summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore/authentication
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/authentication')
-rw-r--r--pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java243
-rw-r--r--pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java143
-rw-r--r--pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java198
-rw-r--r--pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java64
-rw-r--r--pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java130
-rw-r--r--pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java114
-rw-r--r--pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java26
-rw-r--r--pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java56
8 files changed, 439 insertions, 535 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java
index b044f8569..d3793e344 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;
+
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
@@ -39,10 +40,11 @@ import com.netscape.certsrv.base.ISubsystem;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmscore.util.Debug;
+
/**
* Default authentication subsystem
* <P>
- *
+ *
* @author cfu
* @author lhsiao
* @version $Revision$, $Date$
@@ -71,30 +73,29 @@ public class AuthSubsystem implements IAuthSubsystem {
}
/**
- * Initializes the authentication subsystem from the config store. Load
- * Authentication manager plugins, create and initialize initialize
- * authentication manager instances.
- *
+ * Initializes the authentication subsystem from the config store.
+ * Load Authentication manager plugins, create and initialize
+ * initialize authentication manager instances.
* @param owner The owner of this module.
* @param config The configuration store.
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
try {
mLogger = CMS.getLogger();
mConfig = config;
-
- // hardcode admin and agent plugins required for the server to be
+
+ // hardcode admin and agent plugins required for the server to be
// functional.
AuthMgrPlugin newPlugin = null;
- newPlugin = new AuthMgrPlugin(PASSWDUSERDB_PLUGIN_ID,
+ newPlugin = new AuthMgrPlugin(PASSWDUSERDB_PLUGIN_ID,
PasswdUserDBAuthentication.class.getName());
newPlugin.setVisible(false);
mAuthMgrPlugins.put(PASSWDUSERDB_PLUGIN_ID, newPlugin);
- newPlugin = new AuthMgrPlugin(CERTUSERDB_PLUGIN_ID,
+ newPlugin = new AuthMgrPlugin(CERTUSERDB_PLUGIN_ID,
CertUserDBAuthentication.class.getName());
newPlugin.setVisible(false);
mAuthMgrPlugins.put(CERTUSERDB_PLUGIN_ID, newPlugin);
@@ -105,12 +106,12 @@ public class AuthSubsystem implements IAuthSubsystem {
mAuthMgrPlugins.put(CHALLENGE_PLUGIN_ID, newPlugin);
// Bugscape #56659
- // Removed NullAuthMgr to harden CMS. Otherwise,
- // any request submitted for nullAuthMgr will
- // be approved automatically
+ // Removed NullAuthMgr to harden CMS. Otherwise,
+ // any request submitted for nullAuthMgr will
+ // be approved automatically
//
// newPlugin = new AuthMgrPlugin(NULL_PLUGIN_ID,
- // NullAuthentication.class.getName());
+ // NullAuthentication.class.getName());
// newPlugin.setVisible(false);
// mAuthMgrPlugins.put(NULL_PLUGIN_ID, newPlugin);
@@ -127,7 +128,7 @@ public class AuthSubsystem implements IAuthSubsystem {
while (mImpls.hasMoreElements()) {
String id = (String) mImpls.nextElement();
String pluginPath = c.getString(id + "." + PROP_CLASS);
-
+
AuthMgrPlugin plugin = new AuthMgrPlugin(id, pluginPath);
mAuthMgrPlugins.put(id, plugin);
@@ -141,59 +142,50 @@ public class AuthSubsystem implements IAuthSubsystem {
IAuthManager passwdUserDBAuth = new PasswdUserDBAuthentication();
- passwdUserDBAuth.init(PASSWDUSERDB_AUTHMGR_ID,
- PASSWDUSERDB_PLUGIN_ID, null);
- mAuthMgrInsts.put(PASSWDUSERDB_AUTHMGR_ID, new AuthManagerProxy(
- true, passwdUserDBAuth));
+ passwdUserDBAuth.init(PASSWDUSERDB_AUTHMGR_ID, PASSWDUSERDB_PLUGIN_ID, null);
+ mAuthMgrInsts.put(PASSWDUSERDB_AUTHMGR_ID, new
+ AuthManagerProxy(true, passwdUserDBAuth));
if (Debug.ON) {
Debug.trace("loaded password based auth manager");
}
IAuthManager certUserDBAuth = new CertUserDBAuthentication();
- certUserDBAuth.init(CERTUSERDB_AUTHMGR_ID, CERTUSERDB_PLUGIN_ID,
- config);
- mAuthMgrInsts.put(CERTUSERDB_AUTHMGR_ID, new AuthManagerProxy(true,
- certUserDBAuth));
+ certUserDBAuth.init(CERTUSERDB_AUTHMGR_ID, CERTUSERDB_PLUGIN_ID, config);
+ mAuthMgrInsts.put(CERTUSERDB_AUTHMGR_ID, new AuthManagerProxy(true, certUserDBAuth));
if (Debug.ON) {
Debug.trace("loaded certificate based auth manager");
}
IAuthManager challengeAuth = new ChallengePhraseAuthentication();
- challengeAuth.init(CHALLENGE_AUTHMGR_ID, CHALLENGE_PLUGIN_ID,
- config);
- mAuthMgrInsts.put(CHALLENGE_AUTHMGR_ID, new AuthManagerProxy(true,
- challengeAuth));
+ challengeAuth.init(CHALLENGE_AUTHMGR_ID, CHALLENGE_PLUGIN_ID, config);
+ mAuthMgrInsts.put(CHALLENGE_AUTHMGR_ID, new AuthManagerProxy(true, challengeAuth));
if (Debug.ON) {
Debug.trace("loaded challenge phrase auth manager");
}
-
+
IAuthManager cmcAuth = new com.netscape.cms.authentication.CMCAuth();
cmcAuth.init(CMCAUTH_AUTHMGR_ID, CMCAUTH_PLUGIN_ID, config);
- mAuthMgrInsts.put(CMCAUTH_AUTHMGR_ID, new AuthManagerProxy(true,
- cmcAuth));
+ mAuthMgrInsts.put(CMCAUTH_AUTHMGR_ID, new AuthManagerProxy(true, cmcAuth));
if (Debug.ON) {
Debug.trace("loaded cmc auth manager");
}
-
+
// #56659
// IAuthManager nullAuth = new NullAuthentication();
// nullAuth.init(NULL_AUTHMGR_ID, NULL_PLUGIN_ID, config);
- // mAuthMgrInsts.put(NULL_AUTHMGR_ID, new AuthManagerProxy(true,
- // nullAuth));
+ // mAuthMgrInsts.put(NULL_AUTHMGR_ID, new AuthManagerProxy(true, nullAuth));
// if (Debug.ON) {
- // Debug.trace("loaded null auth manager");
+ // Debug.trace("loaded null auth manager");
// }
IAuthManager sslClientCertAuth = new SSLClientCertAuthentication();
- sslClientCertAuth.init(SSLCLIENTCERT_AUTHMGR_ID,
- SSLCLIENTCERT_PLUGIN_ID, config);
- mAuthMgrInsts.put(SSLCLIENTCERT_AUTHMGR_ID, new AuthManagerProxy(
- true, sslClientCertAuth));
+ sslClientCertAuth.init(SSLCLIENTCERT_AUTHMGR_ID, SSLCLIENTCERT_PLUGIN_ID, config);
+ mAuthMgrInsts.put(SSLCLIENTCERT_AUTHMGR_ID, new AuthManagerProxy(true, sslClientCertAuth));
if (Debug.ON) {
Debug.trace("loaded sslClientCert auth manager");
}
@@ -205,14 +197,12 @@ public class AuthSubsystem implements IAuthSubsystem {
while (instances.hasMoreElements()) {
String insName = (String) instances.nextElement();
String implName = c.getString(insName + "." + PROP_PLUGIN);
- AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins
- .get(implName);
+ AuthMgrPlugin plugin =
+ (AuthMgrPlugin) mAuthMgrPlugins.get(implName);
if (plugin == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_AUTH_CANT_FIND_PLUGIN", implName));
- throw new EAuthMgrPluginNotFound(CMS.getUserMessage(
- "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_CANT_FIND_PLUGIN", implName));
+ throw new EAuthMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName));
}
String className = plugin.getClassPath();
@@ -221,56 +211,44 @@ public class AuthSubsystem implements IAuthSubsystem {
IAuthManager authMgrInst = null;
try {
- authMgrInst = (IAuthManager) Class.forName(className)
- .newInstance();
+ authMgrInst = (IAuthManager)
+ Class.forName(className).newInstance();
IConfigStore authMgrConfig = c.getSubStore(insName);
authMgrInst.init(insName, implName, authMgrConfig);
isEnable = true;
- log(ILogger.LL_INFO, CMS.getLogMessage(
- "CMSCORE_AUTH_ADD_AUTH_INSTANCE", insName));
+ log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_ADD_AUTH_INSTANCE", insName));
} catch (ClassNotFoundException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR",
- e.toString()));
- throw new EAuthException(CMS.getUserMessage(
- "CMS_ACL_CLASS_LOAD_FAIL", className));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString()));
+ throw new
+ EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
} catch (IllegalAccessException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR",
- e.toString()));
- throw new EAuthException(CMS.getUserMessage(
- "CMS_ACL_CLASS_LOAD_FAIL", className));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString()));
+ throw new
+ EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
} catch (InstantiationException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR",
- e.toString()));
- throw new EAuthException(CMS.getUserMessage(
- "CMS_ACL_CLASS_LOAD_FAIL", className));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString()));
+ throw new
+ EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_AUTH_AUTH_INIT_ERROR", insName,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString()));
// Skip the authenticaiton instance if
// it is mis-configurated. This give
// administrator another chance to
// fix the problem via console
} catch (Throwable e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_AUTH_AUTH_INIT_ERROR", insName,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString()));
// Skip the authenticaiton instance if
// it is mis-configurated. This give
// administrator another chance to
// fix the problem via console
}
// add manager instance to list.
