..c82142942 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + import java.security.cert.X509Certificate; import netscape.security.x509.X509CertImpl; @@ -37,11 +38,13 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator; import com.netscape.cmscore.usrgrp.ExactMatchCertUserLocator; import com.netscape.cmscore.usrgrp.User; + /** - * Certificate server agent authentication. Maps a SSL client authenticate - * certificate to a user (agent) entry in the internal database. + * Certificate server agent authentication. + * Maps a SSL client authenticate certificate to a user (agent) entry in the + * internal database. * <P> - * + * * @author lhsiao * @author cfu * @version $Revision$, $Date$ @@ -78,15 +81,15 @@ public class CertUserDBAuthentication implements IAuthManager { /** * initializes the CertUserDBAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing all available - * authentication managers. - * - * @param owner - The authentication subsystem that hosts this auth manager - * @param config - The configuration store used by the authentication - * subsystem + * called by AuthSubsystem init() method, when initializing + * all available authentication managers. + * @param owner - The authentication subsystem that hosts this + * auth manager + * @param config - The configuration store used by the + * authentication subsystem */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -95,25 +98,21 @@ public class CertUserDBAuthentication implements IAuthManager { mRevocationChecking = mConfig.getSubStore("revocationChecking"); } if (mRevocationChecking != null) { - mRevocationCheckingEnabled = mRevocationChecking.getBoolean( - "enabled", false); + mRevocationCheckingEnabled = mRevocationChecking.getBoolean("enabled", false); if (mRevocationCheckingEnabled) { int size = mRevocationChecking.getInteger("bufferSize", 0); - long interval = (long) mRevocationChecking.getInteger( - "validityInterval", 28800); - long unknownStateInterval = (long) mRevocationChecking - .getInteger("unknownStateInterval", 1800); + long interval = (long) mRevocationChecking.getInteger("validityInterval", 28800); + long unknownStateInterval = (long) mRevocationChecking.getInteger("unknownStateInterval", 1800); if (size > 0) - CMS.setListOfVerifiedCerts(size, interval, - unknownStateInterval); + CMS.setListOfVerifiedCerts(size, interval, unknownStateInterval); } } mCULocator = new ExactMatchCertUserLocator(); log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name)); } - + /** * Gets the name of this authentication manager. */ @@ -127,52 +126,45 @@ public class CertUserDBAuthentication implements IAuthManager { public String getImplName() { return mImplName; } - + /** * authenticates user(agent) by certificate * <p> - * called by other subsystems or their servlets to authenticate users - * (agents) - * - * @param authCred - authentication credential that contains an - * usrgrp.Certificates of the user (agent) + * called by other subsystems or their servlets to authenticate + * users (agents) + * @param authCred - authentication credential that contains + * an usrgrp.Certificates of the user (agent) * @return the authentication token that contains the following - * - * @exception com.netscape.certsrv.base.EAuthsException any authentication - * failure or insufficient credentials + * + * @exception com.netscape.certsrv.base.EAuthsException any + * authentication failure or insufficient credentials * @see com.netscape.certsrv.authentication.AuthToken * @see com.netscape.certsrv.usrgrp.Certificates */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { CMS.debug("CertUserDBAuth: started"); AuthToken authToken = new AuthToken(this); CMS.debug("CertUserDBAuth: Retrieving client certificate"); - X509Certificate[] x509Certs = (X509Certificate[]) authCred - .get(CRED_CERT); + X509Certificate[] x509Certs = + (X509Certificate[]) authCred.get(CRED_CERT); if (x509Certs == null) { CMS.debug("CertUserDBAuth: no client certificate found"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT")); - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT")); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT)); } CMS.debug("CertUserDBAuth: Got client certificate"); if (mRevocationCheckingEnabled) { X509CertImpl cert0 = (X509CertImpl) x509Certs[0]; if (cert0 == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_NO_CERT")); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_NO_CERT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_NO_CERT")); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_NO_CERT")); } if (CMS.isRevoked(x509Certs)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_REVOKED_CERT")); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_REVOKED_CERT")); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } } @@ -185,28 +177,19 @@ public class CertUserDBAuthentication implements IAuthManager { try { user = (User) mCULocator.locateUser(certs); } catch (EUsrGrpException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_AUTH_AGENT_AUTH_FAILED", x509Certs[0] - .getSerialNumber().toString(16), x509Certs[0] - .getSubjectDN().toString(), e.toString())); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_AUTH_FAILED", x509Certs[0].getSerialNumber().toString(16), x509Certs[0].getSubjectDN().toString(), e.toString())); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } catch (netscape.ldap.LDAPException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_CANNOT_AGENT_AUTH", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_CANNOT_AGENT_AUTH", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } - // any unexpected error occurs like internal db down, + // any unexpected error occurs like internal db down, // UGSubsystem only returns null for user. if (user == null) { CMS.debug("Authentication: cannot map certificate to user"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_AGENT_USER_NOT_FOUND")); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_USER_NOT_FOUND")); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } CMS.debug("Authentication: mapped certificate to user"); @@ -215,22 +198,20 @@ public class CertUserDBAuthentication implements IAuthManager { authToken.set(TOKEN_USER_DN, user.getUserDN()); authToken.set(TOKEN_USERID, user.getUserID()); authToken.set(TOKEN_UID, user.getUserID()); - authToken.set(CRED_CERT, certs); + authToken.set(CRED_CERT, certs); - log(ILogger.LL_INFO, - CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", user.getUserID())); + log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", user.getUserID())); CMS.debug("authenticated " + user.getUserDN()); return authToken; } /** - * get the list of authentication credential attribute names required by - * this authentication manager. Generally used by the servlets that handle - * agent operations to authenticate its users. It calls this method to know - * which are the required credentials from the user (e.g. Javascript form - * data) - * + * get the list of authentication credential attribute names + * required by this authentication manager. Generally used by + * the servlets that handle agent operations to authenticate its + * users. It calls this method to know which are the + * required credentials from the user (e.g. Javascript form data) * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -238,15 +219,15 @@ public class CertUserDBAuthentication implements IAuthManager { } /** - * get the list of configuration parameter names required by this - * authentication manager. Generally used by the Certificate Server Console - * to display the table for configuration purposes. CertUserDBAuthentication - * is currently not exposed in this case, so this method is not to be used. - * - * @return configuration parameter names in Hashtable of Vectors where each - * hashtable entry's key is the substore name, value is a Vector of - * parameter names. If no substore, the parameter name is the - * Hashtable key itself, with value same as key. + * get the list of configuration parameter names + * required by this authentication manager. Generally used by + * the Certificate Server Console to display the table for + * configuration purposes. CertUserDBAuthentication is currently not + * exposed in this case, so this method is not to be used. + * @return configuration parameter names in Hashtable of Vectors + * where each hashtable entry's key is the substore name, value is a + * Vector of parameter names. If no substore, the parameter name + * is the Hashtable key itself, with value same as key. */ public String[] getConfigParams() { return (mConfigParams); @@ -259,8 +240,8 @@ public class CertUserDBAuthentication implements IAuthManager { } /** - * gets the configuretion substore used by this authentication manager - * + * gets the configuretion substore used by this authentication + * manager * @return configuration store */ public IConfigStore getConfigStore() { @@ -270,8 +251,8 @@ public class CertUserDBAuthentication implements IAuthManager { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, - msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java index d4bc5e46e..bf698ddad 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -49,12 +50,14 @@ import com.netscape.cmscore.dbs.CertRecord; import com.netscape.cmscore.dbs.CertificateRepository; import com.netscape.cmscore.util.Debug; + /** - * Challenge phrase based authentication. Maps a certificate to the request in - * the internal database and further compares the challenge phrase with that - * from the EE input. + * Challenge phrase based authentication. + * Maps a certificate to the request in the + * internal database and further compares the challenge phrase with + * that from the EE input. * <P> - * + * * @author cfu chrisho * @version $Revision$, $Date$ */ @@ -66,7 +69,7 @@ public class ChallengePhraseAuthentication implements IAuthManager { /* required credentials */ public static final String CRED_CERT_SERIAL = IAuthManager.CRED_CERT_SERIAL_TO_REVOKE; public static final String CRED_CHALLENGE = "challengePhrase"; - protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE }; + protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE}; /* config parameters to pass to console (none) */ protected static String[] mConfigParams = null; @@ -83,7 +86,7 @@ public class ChallengePhraseAuthentication implements IAuthManager { private Vector mID = null; private MessageDigest mSHADigest = null; - // request attributes hacks + // request attributes hacks public static final String CHALLENGE_PHRASE = CRED_CHALLENGE; public static final String SUBJECTNAME = "subjectName"; public static final String SERIALNUMBER = "serialNumber"; @@ -95,15 +98,14 @@ public class ChallengePhraseAuthentication implements IAuthManager { /** * initializes the ChallengePhraseAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing all available - * authentication managers. - * + * called by AuthSubsystem init() method, when initializing + * all available authentication managers. * @param name The name of this authentication manager instance. * @param implName The name of the authentication manager plugin. * @param config The configuration store for this authentication manager. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -111,13 +113,12 @@ public class ChallengePhraseAuthentication implements IAuthManager { try { mSHADigest = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { - throw new EAuthException(CMS.getUserMessage( - "CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage())); + throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage())); } log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name)); } - + /** * Gets the name of this authentication manager. */ @@ -131,26 +132,26 @@ public class ChallengePhraseAuthentication implements IAuthManager { public String getImplName() { return mImplName; } - + /** * authenticates revocation of a certification by a challenge phrase * <p> - * called by other subsystems or their servlets to authenticate a revocation - * request - * - * @param authCred - authentication credential that contains a Certificate - * to revoke + * called by other subsystems or their servlets to authenticate + * a revocation request + * @param authCred - authentication credential that contains + * a Certificate to revoke * @return the authentication token that contains the request id - * + * * @exception EMissingCredential If a required credential for this - * authentication manager is missing. + * authentication manager is missing. * @exception EInvalidCredentials If credentials cannot be authenticated. * @exception EBaseException If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { - mCA = (ICertificateAuthority) SubsystemRegistry.getInstance().get("ca"); + throws EMissingCredential, EInvalidCredentials, EBaseException { + mCA = (ICertificateAuthority) + SubsystemRegistry.getInstance().get("ca"); if (mCA != null) { mCertDB = (CertificateRepository) mCA.getCertificateRepository(); @@ -159,10 +160,13 @@ public class ChallengePhraseAuthentication implements IAuthManager { AuthToken authToken = new AuthToken(this); /* - * X509Certificate[] x509Certs = (X509Certificate[]) - * authCred.get(CRED_CERT); if (x509Certs == null) { - * log(ILogger.LL_FAILURE, " missing cert credential."); throw new - * EMissingCredential(CRED_CERT_SERIAL); } + X509Certificate[] x509Certs = + (X509Certificate[]) authCred.get(CRED_CERT); + if (x509Certs == null) { + log(ILogger.LL_FAILURE, + " missing cert credential."); + throw new EMissingCredential(CRED_CERT_SERIAL); + } */ String serialNumString = (String) authCred.get(CRED_CERT_SERIAL); @@ -170,45 +174,42 @@ public class ChallengePhraseAuthentication implements IAuthManager { BigInteger serialNum = null; if (serialNumString == null || serialNumString.equals("")) - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT_SERIAL)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT_SERIAL)); else { - // serialNumString = getDecimalStr(serialNumString); + //serialNumString = getDecimalStr(serialNumString); try { serialNumString = serialNumString.trim(); - if (serialNumString.startsWith("0x") - || serialNumString.startsWith("0X")) { - serialNum = new BigInteger(serialNumString.substring(2), 16); + if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) { + serialNum = new + BigInteger(serialNumString.substring(2), 16); } else { - serialNum = new BigInteger(serialNumString); + serialNum = new + BigInteger(serialNumString); } - + } catch (NumberFormatException e) { - throw new EAuthUserError(CMS.getUserMessage( - "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", - "Invalid serial number.")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number.")); } } String challenge = (String) authCred.get(CRED_CHALLENGE); if (challenge == null) { - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CHALLENGE)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CHALLENGE)); } if (challenge.equals("")) { // empty challenge not allowed - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_REVO_ATTEMPT", - serialNum.toString())); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_REVO_ATTEMPT", serialNum.toString())); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - /* - * maybe later if (mCertDB.isCertificateRevoked(cert) != null) { - * log(ILogger.LL_FAILURE, "Certificate has already been revoked."); // - * throw something else...cfu throw new EInvalidCredentials(); } + /* maybe later + if (mCertDB.isCertificateRevoked(cert) != null) { + log(ILogger.LL_FAILURE, + "Certificate has already been revoked."); + // throw something else...cfu + throw new EInvalidCredentials(); + } */ X509CertImpl[] certsToRevoke = null; @@ -216,9 +217,9 @@ public class ChallengePhraseAuthentication implements IAuthManager { // check challenge phrase against request /* - * map cert to a request: a cert serial number maps to a cert record in - * the internal db, from the cert record, where we'll find the challenge - * phrase + * map cert to a request: a cert serial number maps to a + * cert record in the internal db, from the cert record, + * where we'll find the challenge phrase */ if (mCertDB != null) { /* is CA */ CertRecord record = null; @@ -234,16 +235,13 @@ public class ChallengePhraseAuthentication implements IAuthManager { String status = record.getStatus(); if (!status.equals("REVOKED")) { - boolean samepwd = compareChallengePassword(record, - challenge); + boolean samepwd = compareChallengePassword(record, challenge); if (samepwd) { bigIntArray = new BigInteger[1]; bigIntArray[0] = record.getSerialNumber(); - } else - throw new EAuthUserError(CMS.getUserMessage( - "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", - "Invalid password.")); + } else + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid password.")); } else { bigIntArray = new BigInteger[0]; @@ -262,8 +260,8 @@ public class ChallengePhraseAuthentication implements IAuthManager { if (queue != null) { IRequest checkChallengeReq = null; - checkChallengeReq = queue - .newRequest(IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST); + checkChallengeReq = + queue.newRequest(IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST); checkChallengeReq.setExtData(CHALLENGE_PHRASE, challenge); // pass just serial number instead of whole cert if (serialNum != null) @@ -273,23 +271,19 @@ public class ChallengePhraseAuthentication implements IAuthManager { RequestStatus status = checkChallengeReq.getRequestStatus(); if (status == RequestStatus.COMPLETE) { - bigIntArray = checkChallengeReq - .getExtDataInBigIntegerArray("serialNoArray"); + bigIntArray = checkChallengeReq.getExtDataInBigIntegerArray("serialNoArray"); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST")); } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE")); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_REVOCATION_CHALLENGE_QUEUE_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_REVOCATION_CHALLENGE_QUEUE_FAILED")); } } // else, ra if (bigIntArray != null && bigIntArray.length > 0) { if (Debug.ON) { Debug.trace("challenge authentication serialno array not null"); - for (int i = 0; i < bigIntArray.length; i++) + for (int i = 0; i < bigIntArray.length; i++) Debug.trace("challenge auth serialno " + bigIntArray[i]); } } @@ -307,17 +301,16 @@ public class ChallengePhraseAuthentication implements IAuthManager { if (str.startsWith("0x") || str.startsWith("0X")) { newStr = "" + Integer.parseInt(str.trim().substring(2), 16); } - + return newStr; } - private boolean compareChallengePassword(CertRecord record, String pwd) - throws EBaseException { + private boolean compareChallengePassword(CertRecord record, String pwd) + throws EBaseException { MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO); if (metaInfo == null) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTRIBUTE", "metaInfo")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "metaInfo")); } if (pwd == null) { @@ -329,8 +322,8 @@ public class ChallengePhraseAuthentication implements IAuthManager { String hashpwd = hashPassword(pwd); // got metaInfo - String challengeString = (String) metaInfo - .get(CertRecord.META_CHALLENGE_PHRASE); + String challengeString = + (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE); if (challengeString == null) { if (Debug.ON) { @@ -343,21 +336,20 @@ public class ChallengePhraseAuthentication implements IAuthManager { return false; /* - * log(ILogger.LL_FAILURE, - * "Incorrect challenge phrase password used for revocation"); throw - * new EInvalidCredentials(); + log(ILogger.LL_FAILURE, + "Incorrect challenge phrase password used for revocation"); + throw new EInvalidCredentials(); */ - } else + } else return true; } /** - * get the list of authentication credential attribute names required by - * this authentication manager. Generally used by the servlets that handle - * agent operations to authenticate its users. It calls this method to know - * which are the required credentials from the user (e.g. Javascript form - * data) - * + * get the list of authentication credential attribute names + * required by this authentication manager. Generally used by + * the servlets that handle agent operations to authenticate its + * users. It calls this method to know which are the + * required credentials from the user (e.g. Javascript form data) * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -365,16 +357,15 @@ public class ChallengePhraseAuthentication implements IAuthManager { } /** - * get the list of configuration parameter names required by this - * authentication manager. Generally used by the Certificate Server Console - * to display the table for configuration purposes. - * ChallengePhraseAuthentication is currently not exposed in this case, so - * this method is not to be used. - * - * @return configuration parameter names in Hashtable of Vectors where each - * hashtable entry's key is the substore name, value is a Vector of - * parameter names. If no substore, the parameter name is the - * Hashtable key itself, with value same as key. + * get the list of configuration parameter names + * required by this authentication manager. Generally used by + * the Certificate Server Console to display the table for + * configuration purposes. ChallengePhraseAuthentication is currently not + * exposed in this case, so this method is not to be used. + * @return configuration parameter names in Hashtable of Vectors + * where each hashtable entry's key is the substore name, value is a + * Vector of parameter names. If no substore, the parameter name + * is the Hashtable key itself, with value same as key. */ public String[] getConfigParams() { return (mConfigParams); @@ -387,8 +378,8 @@ public class ChallengePhraseAuthentication implements IAuthManager { } /** - * gets the configuretion substore used by this authentication manager - * + * gets the configuretion substore used by this authentication + * manager * @return configuration store */ public IConfigStore getConfigStore() { @@ -398,23 +389,24 @@ public class ChallengePhraseAuthentication implements IAuthManager { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, - msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, + level, msg); } private IRequestQueue getReqQueue() { IRequestQueue queue = null; try { - IRegistrationAuthority ra = (IRegistrationAuthority) SubsystemRegistry - .getInstance().get("ra"); + IRegistrationAuthority ra = (IRegistrationAuthority) + SubsystemRegistry.getInstance().get("ra"); if (ra != null) { queue = ra.getRequestQueue(); mRequestor = IRequest.REQUESTOR_RA; } } catch (Exception e) { - log(ILogger.LL_FAILURE, " cannot get access to the request queue."); + log(ILogger.LL_FAILURE, + " cannot get access to the request queue."); } return queue; diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java index a8102e90f..e9bcbcb6b 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.AuthToken; import com.netscape.certsrv.authentication.EInvalidCredentials; @@ -28,10 +29,10 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.logging.ILogger; + /** * This authentication does nothing but just returns an empty authToken. * <P> - * * @author chrisho * @version $Revision$, $Date$ */ @@ -52,16 +53,15 @@ public class NullAuthentication implements IAuthManager { /** * initializes the NullAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing all available - * authentication managers. - * + * called by AuthSubsystem init() method, when initializing + * all available authentication managers. * @param name - Name assigned to this authentication manager instance. * @param implName - Name of the authentication plugin. - * @param config - The configuration store used by the authentication - * subsystem. + * @param config - The configuration store used by the + * authentication subsystem. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -72,22 +72,21 @@ public class NullAuthentication implements IAuthManager { /** * authenticates nothing * <p> - * called by other subsystems or their servlets to authenticate - * administrators - * - * @param authCred Authentication credentials. "uid" and "pwd" are required. + * called by other subsystems or their servlets to authenticate administrators + * @param authCred Authentication credentials. + * "uid" and "pwd" are required. * @return the authentication token (authToken) that contains the following - * userdn = [userdn, in case of success]<br> - * authMgrName = [authMgrName]<br> - * @exception com.netscape.certsrv.base.MissingCredential If either "uid" or - * "pwd" is missing from the given credentials. - * @exception com.netscape.certsrv.base.InvalidCredentials If the the - * credentials failed to authenticate. - * @exception com.netscape.certsrv.base.EBaseException If an internal error - * occurred. + * userdn = [userdn, in case of success]<br> + * authMgrName = [authMgrName]<br> + * @exception com.netscape.certsrv.base.MissingCredential If either + * "uid" or "pwd" is missing from the given credentials. + * @exception com.netscape.certsrv.base.InvalidCredentials If the + * the credentials failed to authenticate. + * @exception com.netscape.certsrv.base.EBaseException If an internal + * error occurred. */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { AuthToken authToken = new AuthToken(this); authToken.set("authType", "NOAUTH"); @@ -110,11 +109,10 @@ public class NullAuthentication implements IAuthManager { } /** - * get the list of authentication credential attribute names required by - * this authentication manager. Generally used by servlets that use this - * authentication manager, to retrieve required credentials from the user - * (e.g. Javascript form data) - * + * get the list of authentication credential attribute names + * required by this authentication manager. Generally used by + * servlets that use this authentication manager, to retrieve + * required credentials from the user (e.g. Javascript form data) * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -122,10 +120,9 @@ public class NullAuthentication implements IAuthManager { } /** - * Get the list of configuration parameter names required by this - * authentication manager. In this case, an empty list. - * - * @return String array of configuration parameters. + * Get the list of configuration parameter names + * required by this authentication manager. In this case, an empty list. + * @return String array of configuration parameters. */ public String[] getConfigParams() { return (mConfigParams); @@ -138,8 +135,8 @@ public class NullAuthentication implements IAuthManager { } /** - * gets the configuration substore used by this authentication manager - * + * gets the configuration substore used by this authentication + * manager * @return configuration store */ public IConfigStore getConfigStore() { @@ -148,14 +145,13 @@ public class NullAuthentication implements IAuthManager { /** * Log a message. - * * @param level The logging level. * @param msg The message to log. */ private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, - msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java index 95ddada8f..88dc72969 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + import netscape.ldap.LDAPConnection; import netscape.ldap.LDAPEntry; import netscape.ldap.LDAPException; @@ -42,12 +43,13 @@ import com.netscape.cmscore.ldapconn.LdapConnInfo; import com.netscape.cmscore.usrgrp.UGSubsystem; import com.netscape.cmscore.util.Debug; + /** - * Certificate Server admin authentication. Used to authenticate administrators - * in the Certificate Server Console. Authentications by checking the uid and - * password against the database. + * Certificate Server admin authentication. + * Used to authenticate administrators in the Certificate Server Console. + * Authentications by checking the uid and password against the + * database. * <P> - * * @author lhsiao, cfu * @version $Revision$, $Date$ */ @@ -79,16 +81,15 @@ public class PasswdUserDBAuthentication implements IAuthManager { /** * initializes the PasswdUserDBAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing all available - * authentication managers. - * + * called by AuthSubsystem init() method, when initializing + * all available authentication managers. * @param name - Name assigned to this authentication manager instance. * @param implName - Name of the authentication plugin. - * @param config - The configuration store used by the authentication - * subsystem. + * @param config - The configuration store used by the + * authentication subsystem. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -100,8 +101,7 @@ public class PasswdUserDBAuthentication implements IAuthManager { return; mBaseDN = dbs.getBaseDN(); - mConnFactory = new LdapBoundConnFactory(3, 20, ldapinfo, - dbs.getLdapAuthInfo()); + mConnFactory = new LdapBoundConnFactory(3, 20, ldapinfo, dbs.getLdapAuthInfo()); mAnonConnFactory = new LdapAnonConnFactory(3, 20, ldapinfo); log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_INIT_AUTH", mName)); @@ -110,47 +110,40 @@ public class PasswdUserDBAuthentication implements IAuthManager { /** * authenticates administratrators by LDAP uid/pwd * <p> - * called by other subsystems or their servlets to authenticate - * administrators - * - * @param authCred Authentication credentials. "uid" and "pwd" are required. + * called by other subsystems or their servlets to authenticate administrators + * @param authCred Authentication credentials. + * "uid" and "pwd" are required. * @return the authentication token (authToken) that contains the following - * userdn = [userdn, in case of success]<br> - * authMgrName = [authMgrName]<br> - * @exception com.netscape.certsrv.base.MissingCredential If either "uid" or - * "pwd" is missing from the given credentials. - * @exception com.netscape.certsrv.base.InvalidCredentials If the the - * credentials failed to authenticate. - * @exception com.netscape.certsrv.base.EBaseException If an internal error - * occurred. + * userdn = [userdn, in case of success]<br> + * authMgrName = [authMgrName]<br> + * @exception com.netscape.certsrv.base.MissingCredential If either + * "uid" or "pwd" is missing from the given credentials. + * @exception com.netscape.certsrv.base.InvalidCredentials If the + * the credentials failed to authenticate. + * @exception com.netscape.certsrv.base.EBaseException If an internal + * error occurred. */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { AuthToken authToken = new AuthToken(this); - // make sure the required credentials are provided + // make sure the required credentials are provided String uid = (String) authCred.get(CRED_UID); CMS.debug("Authentication: UID=" + uid); if (uid == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_MISSING_UID")); - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_MISSING_UID")); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } String pwd = (String) authCred.get(CRED_PWD); if (pwd == null) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NULL_PW", uid)); - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD)); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NULL_PW", uid)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD)); } // don't allow anonymous binding if (pwd == "") { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_ADMIN_EMPTY_PW", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_EMPTY_PW", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } String userdn = null; @@ -160,8 +153,8 @@ public class PasswdUserDBAuthentication implements IAuthManager { try { conn = mConnFactory.getConn(); // do anonymous search for the user's dn. - LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, - "(uid=" + uid + ")", null, false); + LDAPSearchResults res = conn.search(mBaseDN, + LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false); if (res.hasMoreElements()) { LDAPEntry entry = (LDAPEntry) res.nextElement(); @@ -169,49 +162,41 @@ public class PasswdUserDBAuthentication implements IAuthManager { userdn = entry.getDN(); } if (userdn == null) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NOT_FOUND", uid)); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NOT_FOUND", uid)); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } anonConn = mAnonConnFactory.getConn(); anonConn.authenticate(userdn, pwd); } catch (LDAPException e) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid, - e.toString())); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid, e.toString())); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } finally { - if (conn != null) + if (conn != null) mConnFactory.returnConn(conn); - if (anonConn != null) + if (anonConn != null) mAnonConnFactory.returnConn(anonConn); } UGSubsystem ug = UGSubsystem.getInstance(); authToken.set(TOKEN_USERDN, userdn); - authToken.set(CRED_UID, uid); // return original uid for info + authToken.set(CRED_UID, uid); // return original uid for info IUser user = null; try { user = ug.getUser(uid); } catch (EBaseException e) { - if (Debug.ON) + if (Debug.ON) e.printStackTrace(); - // not a user in our user/group database. - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, - e.toString())); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + // not a user in our user/group database. + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString())); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } authToken.set(TOKEN_USERDN, user.getUserDN()); authToken.set(TOKEN_USERID, user.getUserID()); log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid)); - + return authToken; } @@ -230,11 +215,10 @@ public class PasswdUserDBAuthentication implements IAuthManager { } /** - * get the list of authentication credential attribute names required by - * this authentication manager. Generally used by servlets that use this - * authentication manager, to retrieve required credentials from the user - * (e.g. Javascript form data) - * + * get the list of authentication credential attribute names + * required by this authentication manager. Generally used by + * servlets that use this authentication manager, to retrieve + * required credentials from the user (e.g. Javascript form data) * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -242,10 +226,9 @@ public class PasswdUserDBAuthentication implements IAuthManager { } /** - * Get the list of configuration parameter names required by this - * authentication manager. In this case, an empty list. - * - * @return String array of configuration parameters. + * Get the list of configuration parameter names + * required by this authentication manager. In this case, an empty list. + * @return String array of configuration parameters. */ public String[] getConfigParams() { return (mConfigParams); @@ -265,8 +248,8 @@ public class PasswdUserDBAuthentication implements IAuthManager { } /** - * gets the configuretion substore used by this authentication manager - * + * gets the configuretion substore used by this authentication + * manager * @return configuration store */ public IConfigStore getConfigStore() { @@ -275,14 +258,13 @@ public class PasswdUserDBAuthentication implements IAuthManager { /** * Log a message. - * * @param level The logging level. * @param msg The message to log. */ private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, - msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, + level, msg); } } diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java index 18bf9f84a..569275376 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + // ldap java sdk // cert server imports. @@ -46,10 +47,10 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cmscore.util.Debug; + /** * SSL client based authentication. * <P> - * * @author chrisho * @version $Revision$, $Date$ */ @@ -69,12 +70,13 @@ public class SSLClientCertAuthentication implements IAuthManager { private IConfigStore mConfig = null; private String mRequestor = null; - /* - * Holds configuration parameters accepted by this implementation. This list - * is passed to the configuration console so configuration for