diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/cert')
13 files changed, 822 insertions, 809 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java index d8b298126..ed20d76f3 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java @@ -17,14 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.util.Comparator; import java.util.Date; import netscape.security.x509.X509CertImpl; + /** * Compares validity dates for use in sorting. - * + * * @author kanda * @version $Revision$, $Date$ */ @@ -42,11 +44,11 @@ public class CertDateCompare implements Comparator { } catch (Exception e) { e.printStackTrace(); } - if (d1 == d2) - return 0; + if (d1 == d2) return 0; if (d1.after(d2)) return 1; else return -1; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java index 8441df83a..3168b92f2 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java @@ -17,18 +17,20 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.security.cert.Certificate; import com.netscape.certsrv.base.ICertPrettyPrint; + /** - * This class will display the certificate content in predefined format. - * + * This class will display the certificate content in predefined + * format. + * * @author Jack Pan-Chen * @version $Revision$, $Date$ */ -public class CertPrettyPrint extends netscape.security.util.CertPrettyPrint - implements ICertPrettyPrint { +public class CertPrettyPrint extends netscape.security.util.CertPrettyPrint implements ICertPrettyPrint { public CertPrettyPrint(Certificate cert) { super(cert); diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java index 4b45c48cd..5a49d06e8 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -63,9 +64,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.osutil.OSUtil; /** - * Utility class with assorted methods to check for smime pairs, determining the - * type of cert - signature or encryption ..etc. - * + * Utility class with assorted methods to check for + * smime pairs, determining the type of cert - signature + * or encryption ..etc. + * * @author kanda * @version $Revision$, $Date$ */ @@ -76,17 +78,20 @@ public class CertUtils { public static final String CERT_REQUEST_TRAILER = "-----END CERTIFICATE REQUEST-----"; public static final String CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----"; public static final String CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----"; - public static final String BEGIN_CRL_HEADER = "-----BEGIN CERTIFICATE REVOCATION LIST-----"; - public static final String END_CRL_HEADER = "-----END CERTIFICATE REVOCATION LIST-----"; + public static final String BEGIN_CRL_HEADER = + "-----BEGIN CERTIFICATE REVOCATION LIST-----"; + public static final String END_CRL_HEADER = + "-----END CERTIFICATE REVOCATION LIST-----"; protected static ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; + private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = + "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; /** * Remove the header and footer in the PKCS10 request. */ public static String unwrapPKCS10(String request, boolean checkHeader) - throws EBaseException { + throws EBaseException { String unwrapped; String header = null; int head = -1; @@ -107,8 +112,7 @@ public class CertUtils { head = request.indexOf(CERT_REQUEST_HEADER); trail = request.indexOf(CERT_REQUEST_TRAILER); - // If this is not a request header, check if this is a renewal - // header. + // If this is not a request header, check if this is a renewal header. if (!(head == -1 && trail == -1)) { header = CERT_REQUEST_HEADER; @@ -126,12 +130,10 @@ public class CertUtils { // Now validate if any headers or trailers are in place if (head == -1 && checkHeader) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_HEADER")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_HEADER")); } if (trail == -1 && checkHeader) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_TRAILER")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_TRAILER")); } if (header != null) { @@ -160,44 +162,41 @@ public class CertUtils { pkcs10 = new PKCS10(decodedBytes); } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INTERNAL_ERROR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } return pkcs10; } - public static void setRSAKeyToCertInfo(X509CertInfo info, byte encoded[]) - throws EBaseException { + public static