- mAuthMgrInsts.put(insName, new AuthManagerProxy(isEnable,
- authMgrInst));
+ mAuthMgrInsts.put(insName, new
+ AuthManagerProxy(isEnable, authMgrInst));
if (Debug.ON) {
- Debug.trace("loaded auth instance " + insName + " impl "
- + implName);
+ Debug.trace("loaded auth instance " + insName + " impl " + implName);
}
}
log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", getId()));
@@ -284,73 +262,66 @@ public class AuthSubsystem implements IAuthSubsystem {
/**
* Authenticate to the named authentication manager instance
* <p>
- *
- * @param authCred authentication credentials subject to the requirements of
- * each authentication manager
+ * @param authCred authentication credentials subject to the
+ * requirements of each authentication manager
* @param authMgrName name of the authentication manager instance
- * @return authentication token with individualized authenticated
- * information.
+ * @return authentication token with individualized authenticated
+ * information.
* @exception EMissingCredential If a required credential for the
- * authentication manager is missing.
+ * authentication manager is missing.
* @exception EInvalidCredentials If the credentials cannot be authenticated
* @exception EAuthMgrNotFound The auth manager is not found.
* @exception EBaseException If an internal error occurred.
*/
- public IAuthToken authenticate(IAuthCredentials authCred,
- String authMgrInstName) throws EMissingCredential,
- EInvalidCredentials, EAuthMgrNotFound, EBaseException {
- AuthManagerProxy proxy = (AuthManagerProxy) mAuthMgrInsts
- .get(authMgrInstName);
+ public IAuthToken authenticate(
+ IAuthCredentials authCred, String authMgrInstName)
+ throws EMissingCredential, EInvalidCredentials,
+ EAuthMgrNotFound, EBaseException {
+ AuthManagerProxy proxy = (AuthManagerProxy)
+ mAuthMgrInsts.get(authMgrInstName);
if (proxy == null) {
- throw new EAuthMgrNotFound(CMS.getUserMessage(
- "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
+ throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
}
if (!proxy.isEnable()) {
- throw new EAuthMgrNotFound(CMS.getUserMessage(
- "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
+ throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
}
IAuthManager authMgrInst = proxy.getAuthManager();
if (authMgrInst == null) {
- throw new EAuthMgrNotFound(CMS.getUserMessage(
- "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
+ throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
}
return (authMgrInst.authenticate(authCred));
}
/**
- * Gets a list of required authentication credential names of the specified
- * authentication manager.
+ * Gets a list of required authentication credential names
+ * of the specified authentication manager.
*/
public String[] getRequiredCreds(String authMgrInstName)
- throws EAuthMgrNotFound {
+ throws EAuthMgrNotFound {
IAuthManager authMgrInst = get(authMgrInstName);
if (authMgrInst == null) {
- throw new EAuthMgrNotFound(CMS.getUserMessage(
- "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
+ throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
}
return authMgrInst.getRequiredCreds();
}
/**
- * Gets configuration parameters for the given authentication manager
- * plugin.
- *
+ * Gets configuration parameters for the given
+ * authentication manager plugin.
* @param implName Name of the authentication plugin.
* @return Hashtable of required parameters.
*/
public String[] getConfigParams(String implName)
- throws EAuthMgrPluginNotFound, EBaseException {
+ throws EAuthMgrPluginNotFound, EBaseException {
// is this a registered implname?
AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins.get(implName);
if (plugin == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_AUTH_PLUGIN_NOT_FOUND", implName));
- throw new EAuthMgrPluginNotFound(CMS.getUserMessage(
- "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_PLUGIN_NOT_FOUND", implName));
+ throw new EAuthMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implName));
}
// a temporary instance
@@ -358,32 +329,26 @@ public class AuthSubsystem implements IAuthSubsystem {
String className = plugin.getClassPath();
try {
- authMgrInst = (IAuthManager) Class.forName(className).newInstance();
+ authMgrInst = (IAuthManager)
+ Class.forName(className).newInstance();
return (authMgrInst.getConfigParams());
} catch (InstantiationException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED",
- e.toString()));
- throw new EAuthException(CMS.getUserMessage(
- "CMS_ACL_CLASS_LOAD_FAIL", className));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
+ throw new
+ EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
} catch (ClassNotFoundException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED",
- e.toString()));
- throw new EAuthException(CMS.getUserMessage(
- "CMS_ACL_CLASS_LOAD_FAIL", className));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
+ throw new
+ EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
} catch (IllegalAccessException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED",
- e.toString()));
- throw new EAuthException(CMS.getUserMessage(
- "CMS_ACL_CLASS_LOAD_FAIL", className));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
+ throw new
+ EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
}
}
/**
* Add an authentication manager instance.
- *
* @param name name of the authentication manager instance
* @param authMgr the authentication manager instance to be added
*/
@@ -393,7 +358,6 @@ public class AuthSubsystem implements IAuthSubsystem {
/*
* Removes a authentication manager instance.
- *
* @param name name of the authentication manager
*/
public void delete(String name) {
@@ -402,7 +366,6 @@ public class AuthSubsystem implements IAuthSubsystem {
/**
* Gets the authentication manager instance of the specified name.