instances of - * this implementation can be configured through the console. + /* Holds configuration parameters accepted by this implementation. + * This list is passed to the configuration console so configuration + * for instances of this implementation can be configured through the + * console. */ - protected static String[] mConfigParams = new String[] {}; + protected static String[] mConfigParams = + new String[] {}; /** * Default constructor, initialization must follow. @@ -84,7 +86,7 @@ public class SSLClientCertAuthentication implements IAuthManager { } public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -93,20 +95,19 @@ public class SSLClientCertAuthentication implements IAuthManager { } public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { + throws EMissingCredential, EInvalidCredentials, EBaseException { AuthToken authToken = new AuthToken(this); CMS.debug("SSLCertAuth: Retrieving client certificates"); - X509Certificate[] x509Certs = (X509Certificate[]) authCred - .get(CRED_CERT); + X509Certificate[] x509Certs = + (X509Certificate[]) authCred.get(CRED_CERT); if (x509Certs == null) { CMS.debug("SSLCertAuth: No client certificate found"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT")); - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT")); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT)); } CMS.debug("SSLCertAuth: Got client certificate"); @@ -117,19 +118,17 @@ public class SSLClientCertAuthentication implements IAuthManager { } X509CertImpl clientCert = (X509CertImpl) x509Certs[0]; - + BigInteger serialNum = null; try { serialNum = (BigInteger) clientCert.getSerialNumber(); - // serialNum = new BigInteger(s.substring(2), 16); + //serialNum = new BigInteger(s.substring(2), 16); } catch (NumberFormatException e) { - throw new EAuthUserError(CMS.getUserMessage( - "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", - "Invalid serial number.")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number.")); } - String clientCertIssuerDN = clientCert.getIssuerDN().toString(); + String clientCertIssuerDN = clientCert.getIssuerDN().toString(); BigInteger[] bigIntArray = null; if (mCertDB != null) { /* is CA */ @@ -146,21 +145,19 @@ public class SSLClientCertAuthentication implements IAuthManager { String status = record.getStatus(); if (status.equals("VALID")) { - + X509CertImpl cacert = mCA.getCACert(); Principal p = cacert.getSubjectDN(); if (!p.toString().equals(clientCertIssuerDN)) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); - } + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); + } } else { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_CERT_STATUS", status)); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", status)); } } else { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } } else { @@ -173,8 +170,8 @@ public class SSLClientCertAuthentication implements IAuthManager { if (queue != null) { IRequest getCertStatusReq = null; - getCertStatusReq = queue - .newRequest(IRequest.GETCERT_STATUS_REQUEST); + getCertStatusReq = + queue.newRequest(IRequest.GETCERT_STATUS_REQUEST); // pass just serial number instead of whole cert if (serialNum != null) { getCertStatusReq.setExtData(SERIALNUMBER, serialNum); @@ -185,34 +182,31 @@ public class SSLClientCertAuthentication implements IAuthManager { RequestStatus status = getCertStatusReq.getRequestStatus(); if (status == RequestStatus.COMPLETE) { - String certStatus = getCertStatusReq - .getExtDataInString(IRequest.CERT_STATUS); + String certStatus = + getCertStatusReq.getExtDataInString(IRequest.CERT_STATUS); - if (certStatus == null) { - String[] params = { "null status" }; + if (certStatus == null) { + String[] params = {"null status"}; - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_CERT_STATUS", params)); - } else if (certStatus.equals("INVALIDCERTROOT")) { throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); + CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params)); + } else if (certStatus.equals("INVALIDCERTROOT")) { + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); } else if (!certStatus.equals("VALID")) { - String[] params = { status.toString() }; + String[] params = {status.toString()}; - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_CERT_STATUS", params)); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params)); } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST")); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_REQUEST_IN_BAD_STATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_REQUEST_IN_BAD_STATE")); } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE")); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_GET_QUEUE_FAILED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_GET_QUEUE_FAILED")); } } // else, ra @@ -228,10 +222,10 @@ public class SSLClientCertAuthentication implements IAuthManager { } /** - * Returns a list of configuration parameter names. The list is passed to - * the configuration console so instances of this implementation can be - * configured through the console. - * + * Returns a list of configuration parameter names. + * The list is passed to the configuration console so instances of + * this implementation can be configured through the console. + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -240,7 +234,6 @@ public class SSLClientCertAuthentication implements IAuthManager { /** * Returns array of required credentials for this authentication manager. - * * @return Array of required credentials. */ public String[] getRequiredCreds() { @@ -250,23 +243,24 @@ public class SSLClientCertAuthentication implements IAuthManager { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, - msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, + level, msg); } private IRequestQueue getReqQueue() { IRequestQueue queue = null; try { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem("ra"); + IRegistrationAuthority ra = + (IRegistrationAuthority) CMS.getSubsystem("ra"); if (ra != null) { queue = ra.getRequestQueue(); mRequestor = IRequest.REQUESTOR_RA; } } catch (Exception e) { - log(ILogger.LL_FAILURE, " cannot get access to the request queue."); + log(ILogger.LL_FAILURE, + " cannot get access to the request queue."); } return queue; @@ -274,7 +268,6 @@ public class SSLClientCertAuthentication implements IAuthManager { /** * Gets the configuration substore used by this authentication manager - * * @return configuration store */ public IConfigStore getConfigStore() { @@ -295,3 +288,4 @@ public class SSLClientCertAuthentication implements IAuthManager { return mImplName; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java index 1c6e95379..69192f3f0 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java @@ -17,14 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + import java.math.BigInteger; import java.util.Date; import com.netscape.certsrv.apps.CMS; -/** + +/** * class storing verified certificate. - * + * * @version $Revision$, $Date$ */ @@ -43,8 +45,9 @@ public class VerifiedCert { /** * Constructs verified certiificate record */ - - public VerifiedCert(BigInteger serialNumber, byte[] certEncoded, int status) { + + public VerifiedCert(BigInteger serialNumber, byte[] certEncoded, + int status) { mStatus = status; mSerialNumber = serialNumber; mCertEncoded = certEncoded; @@ -52,13 +55,13 @@ public class VerifiedCert { } public int check(BigInteger serialNumber, byte[] certEncoded, - long interval, long unknownStateInterval) { + long interval, long unknownStateInterval) { int status = UNKNOWN; - + if (mSerialNumber.equals(serialNumber)) { if (mCertEncoded != null) { - if (certEncoded != null - && mCertEncoded.length == certEncoded.length) { + if (certEncoded != null && + mCertEncoded.length == certEncoded.length) { int i; for (i = 0; i < mCertEncoded.length; i++) { @@ -66,8 +69,7 @@ public class VerifiedCert { break; } if (i >= mCertEncoded.length) { - Date expires = new Date(mCreated.getTime() - + (interval * 1000)); + Date expires = new Date(mCreated.getTime() + (interval * 1000)); Date now = CMS.getCurrentDate(); if (now.after(expires)) @@ -76,8 +78,7 @@ public class VerifiedCert { } } } else if (unknownStateInterval > 0) { - Date expires = new Date(mCreated.getTime() - + (unknownStateInterval * 1000)); + Date expires = new Date(mCreated.getTime() + (unknownStateInterval * 1000)); Date now = CMS.getCurrentDate(); if (now.after(expires)) @@ -89,3 +90,4 @@ public class VerifiedCert { return status; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java index 05ff1500c..ca0f63e55 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java @@ -17,13 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + import java.math.BigInteger; import netscape.security.x509.X509CertImpl; -/** + +/** * class storing verified certificates. - * + * * @version $Revision$, $Date$ */ @@ -36,11 +38,11 @@ public class VerifiedCerts { private VerifiedCert[] mVCerts = null; private long mInterval = 0; private long mUnknownStateInterval = 0; - + /** * Constructs verified certiificates list */ - + public VerifiedCerts(int size, long interval) { mVCerts = new VerifiedCert[size]; mInterval = interval; @@ -61,31 +63,29 @@ public class VerifiedCerts { certEncoded = cert.getEncoded(); } catch (Exception e) { } - if ((certEncoded != null || (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0)) - && mInterval > 0) { + if ((certEncoded != null || + (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0)) + && mInterval > 0) { update(cert.getSerialNumber(), certEncoded, status); } } } - public synchronized void update(BigInteger serialNumber, - byte[] certEncoded, int status) { - if ((status == VerifiedCert.NOT_REVOKED - || status == VerifiedCert.REVOKED || (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0)) - && mInterval > 0) { + public synchronized void update(BigInteger serialNumber, byte[] certEncoded, int status) { + if ((status == VerifiedCert.NOT_REVOKED || + status == VerifiedCert.REVOKED || + (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0)) + && mInterval > 0) { if (mLast == mNext && mFirst == mNext) { // empty - mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, - status); + mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status); mNext = next(mNext); } else if (mFirst == mNext) { // full mFirst = next(mFirst); - mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, - status); + mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status); mLast = mNext; mNext = next(mNext); } else { - mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, - status); + mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status); mLast = mNext; mNext = next(mNext); } @@ -94,8 +94,8 @@ public class VerifiedCerts { public int check(X509CertImpl cert) { int status = VerifiedCert.UNKNOWN; - - if (mLast != mNext && mInterval > 0) { // if not empty and + + if (mLast != mNext && mInterval > 0) { // if not empty and if (cert != null) { byte[] certEncoded = null; @@ -116,13 +116,12 @@ public class VerifiedCerts { int status = VerifiedCert.UNKNOWN; int i = mLast; - if (mVCerts != null && mLast != mNext && mInterval > 0) { // if not - // empty and - while (status == VerifiedCert.UNKNOWN) { - if (mVCerts[i] == null) - return status; - status = mVCerts[i].check(serialNumber, certEncoded, mInterval, - mUnknownStateInterval); + if (mVCerts != null && mLast != mNext && mInterval > 0) { // if not empty and + while (status == VerifiedCert.UNKNOWN) { + if (mVCerts[i] == null) + return status; + status = mVCerts[i].check(serialNumber, certEncoded, + mInterval, mUnknownStateInterval); if (status == VerifiedCert.EXPIRED) { if (mFirst == mLast) mNext = mLast; @@ -136,8 +135,8 @@ public class VerifiedCerts { } } if (status == VerifiedCert.UNKNOWN) - status = mVCerts[i].check(serialNumber, certEncoded, mInterval, - mUnknownStateInterval); + status = mVCerts[i].check(serialNumber, certEncoded, + mInterval, mUnknownStateInterval); } return status; @@ -159,3 +158,4 @@ public class VerifiedCerts { return i; } } + |