- *
* @param name name of the authentication manager instance
* @return the named authentication manager instance
*/
@@ -446,9 +409,9 @@ public class AuthSubsystem implements IAuthSubsystem {
}
/**
- * Retrieve a single auth manager instance
+ * Retrieve a single auth manager instance
*/
-
+
/* getconfigparams above should be recoded to use this func */
public IAuthManager getAuthManagerPlugin(String name) {
AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins.get(name);
@@ -459,27 +422,23 @@ public class AuthSubsystem implements IAuthSubsystem {
authMgrInst = (IAuthManager) Class.forName(classpath).newInstance();
return (authMgrInst);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
return null;
}
}
/**
* Retrieves id (name) of this subsystem.
- *
* @return name of the authentication subsystem
*/
public String getId() {
return (mId);
}
-
+
/**
* Sets id string to this subsystem.
* <p>
- * Use with caution. Should not do it when sharing with others
- *
+ * Use with caution. Should not do it when sharing with others
* @param id name to be applied to an authentication sybsystem
*/
public void setId(String id) throws EBaseException {
@@ -490,23 +449,22 @@ public class AuthSubsystem implements IAuthSubsystem {
* registers the administration servlet with the administration subsystem.
*/
public void startup() throws EBaseException {
- // remove the log since it's already logged from S_ADMIN
- // String infoMsg = "Auth subsystem administration Servlet registered";
- // log(ILogger.LL_INFO, infoMsg);
+ //remove the log since it's already logged from S_ADMIN
+ //String infoMsg = "Auth subsystem administration Servlet registered";
+ //log(ILogger.LL_INFO, infoMsg);
}
/**
- * shuts down authentication managers one by one.
+ * shuts down authentication managers one by one.
* <P>
*/
public void shutdown() {
- for (Enumeration e = mAuthMgrInsts.keys(); e.hasMoreElements();) {
+ for (Enumeration e = mAuthMgrInsts.keys();
+ e.hasMoreElements();) {
IAuthManager mgr = (IAuthManager) get((String) e.nextElement());
- log(ILogger.LL_INFO,
- CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_SHUTDOWN",
- mgr.getName()));
+ log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_SHUTDOWN", mgr.getName()));
mgr.shutdown();
}
@@ -528,7 +486,7 @@ public class AuthSubsystem implements IAuthSubsystem {
/**
* Returns the root configuration storage of this system.
* <P>
- *
+ *
* @return configuration store of this subsystem
*/
public IConfigStore getConfigStore() {
@@ -537,7 +495,6 @@ public class AuthSubsystem implements IAuthSubsystem {
/**
* gets the named authentication manager
- *
* @param name of the authentication manager
* @return the named authentication manager
*/
@@ -551,8 +508,8 @@ public class AuthSubsystem implements IAuthSubsystem {
public void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
- msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
+ level, msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
index 5e9e8dea4..c82142942 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;
+
import java.security.cert.X509Certificate;
import netscape.security.x509.X509CertImpl;
@@ -37,11 +38,13 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
import com.netscape.cmscore.usrgrp.ExactMatchCertUserLocator;
import com.netscape.cmscore.usrgrp.User;
+
/**
- * Certificate server agent authentication. Maps a SSL client authenticate
- * certificate to a user (agent) entry in the internal database.
+ * Certificate server agent authentication.
+ * Maps a SSL client authenticate certificate to a user (agent) entry in the
+ * internal database.
* <P>
- *
+ *
* @author lhsiao
* @author cfu
* @version $Revision$, $Date$
@@ -78,15 +81,15 @@ public class CertUserDBAuthentication implements IAuthManager {
/**
* initializes the CertUserDBAuthentication auth manager
* <p>
- * called by AuthSubsystem init() method, when initializing all available
- * authentication managers.
- *
- * @param owner - The authentication subsystem that hosts this auth manager
- * @param config - The configuration store used by the authentication
- * subsystem
+ * called by AuthSubsystem init() method, when initializing
+ * all available authentication managers.
+ * @param owner - The authentication subsystem that hosts this
+ * auth manager
+ * @param config - The configuration store used by the
+ * authentication subsystem
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -95,25 +98,21 @@ public class CertUserDBAuthentication implements IAuthManager {
mRevocationChecking = mConfig.getSubStore("revocationChecking");
}
if (mRevocationChecking != null) {
- mRevocationCheckingEnabled = mRevocationChecking.getBoolean(
- "enabled", false);
+ mRevocationCheckingEnabled = mRevocationChecking.getBoolean("enabled", false);
if (mRevocationCheckingEnabled) {
int size = mRevocationChecking.getInteger("bufferSize", 0);
- long interval = (long) mRevocationChecking.getInteger(
- "validityInterval", 28800);
- long unknownStateInterval = (long) mRevocationChecking
- .getInteger("unknownStateInterval", 1800);
+ long interval = (long) mRevocationChecking.getInteger("validityInterval", 28800);
+ long unknownStateInterval = (long) mRevocationChecking.getInteger("unknownStateInterval", 1800);
if (size > 0)
- CMS.setListOfVerifiedCerts(size, interval,
- unknownStateInterval);
+ CMS.setListOfVerifiedCerts(size, interval, unknownStateInterval);
}
}
mCULocator = new ExactMatchCertUserLocator();
log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name));
}
-
+
/**
* Gets the name of this authentication manager.
*/
@@ -127,52 +126,45 @@ public class CertUserDBAuthentication implements IAuthManager {
public String getImplName() {
return mImplName;
}
-
+
/**
* authenticates user(agent) by certificate
* <p>
- * called by other subsystems or their servlets to authenticate users
- * (agents)
- *
- * @param authCred - authentication credential that contains an
- * usrgrp.Certificates of the user (agent)
+ * called by other subsystems or their servlets to authenticate
+ * users (agents)
+ * @param authCred - authentication credential that contains
+ * an usrgrp.Certificates of the user (agent)
* @return the authentication token that contains the following
- *
- * @exception com.netscape.certsrv.base.EAuthsException any authentication
- * failure or insufficient credentials
+ *
+ * @exception com.netscape.certsrv.base.EAuthsException any
+ * authentication failure or insufficient credentials
* @see com.netscape.certsrv.authentication.AuthToken
* @see com.netscape.certsrv.usrgrp.Certificates
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
CMS.debug("CertUserDBAuth: started");
AuthToken authToken = new AuthToken(this);
CMS.debug("CertUserDBAuth: Retrieving client certificate");
- X509Certificate[] x509Certs = (X509Certificate[]) authCred
- .get(CRED_CERT);
+ X509Certificate[] x509Certs =
+ (X509Certificate[]) authCred.get(CRED_CERT);
if (x509Certs == null) {
CMS.debug("CertUserDBAuth: no client certificate found");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
- throw new EMissingCredential(CMS.getUserMessage(
- "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
+ throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT));
}
CMS.debug("CertUserDBAuth: Got client certificate");
if (mRevocationCheckingEnabled) {
X509CertImpl cert0 = (X509CertImpl) x509Certs[0];
if (cert0 == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_NO_CERT"));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_NO_CERT"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_NO_CERT"));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_NO_CERT"));
}
if (CMS.isRevoked(x509Certs)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_REVOKED_CERT"));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_REVOKED_CERT"));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
}
@@ -185,28 +177,19 @@ public class CertUserDBAuthentication implements IAuthManager {
try {
user = (User) mCULocator.locateUser(certs);
} catch (EUsrGrpException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_AUTH_AGENT_AUTH_FAILED", x509Certs[0]
- .getSerialNumber().toString(16), x509Certs[0]
- .getSubjectDN().toString(), e.toString()));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_AUTH_FAILED", x509Certs[0].getSerialNumber().toString(16), x509Certs[0].getSubjectDN().toString(), e.toString()));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
} catch (netscape.ldap.LDAPException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_CANNOT_AGENT_AUTH",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_CANNOT_AGENT_AUTH", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
}
- // any unexpected error occurs like internal db down,
+ // any unexpected error occurs like internal db down,
// UGSubsystem only returns null for user.
if (user == null) {
CMS.debug("Authentication: cannot map certificate to user");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_AGENT_USER_NOT_FOUND"));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AGENT_USER_NOT_FOUND"));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
CMS.debug("Authentication: mapped certificate to user");
@@ -215,22 +198,20 @@ public class CertUserDBAuthentication implements IAuthManager {
authToken.set(TOKEN_USER_DN, user.getUserDN());
authToken.set(TOKEN_USERID, user.getUserID());
authToken.set(TOKEN_UID, user.getUserID());
- authToken.set(CRED_CERT, certs);
+ authToken.set(CRED_CERT, certs);
- log(ILogger.LL_INFO,
- CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", user.getUserID()));
+ log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", user.getUserID()));
CMS.debug("authenticated " + user.getUserDN());
return authToken;
}
/**
- * get the list of authentication credential attribute names required by
- * this authentication manager. Generally used by the servlets that handle
- * agent operations to authenticate its users. It calls this method to know
- * which are the required credentials from the user (e.g. Javascript form
- * data)
- *
+ * get the list of authentication credential attribute names
+ * required by this authentication manager. Generally used by
+ * the servlets that handle agent operations to authenticate its
+ * users. It calls this method to know which are the
+ * required credentials from the user (e.g. Javascript form data)
* @return attribute names in Vector
*/
public String[] getRequiredCreds() {
@@ -238,15 +219,15 @@ public class CertUserDBAuthentication implements IAuthManager {
}
/**
- * get the list of configuration parameter names required by this
- * authentication manager. Generally used by the Certificate Server Console
- * to display the table for configuration purposes. CertUserDBAuthentication
- * is currently not exposed in this case, so this method is not to be used.
- *
- * @return configuration parameter names in Hashtable of Vectors where each
- * hashtable entry's key is the substore name, value is a Vector of
- * parameter names. If no substore, the parameter name is the
- * Hashtable key itself, with value same as key.
+ * get the list of configuration parameter names
+ * required by this authentication manager. Generally used by
+ * the Certificate Server Console to display the table for
+ * configuration purposes. CertUserDBAuthentication is currently not
+ * exposed in this case, so this method is not to be used.
+ * @return configuration parameter names in Hashtable of Vectors
+ * where each hashtable entry's key is the substore name, value is a
+ * Vector of parameter names. If no substore, the parameter name
+ * is the Hashtable key itself, with value same as key.
*/
public String[] getConfigParams() {
return (mConfigParams);
@@ -259,8 +240,8 @@ public class CertUserDBAuthentication implements IAuthManager {
}
/**
- * gets the configuretion substore used by this authentication manager
- *
+ * gets the configuretion substore used by this authentication
+ * manager
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -270,8 +251,8 @@ public class CertUserDBAuthentication implements IAuthManager {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
- msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
+ level, msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java
index d4bc5e46e..bf698ddad 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;
+
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -49,12 +50,14 @@ import com.netscape.cmscore.dbs.CertRecord;
import com.netscape.cmscore.dbs.CertificateRepository;
import com.netscape.cmscore.util.Debug;
+
/**
- * Challenge phrase based authentication. Maps a certificate to the request in
- * the internal database and further compares the challenge phrase with that
- * from the EE input.
+ * Challenge phrase based authentication.
+ * Maps a certificate to the request in the
+ * internal database and further compares the challenge phrase with
+ * that from the EE input.
* <P>
- *
+ *
* @author cfu chrisho
* @version $Revision$, $Date$
*/
@@ -66,7 +69,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
/* required credentials */
public static final String CRED_CERT_SERIAL = IAuthManager.CRED_CERT_SERIAL_TO_REVOKE;
public static final String CRED_CHALLENGE = "challengePhrase";
- protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE };
+ protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE};
/* config parameters to pass to console (none) */
protected static String[] mConfigParams = null;
@@ -83,7 +86,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
private Vector mID = null;
private MessageDigest mSHADigest = null;
- // request attributes hacks
+ // request attributes hacks
public static final String CHALLENGE_PHRASE = CRED_CHALLENGE;
public static final String SUBJECTNAME = "subjectName";
public static final String SERIALNUMBER = "serialNumber";
@@ -95,15 +98,14 @@ public class ChallengePhraseAuthentication implements IAuthManager {
/**
* initializes the ChallengePhraseAuthentication auth manager
* <p>
- * called by AuthSubsystem init() method, when initializing all available
- * authentication managers.
- *
+ * called by AuthSubsystem init() method, when initializing
+ * all available authentication managers.
* @param name The name of this authentication manager instance.
* @param implName The name of the authentication manager plugin.
* @param config The configuration store for this authentication manager.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -111,13 +113,12 @@ public class ChallengePhraseAuthentication implements IAuthManager {
try {
mSHADigest = MessageDigest.getInstance("SHA1");
} catch (NoSuchAlgorithmException e) {
- throw new EAuthException(CMS.getUserMessage(
- "CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()));
+ throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()));
}
log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name));
}
-
+
/**
* Gets the name of this authentication manager.
*/
@@ -131,26 +132,26 @@ public class ChallengePhraseAuthentication implements IAuthManager {
public String getImplName() {
return mImplName;
}
-
+
/**
* authenticates revocation of a certification by a challenge phrase
* <p>
- * called by other subsystems or their servlets to authenticate a revocation
- * request
- *
- * @param authCred - authentication credential that contains a Certificate
- * to revoke
+ * called by other subsystems or their servlets to authenticate
+ * a revocation request
+ * @param authCred - authentication credential that contains
+ * a Certificate to revoke
* @return the authentication token that contains the request id
- *
+ *
* @exception EMissingCredential If a required credential for this
- * authentication manager is missing.
+ * authentication manager is missing.
* @exception EInvalidCredentials If credentials cannot be authenticated.
* @exception EBaseException If an internal error occurred.
* @see com.netscape.certsrv.authentication.AuthToken
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
- mCA = (ICertificateAuthority) SubsystemRegistry.getInstance().get("ca");
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
+ mCA = (ICertificateAuthority)
+ SubsystemRegistry.getInstance().get("ca");
if (mCA != null) {
mCertDB = (CertificateRepository) mCA.getCertificateRepository();
@@ -159,10 +160,13 @@ public class ChallengePhraseAuthentication implements IAuthManager {
AuthToken authToken = new AuthToken(this);
/*
- * X509Certificate[] x509Certs = (X509Certificate[])
- * authCred.get(CRED_CERT); if (x509Certs == null) {
- * log(ILogger.LL_FAILURE, " missing cert credential."); throw new
- * EMissingCredential(CRED_CERT_SERIAL); }
+ X509Certificate[] x509Certs =
+ (X509Certificate[]) authCred.get(CRED_CERT);
+ if (x509Certs == null) {
+ log(ILogger.LL_FAILURE,
+ " missing cert credential.");
+ throw new EMissingCredential(CRED_CERT_SERIAL);
+ }
*/
String serialNumString = (String) authCred.get(CRED_CERT_SERIAL);
@@ -170,45 +174,42 @@ public class ChallengePhraseAuthentication implements IAuthManager {
BigInteger serialNum = null;
if (serialNumString == null || serialNumString.equals(""))
- throw new EMissingCredential(CMS.getUserMessage(
- "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT_SERIAL));
+ throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT_SERIAL));
else {
- // serialNumString = getDecimalStr(serialNumString);
+ //serialNumString = getDecimalStr(serialNumString);
try {
serialNumString = serialNumString.trim();
- if (serialNumString.startsWith("0x")
- || serialNumString.startsWith("0X")) {
- serialNum = new BigInteger(serialNumString.substring(2), 16);
+ if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) {
+ serialNum = new
+ BigInteger(serialNumString.substring(2), 16);
} else {
- serialNum = new BigInteger(serialNumString);
+ serialNum = new
+ BigInteger(serialNumString);
}
-
+
} catch (NumberFormatException e) {
- throw new EAuthUserError(CMS.getUserMessage(
- "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE",
- "Invalid serial number."));
+ throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number."));
}
}
String challenge = (String) authCred.get(CRED_CHALLENGE);
if (challenge == null) {
- throw new EMissingCredential(CMS.getUserMessage(
- "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CHALLENGE));
+ throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CHALLENGE));
}
if (challenge.equals("")) {
// empty challenge not allowed
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_REVO_ATTEMPT",
- serialNum.toString()));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_REVO_ATTEMPT", serialNum.toString()));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
- /*
- * maybe later if (mCertDB.isCertificateRevoked(cert) != null) {
- * log(ILogger.LL_FAILURE, "Certificate has already been revoked."); //
- * throw something else...cfu throw new EInvalidCredentials(); }
+ /* maybe later
+ if (mCertDB.isCertificateRevoked(cert) != null) {
+ log(ILogger.LL_FAILURE,
+ "Certificate has already been revoked.");
+ // throw something else...cfu
+ throw new EInvalidCredentials();
+ }
*/
X509CertImpl[] certsToRevoke = null;
@@ -216,9 +217,9 @@ public class ChallengePhraseAuthentication implements IAuthManager {
// check challenge phrase against request
/*
- * map cert to a request: a cert serial number maps to a cert record in
- * the internal db, from the cert record, where we'll find the challenge
- * phrase
+ * map cert to a request: a cert serial number maps to a
+ * cert record in the internal db, from the cert record,
+ * where we'll find the challenge phrase
*/
if (mCertDB != null) { /* is CA */
CertRecord record = null;
@@ -234,16 +235,13 @@ public class ChallengePhraseAuthentication implements IAuthManager {
String status = record.getStatus();
if (!status.equals("REVOKED")) {
- boolean samepwd = compareChallengePassword(record,
- challenge);
+ boolean samepwd = compareChallengePassword(record, challenge);
if (samepwd) {
bigIntArray = new BigInteger[1];
bigIntArray[0] = record.getSerialNumber();
- } else
- throw new EAuthUserError(CMS.getUserMessage(
- "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE",
- "Invalid password."));
+ } else
+ throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid password."));
} else {
bigIntArray = new BigInteger[0];
@@ -262,8 +260,8 @@ public class ChallengePhraseAuthentication implements IAuthManager {
if (queue != null) {
IRequest checkChallengeReq = null;
- checkChallengeReq = queue
- .newRequest(IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST);
+ checkChallengeReq =
+ queue.newRequest(IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST);
checkChallengeReq.setExtData(CHALLENGE_PHRASE, challenge);
// pass just serial number instead of whole cert
if (serialNum != null)
@@ -273,23 +271,19 @@ public class ChallengePhraseAuthentication implements IAuthManager {
RequestStatus status = checkChallengeReq.getRequestStatus();
if (status == RequestStatus.COMPLETE) {
- bigIntArray = checkChallengeReq
- .getExtDataInBigIntegerArray("serialNoArray");
+ bigIntArray = checkChallengeReq.getExtDataInBigIntegerArray("serialNoArray");
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST"));
}
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE"));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_REVOCATION_CHALLENGE_QUEUE_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_REVOCATION_CHALLENGE_QUEUE_FAILED"));
}
} // else, ra
if (bigIntArray != null && bigIntArray.length > 0) {
if (Debug.ON) {
Debug.trace("challenge authentication serialno array not null");
- for (int i = 0; i < bigIntArray.length; i++)
+ for (int i = 0; i < bigIntArray.length; i++)
Debug.trace("challenge auth serialno " + bigIntArray[i]);
}
}
@@ -307,17 +301,16 @@ public class ChallengePhraseAuthentication implements IAuthManager {
if (str.startsWith("0x") || str.startsWith("0X")) {
newStr = "" + Integer.parseInt(str.trim().substring(2), 16);
}
-
+
return newStr;
}
- private boolean compareChallengePassword(CertRecord record, String pwd)
- throws EBaseException {
+ private boolean compareChallengePassword(CertRecord record, String pwd)
+ throws EBaseException {
MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO);
if (metaInfo == null) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_ATTRIBUTE", "metaInfo"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "metaInfo"));
}
if (pwd == null) {
@@ -329,8 +322,8 @@ public class ChallengePhraseAuthentication implements IAuthManager {
String hashpwd = hashPassword(pwd);
// got metaInfo
- String challengeString = (String) metaInfo
- .get(CertRecord.META_CHALLENGE_PHRASE);
+ String challengeString =
+ (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE);
if (challengeString == null) {
if (Debug.ON) {
@@ -343,21 +336,20 @@ public class ChallengePhraseAuthentication implements IAuthManager {
return false;
/*
- * log(ILogger.LL_FAILURE,
- * "Incorrect challenge phrase password used for revocation"); throw
- * new EInvalidCredentials();
+ log(ILogger.LL_FAILURE,
+ "Incorrect challenge phrase password used for revocation");
+ throw new EInvalidCredentials();
*/
- } else
+ } else
return true;
}
/**
- * get the list of authentication credential attribute names required by
- * this authentication manager. Generally used by the servlets that handle
- * agent operations to authenticate its users. It calls this method to know
- * which are the required credentials from the user (e.g. Javascript form
- * data)
- *
+ * get the list of authentication credential attribute names
+ * required by this authentication manager. Generally used by
+ * the servlets that handle agent operations to authenticate its
+ * users. It calls this method to know which are the
+ * required credentials from the user (e.g. Javascript form data)
* @return attribute names in Vector
*/
public String[] getRequiredCreds() {
@@ -365,16 +357,15 @@ public class ChallengePhraseAuthentication implements IAuthManager {
}
/**
- * get the list of configuration parameter names required by this
- * authentication manager. Generally used by the Certificate Server Console
- * to display the table for configuration purposes.
- * ChallengePhraseAuthentication is currently not exposed in this case, so
- * this method is not to be used.
- *
- * @return configuration parameter names in Hashtable of Vectors where each
- * hashtable entry's key is the substore name, value is a Vector of
- * parameter names. If no substore, the parameter name is the
- * Hashtable key itself, with value same as key.
+ * get the list of configuration parameter names
+ * required by this authentication manager. Generally used by
+ * the Certificate Server Console to display the table for
+ * configuration purposes. ChallengePhraseAuthentication is currently not
+ * exposed in this case, so this method is not to be used.
+ * @return configuration parameter names in Hashtable of Vectors
+ * where each hashtable entry's key is the substore name, value is a
+ * Vector of parameter names. If no substore, the parameter name
+ * is the Hashtable key itself, with value same as key.
*/
public String[] getConfigParams() {
return (mConfigParams);
@@ -387,8 +378,8 @@ public class ChallengePhraseAuthentication implements IAuthManager {
}
/**
- * gets the configuretion substore used by this authentication manager
- *
+ * gets the configuretion substore used by this authentication
+ * manager
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -398,23 +389,24 @@ public class ChallengePhraseAuthentication implements IAuthManager {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
- msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
+ level, msg);
}
private IRequestQueue getReqQueue() {
IRequestQueue queue = null;
try {
- IRegistrationAuthority ra = (IRegistrationAuthority) SubsystemRegistry
- .getInstance().get("ra");
+ IRegistrationAuthority ra = (IRegistrationAuthority)
+ SubsystemRegistry.getInstance().get("ra");
if (ra != null) {
queue = ra.getRequestQueue();
mRequestor = IRequest.REQUESTOR_RA;
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, " cannot get access to the request queue.");
+ log(ILogger.LL_FAILURE,
+ " cannot get access to the request queue.");
}
return queue;
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java
index a8102e90f..e9bcbcb6b 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;
+
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.AuthToken;
import com.netscape.certsrv.authentication.EInvalidCredentials;
@@ -28,10 +29,10 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.logging.ILogger;
+
/**
* This authentication does nothing but just returns an empty authToken.
* <P>
- *
* @author chrisho
* @version $Revision$, $Date$
*/
@@ -52,16 +53,15 @@ public class NullAuthentication implements IAuthManager {
/**
* initializes the NullAuthentication auth manager
* <p>
- * called by AuthSubsystem init() method, when initializing all available
- * authentication managers.
- *
+ * called by AuthSubsystem init() method, when initializing
+ * all available authentication managers.
* @param name - Name assigned to this authentication manager instance.
* @param implName - Name of the authentication plugin.
- * @param config - The configuration store used by the authentication
- * subsystem.
+ * @param config - The configuration store used by the
+ * authentication subsystem.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -72,22 +72,21 @@ public class NullAuthentication implements IAuthManager {
/**
* authenticates nothing
* <p>
- * called by other subsystems or their servlets to authenticate
- * administrators
- *
- * @param authCred Authentication credentials. "uid" and "pwd" are required.
+ * called by other subsystems or their servlets to authenticate administrators
+ * @param authCred Authentication credentials.
+ * "uid" and "pwd" are required.
* @return the authentication token (authToken) that contains the following
- * userdn = [userdn, in case of success]<br>
- * authMgrName = [authMgrName]<br>
- * @exception com.netscape.certsrv.base.MissingCredential If either "uid" or
- * "pwd" is missing from the given credentials.
- * @exception com.netscape.certsrv.base.InvalidCredentials If the the
- * credentials failed to authenticate.
- * @exception com.netscape.certsrv.base.EBaseException If an internal error
- * occurred.
+ * userdn = [userdn, in case of success]<br>
+ * authMgrName = [authMgrName]<br>
+ * @exception com.netscape.certsrv.base.MissingCredential If either
+ * "uid" or "pwd" is missing from the given credentials.
+ * @exception com.netscape.certsrv.base.InvalidCredentials If the
+ * the credentials failed to authenticate.
+ * @exception com.netscape.certsrv.base.EBaseException If an internal
+ * error occurred.
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
AuthToken authToken = new AuthToken(this);
authToken.set("authType", "NOAUTH");
@@ -110,11 +109,10 @@ public class NullAuthentication implements IAuthManager {
}
/**
- * get the list of authentication credential attribute names required by
- * this authentication manager. Generally used by servlets that use this
- * authentication manager, to retrieve required credentials from the user
- * (e.g. Javascript form data)
- *
+ * get the list of authentication credential attribute names
+ * required by this authentication manager. Generally used by
+ * servlets that use this authentication manager, to retrieve
+ * required credentials from the user (e.g. Javascript form data)
* @return attribute names in Vector
*/
public String[] getRequiredCreds() {
@@ -122,10 +120,9 @@ public class NullAuthentication implements IAuthManager {
}
/**
- * Get the list of configuration parameter names required by this
- * authentication manager. In this case, an empty list.
- *
- * @return String array of configuration parameters.
+ * Get the list of configuration parameter names
+ * required by this authentication manager. In this case, an empty list.
+ * @return String array of configuration parameters.
*/
public String[] getConfigParams() {
return (mConfigParams);
@@ -138,8 +135,8 @@ public class NullAuthentication implements IAuthManager {
}
/**
- * gets the configuration substore used by this authentication manager
- *
+ * gets the configuration substore used by this authentication
+ * manager
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -148,14 +145,13 @@ public class NullAuthentication implements IAuthManager {
/**
* Log a message.
- *
* @param level The logging level.
* @param msg The message to log.
*/
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
- msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
+ level, msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
index 95ddada8f..88dc72969 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;
+
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
@@ -42,12 +43,13 @@ import com.netscape.cmscore.ldapconn.LdapConnInfo;
import com.netscape.cmscore.usrgrp.UGSubsystem;
import com.netscape.cmscore.util.Debug;
+
/**
- * Certificate Server admin authentication. Used to authenticate administrators
- * in the Certificate Server Console. Authentications by checking the uid and
- * password against the database.
+ * Certificate Server admin authentication.
+ * Used to authenticate administrators in the Certificate Server Console.
+ * Authentications by checking the uid and password against the
+ * database.
* <P>
- *
* @author lhsiao, cfu
* @version $Revision$, $Date$
*/
@@ -79,16 +81,15 @@ public class PasswdUserDBAuthentication implements IAuthManager {
/**
* initializes the PasswdUserDBAuthentication auth manager
* <p>
- * called by AuthSubsystem init() method, when initializing all available
- * authentication managers.
- *
+ * called by AuthSubsystem init() method, when initializing
+ * all available authentication managers.
* @param name - Name assigned to this authentication manager instance.
* @param implName - Name of the authentication plugin.
- * @param config - The configuration store used by the authentication
- * subsystem.
+ * @param config - The configuration store used by the
+ * authentication subsystem.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -100,8 +101,7 @@ public class PasswdUserDBAuthentication implements IAuthManager {
return;
mBaseDN = dbs.getBaseDN();
- mConnFactory = new LdapBoundConnFactory(3, 20, ldapinfo,
- dbs.getLdapAuthInfo());
+ mConnFactory = new LdapBoundConnFactory(3, 20, ldapinfo, dbs.getLdapAuthInfo());
mAnonConnFactory = new LdapAnonConnFactory(3, 20, ldapinfo);
log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_INIT_AUTH", mName));
@@ -110,47 +110,40 @@ public class PasswdUserDBAuthentication implements IAuthManager {
/**
* authenticates administratrators by LDAP uid/pwd
* <p>
- * called by other subsystems or their servlets to authenticate
- * administrators
- *
- * @param authCred Authentication credentials. "uid" and "pwd" are required.
+ * called by other subsystems or their servlets to authenticate administrators
+ * @param authCred Authentication credentials.
+ * "uid" and "pwd" are required.
* @return the authentication token (authToken) that contains the following
- * userdn = [userdn, in case of success]<br>
- * authMgrName = [authMgrName]<br>
- * @exception com.netscape.certsrv.base.MissingCredential If either "uid" or
- * "pwd" is missing from the given credentials.
- * @exception com.netscape.certsrv.base.InvalidCredentials If the the
- * credentials failed to authenticate.
- * @exception com.netscape.certsrv.base.EBaseException If an internal error
- * occurred.
+ * userdn = [userdn, in case of success]<br>
+ * authMgrName = [authMgrName]<br>
+ * @exception com.netscape.certsrv.base.MissingCredential If either
+ * "uid" or "pwd" is missing from the given credentials.
+ * @exception com.netscape.certsrv.base.InvalidCredentials If the
+ * the credentials failed to authenticate.
+ * @exception com.netscape.certsrv.base.EBaseException If an internal
+ * error occurred.
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
AuthToken authToken = new AuthToken(this);
- // make sure the required credentials are provided
+ // make sure the required credentials are provided
String uid = (String) authCred.get(CRED_UID);
CMS.debug("Authentication: UID=" + uid);
if (uid == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_MISSING_UID"));
- throw new EMissingCredential(CMS.getUserMessage(
- "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_MISSING_UID"));
+ throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
}
String pwd = (String) authCred.get(CRED_PWD);
if (pwd == null) {
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NULL_PW", uid));
- throw new EMissingCredential(CMS.getUserMessage(
- "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
+ log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NULL_PW", uid));
+ throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
}
// don't allow anonymous binding
if (pwd == "") {
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSCORE_AUTH_ADMIN_EMPTY_PW", uid));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_EMPTY_PW", uid));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
String userdn = null;
@@ -160,8 +153,8 @@ public class PasswdUserDBAuthentication implements IAuthManager {
try {
conn = mConnFactory.getConn();
// do anonymous search for the user's dn.
- LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
- "(uid=" + uid + ")", null, false);
+ LDAPSearchResults res = conn.search(mBaseDN,
+ LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
if (res.hasMoreElements()) {
LDAPEntry entry = (LDAPEntry) res.nextElement();
@@ -169,49 +162,41 @@ public class PasswdUserDBAuthentication implements IAuthManager {
userdn = entry.getDN();
}
if (userdn == null) {
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NOT_FOUND", uid));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NOT_FOUND", uid));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
anonConn = mAnonConnFactory.getConn();
anonConn.authenticate(userdn, pwd);
} catch (LDAPException e) {
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid,
- e.toString()));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid, e.toString()));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
} finally {
- if (conn != null)
+ if (conn != null)
mConnFactory.returnConn(conn);
- if (anonConn != null)
+ if (anonConn != null)
mAnonConnFactory.returnConn(anonConn);
}
UGSubsystem ug = UGSubsystem.getInstance();
authToken.set(TOKEN_USERDN, userdn);
- authToken.set(CRED_UID, uid); // return original uid for info
+ authToken.set(CRED_UID, uid); // return original uid for info
IUser user = null;
try {
user = ug.getUser(uid);
} catch (EBaseException e) {
- if (Debug.ON)
+ if (Debug.ON)
e.printStackTrace();
- // not a user in our user/group database.
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid,
- e.toString()));
- throw new EInvalidCredentials(
- CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ // not a user in our user/group database.
+ log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString()));
+ throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
authToken.set(TOKEN_USERDN, user.getUserDN());
authToken.set(TOKEN_USERID, user.getUserID());
log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid));
-
+
return authToken;
}
@@ -230,11 +215,10 @@ public class PasswdUserDBAuthentication implements IAuthManager {
}
/**
- * get the list of authentication credential attribute names required by
- * this authentication manager. Generally used by servlets that use this
- * authentication manager, to retrieve required credentials from the user
- * (e.g. Javascript form data)
- *
+ * get the list of authentication credential attribute names
+ * required by this authentication manager. Generally used by
+ * servlets that use this authentication manager, to retrieve
+ * required credentials from the user (e.g. Javascript form data)
* @return attribute names in Vector
*/
public String[] getRequiredCreds() {
@@ -242,10 +226,9 @@ public class PasswdUserDBAuthentication implements IAuthManager {
}
/**
- * Get the list of configuration parameter names required by this
- * authentication manager. In this case, an empty list.
- *
- * @return String array of configuration parameters.
+ * Get the list of configuration parameter names
+ * required by this authentication manager. In this case, an empty list.
+ * @return String array of configuration parameters.
*/
public String[] getConfigParams() {
return (mConfigParams);
@@ -265,8 +248,8 @@ public class PasswdUserDBAuthentication implements IAuthManager {
}
/**
- * gets the configuretion substore used by this authentication manager
- *
+ * gets the configuretion substore used by this authentication
+ * manager
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -275,14 +258,13 @@ public class PasswdUserDBAuthentication implements IAuthManager {
/**
* Log a message.
- *
* @param level The logging level.
* @param msg The message to log.
*/
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
- msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
+ level, msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java
index 18bf9f84a..569275376 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;
+
// ldap java sdk
// cert server imports.
@@ -46,10 +47,10 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cmscore.util.Debug;
+
/**
* SSL client based authentication.
* <P>
- *
* @author chrisho
* @version $Revision$, $Date$
*/
@@ -69,12 +70,13 @@ public class SSLClientCertAuthentication implements IAuthManager {
private IConfigStore mConfig = null;
private String mRequestor = null;
- /*
- * Holds configuration parameters accepted by this implementation. This list
- * is passed to the configuration console so configuration for instances of
- * this implementation can be configured through the console.
+ /* Holds configuration parameters accepted by this implementation.
+ * This list is passed to the configuration console so configuration
+ * for instances of this implementation can be configured through the
+ * console.
*/
- protected static String[] mConfigParams = new String[] {};
+ protected static String[] mConfigParams =
+ new String[] {};
/**
* Default constructor, initialization must follow.
@@ -84,7 +86,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
}
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -93,20 +95,19 @@ public class SSLClientCertAuthentication implements IAuthManager {
}
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
AuthToken authToken = new AuthToken(this);
CMS.debug("SSLCertAuth: Retrieving client certificates");
- X509Certificate[] x509Certs = (X509Certificate[]) authCred
- .get(CRED_CERT);
+ X509Certificate[] x509Certs =
+ (X509Certificate[]) authCred.get(CRED_CERT);
if (x509Certs == null) {
CMS.debug("SSLCertAuth: No client certificate found");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
- throw new EMissingCredential(CMS.getUserMessage(
- "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
+ throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT));
}
CMS.debug("SSLCertAuth: Got client certificate");
@@ -117,19 +118,17 @@ public class SSLClientCertAuthentication implements IAuthManager {
}
X509CertImpl clientCert = (X509CertImpl) x509Certs[0];
-
+
BigInteger serialNum = null;
try {
serialNum = (BigInteger) clientCert.getSerialNumber();
- // serialNum = new BigInteger(s.substring(2), 16);
+ //serialNum = new BigInteger(s.substring(2), 16);
} catch (NumberFormatException e) {
- throw new EAuthUserError(CMS.getUserMessage(
- "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE",
- "Invalid serial number."));
+ throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number."));
}
- String clientCertIssuerDN = clientCert.getIssuerDN().toString();
+ String clientCertIssuerDN = clientCert.getIssuerDN().toString();
BigInteger[] bigIntArray = null;
if (mCertDB != null) { /* is CA */
@@ -146,21 +145,19 @@ public class SSLClientCertAuthentication implements IAuthManager {
String status = record.getStatus();
if (status.equals("VALID")) {
-
+
X509CertImpl cacert = mCA.getCACert();
Principal p = cacert.getSubjectDN();
if (!p.toString().equals(clientCertIssuerDN)) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME"));
- }
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME"));
+ }
} else {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_CERT_STATUS", status));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", status));
}
} else {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
}
} else {
@@ -173,8 +170,8 @@ public class SSLClientCertAuthentication implements IAuthManager {
if (queue != null) {
IRequest getCertStatusReq = null;
- getCertStatusReq = queue
- .newRequest(IRequest.GETCERT_STATUS_REQUEST);
+ getCertStatusReq =
+ queue.newRequest(IRequest.GETCERT_STATUS_REQUEST);
// pass just serial number instead of whole cert
if (serialNum != null) {
getCertStatusReq.setExtData(SERIALNUMBER, serialNum);
@@ -185,34 +182,31 @@ public class SSLClientCertAuthentication implements IAuthManager {
RequestStatus status = getCertStatusReq.getRequestStatus();
if (status == RequestStatus.COMPLETE) {
- String certStatus = getCertStatusReq
- .getExtDataInString(IRequest.CERT_STATUS);
+ String certStatus =
+ getCertStatusReq.getExtDataInString(IRequest.CERT_STATUS);
- if (certStatus == null) {
- String[] params = { "null status" };
+ if (certStatus == null) {
+ String[] params = {"null status"};
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_CERT_STATUS", params));
- } else if (certStatus.equals("INVALIDCERTROOT")) {
throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME"));
+ CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params));
+ } else if (certStatus.equals("INVALIDCERTROOT")) {
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME"));
} else if (!certStatus.equals("VALID")) {
- String[] params = { status.toString() };
+ String[] params = {status.toString()};
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_CERT_STATUS", params));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params));
}
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST"));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_REQUEST_IN_BAD_STATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_REQUEST_IN_BAD_STATE"));
}
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE"));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_GET_QUEUE_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_GET_QUEUE_FAILED"));
}
} // else, ra
@@ -228,10 +222,10 @@ public class SSLClientCertAuthentication implements IAuthManager {
}
/**
- * Returns a list of configuration parameter names. The list is passed to
- * the configuration console so instances of this implementation can be
- * configured through the console.
- *
+ * Returns a list of configuration parameter names.
+ * The list is passed to the configuration console so instances of
+ * this implementation can be configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
@@ -240,7 +234,6 @@ public class SSLClientCertAuthentication implements IAuthManager {
/**
* Returns array of required credentials for this authentication manager.
- *
* @return Array of required credentials.
*/
public String[] getRequiredCreds() {
@@ -250,23 +243,24 @@ public class SSLClientCertAuthentication implements IAuthManager {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
- msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
+ level, msg);
}
private IRequestQueue getReqQueue() {
IRequestQueue queue = null;
try {
- IRegistrationAuthority ra = (IRegistrationAuthority) CMS
- .getSubsystem("ra");
+ IRegistrationAuthority ra =
+ (IRegistrationAuthority) CMS.getSubsystem("ra");
if (ra != null) {
queue = ra.getRequestQueue();
mRequestor = IRequest.REQUESTOR_RA;
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, " cannot get access to the request queue.");
+ log(ILogger.LL_FAILURE,
+ " cannot get access to the request queue.");
}
return queue;
@@ -274,7 +268,6 @@ public class SSLClientCertAuthentication implements IAuthManager {
/**
* Gets the configuration substore used by this authentication manager
- *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -295,3 +288,4 @@ public class SSLClientCertAuthentication implements IAuthManager {
return mImplName;
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java
index 1c6e95379..69192f3f0 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java
@@ -17,14 +17,16 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;
+
import java.math.BigInteger;
import java.util.Date;
import com.netscape.certsrv.apps.CMS;
-/**
+
+/**
* class storing verified certificate.
- *
+ *
* @version $Revision$, $Date$
*/
@@ -43,8 +45,9 @@ public class VerifiedCert {
/**
* Constructs verified certiificate record
*/
-
- public VerifiedCert(BigInteger serialNumber, byte[] certEncoded, int status) {
+
+ public VerifiedCert(BigInteger serialNumber, byte[] certEncoded,
+ int status) {
mStatus = status;
mSerialNumber = serialNumber;
mCertEncoded = certEncoded;
@@ -52,13 +55,13 @@ public class VerifiedCert {
}
public int check(BigInteger serialNumber, byte[] certEncoded,
- long interval, long unknownStateInterval) {
+ long interval, long unknownStateInterval) {
int status = UNKNOWN;
-
+
if (mSerialNumber.equals(serialNumber)) {
if (mCertEncoded != null) {
- if (certEncoded != null
- && mCertEncoded.length == certEncoded.length) {
+ if (certEncoded != null &&
+ mCertEncoded.length == certEncoded.length) {
int i;
for (i = 0; i < mCertEncoded.length; i++) {
@@ -66,8 +69,7 @@ public class VerifiedCert {
break;
}
if (i >= mCertEncoded.length) {
- Date expires = new Date(mCreated.getTime()
- + (interval * 1000));
+ Date expires = new Date(mCreated.getTime() + (interval * 1000));
Date now = CMS.getCurrentDate();
if (now.after(expires))
@@ -76,8 +78,7 @@ public class VerifiedCert {
}
}
} else if (unknownStateInterval > 0) {
- Date expires = new Date(mCreated.getTime()
- + (unknownStateInterval * 1000));
+ Date expires = new Date(mCreated.getTime() + (unknownStateInterval * 1000));
Date now = CMS.getCurrentDate();
if (now.after(expires))
@@ -89,3 +90,4 @@ public class VerifiedCert {
return status;
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java
index 05ff1500c..ca0f63e55 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java
@@ -17,13 +17,15 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.authentication;
+
import java.math.BigInteger;
import netscape.security.x509.X509CertImpl;
-/**
+
+/**
* class storing verified certificates.
- *
+ *
* @version $Revision$, $Date$
*/
@@ -36,11 +38,11 @@ public class VerifiedCerts {
private VerifiedCert[] mVCerts = null;
private long mInterval = 0;
private long mUnknownStateInterval = 0;
-
+
/**
* Constructs verified certiificates list
*/
-
+
public VerifiedCerts(int size, long interval) {
mVCerts = new VerifiedCert[size];
mInterval = interval;
@@ -61,31 +63,29 @@ public class VerifiedCerts {
certEncoded = cert.getEncoded();
} catch (Exception e) {
}
- if ((certEncoded != null || (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0))
- && mInterval > 0) {
+ if ((certEncoded != null ||
+ (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0))
+ && mInterval > 0) {
update(cert.getSerialNumber(), certEncoded, status);
}
}
}
- public synchronized void update(BigInteger serialNumber,
- byte[] certEncoded, int status) {
- if ((status == VerifiedCert.NOT_REVOKED
- || status == VerifiedCert.REVOKED || (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0))
- && mInterval > 0) {
+ public synchronized void update(BigInteger serialNumber, byte[] certEncoded, int status) {
+ if ((status == VerifiedCert.NOT_REVOKED ||
+ status == VerifiedCert.REVOKED ||
+ (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0))
+ && mInterval > 0) {
if (mLast == mNext && mFirst == mNext) { // empty
- mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded,
- status);
+ mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status);
mNext = next(mNext);
} else if (mFirst == mNext) { // full
mFirst = next(mFirst);
- mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded,
- status);
+ mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status);
mLast = mNext;
mNext = next(mNext);
} else {
- mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded,
- status);
+ mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status);
mLast = mNext;
mNext = next(mNext);
}
@@ -94,8 +94,8 @@ public class VerifiedCerts {
public int check(X509CertImpl cert) {
int status = VerifiedCert.UNKNOWN;
-
- if (mLast != mNext && mInterval > 0) { // if not empty and
+
+ if (mLast != mNext && mInterval > 0) { // if not empty and
if (cert != null) {
byte[] certEncoded = null;
@@ -116,13 +116,12 @@ public class VerifiedCerts {
int status = VerifiedCert.UNKNOWN;
int i = mLast;
- if (mVCerts != null && mLast != mNext && mInterval > 0) { // if not
- // empty and
- while (status == VerifiedCert.UNKNOWN) {
- if (mVCerts[i] == null)
- return status;
- status = mVCerts[i].check(serialNumber, certEncoded, mInterval,
- mUnknownStateInterval);
+ if (mVCerts != null && mLast != mNext && mInterval > 0) { // if not empty and
+ while (status == VerifiedCert.UNKNOWN) {
+ if (mVCerts[i] == null)
+ return status;
+ status = mVCerts[i].check(serialNumber, certEncoded,
+ mInterval, mUnknownStateInterval);
if (status == VerifiedCert.EXPIRED) {
if (mFirst == mLast)
mNext = mLast;
@@ -136,8 +135,8 @@ public class VerifiedCerts {
}
}
if (status == VerifiedCert.UNKNOWN)
- status = mVCerts[i].check(serialNumber, certEncoded, mInterval,
- mUnknownStateInterval);
+ status = mVCerts[i].check(serialNumber, certEncoded,
+ mInterval, mUnknownStateInterval);
}
return status;
@@ -159,3 +158,4 @@ public class VerifiedCerts {
return i;
}
}
+
generated by cgit (git 2.34.1) at 2024-06-09 02:56:30 +0000