void setRSAKeyToCertInfo(X509CertInfo info, + byte encoded[]) throws EBaseException { try { if (info == null) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); } - X509Key key = new X509Key( - AlgorithmId.getAlgorithmId("RSAEncryption"), encoded); + X509Key key = new X509Key(AlgorithmId.getAlgorithmId( + "RSAEncryption"), encoded); info.set(X509CertInfo.KEY, key); } catch (Exception e) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); } } - public static X509CertInfo createCertInfo(int ver, BigInteger serialno, - String alg, String issuerName, Date notBefore, Date notAfter) - throws EBaseException { + public static X509CertInfo createCertInfo(int ver, + BigInteger serialno, String alg, String issuerName, + Date notBefore, Date notAfter) throws EBaseException { try { X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.VERSION, new CertificateVersion(ver)); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( - serialno)); - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId(alg))); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName( - new X500Name(issuerName))); - info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, - notAfter)); + info.set(X509CertInfo.SERIAL_NUMBER, new + CertificateSerialNumber(serialno)); + info.set(X509CertInfo.ALGORITHM_ID, new + CertificateAlgorithmId(AlgorithmId.getAlgorithmId(alg))); + info.set(X509CertInfo.ISSUER, new + CertificateIssuerName(new X500Name(issuerName))); + info.set(X509CertInfo.VALIDITY, new + CertificateValidity(notBefore, notAfter)); return info; } catch (Exception e) { System.out.println(e.toString()); @@ -234,20 +233,19 @@ public class CertUtils { return false; else if (keyUsage.length == 3) return keyUsage[2]; - else - return keyUsage[2] || keyUsage[3]; + else return keyUsage[2] || keyUsage[3]; } public static boolean haveSameValidityPeriod(X509CertImpl cert1, - X509CertImpl cert2) { + X509CertImpl cert2) { long notBefDiff = 0; long notAfterDiff = 0; try { - notBefDiff = Math.abs(cert1.getNotBefore().getTime() - - cert2.getNotBefore().getTime()); - notAfterDiff = Math.abs(cert1.getNotAfter().getTime() - - cert2.getNotAfter().getTime()); + notBefDiff = Math.abs(cert1.getNotBefore().getTime() - + cert2.getNotBefore().getTime()); + notAfterDiff = Math.abs(cert1.getNotAfter().getTime() - + cert2.getNotAfter().getTime()); } catch (Exception e) { e.printStackTrace(); } @@ -257,8 +255,7 @@ public class CertUtils { return true; } - public static boolean isSmimePair(X509CertImpl cert1, X509CertImpl cert2, - boolean matchSubjectDN) { + public static boolean isSmimePair(X509CertImpl cert1, X509CertImpl cert2, boolean matchSubjectDN) { // Check for subjectDN equality. if (matchSubjectDN) { String dn1 = cert1.getSubjectDN().toString(); @@ -267,27 +264,27 @@ public class CertUtils { if (!sameSubjectDN(dn1, dn2)) return false; } - + // Check for the presence of signing and encryption certs. boolean hasSigningCert = isSigningCert(cert1) || isSigningCert(cert2); if (!hasSigningCert) return false; - boolean hasEncryptionCert = isEncryptionCert(cert1) - || isEncryptionCert(cert2); + boolean hasEncryptionCert = isEncryptionCert(cert1) || isEncryptionCert(cert2); if (!hasEncryptionCert) return false; - // If both certs have signing & encryption usage set, they are - // not really pairs. - if ((isSigningCert(cert1) && isEncryptionCert(cert1)) - || (isSigningCert(cert2) && isEncryptionCert(cert2))) + // If both certs have signing & encryption usage set, they are + // not really pairs. + if ((isSigningCert(cert1) && isEncryptionCert(cert1)) || + (isSigningCert(cert2) && isEncryptionCert(cert2))) return false; - // See if the certs have the same validity. - boolean haveSameValidity = haveSameValidityPeriod(cert1, cert2); + // See if the certs have the same validity. + boolean haveSameValidity = + haveSameValidityPeriod(cert1, cert2); return haveSameValidity; } @@ -344,8 +341,7 @@ public class CertUtils { return ret; } - public static String getValidCertsDisplayInfo(String cn, - X509CertImpl[] validCerts) { + public static String getValidCertsDisplayInfo(String cn, X509CertImpl[] validCerts) { StringBuffer sb = new StringBuffer(1024); sb.append(cn + "'s Currently Valid Certificates\n\n"); @@ -353,8 +349,7 @@ public class CertUtils { return new String(sb); } - public static String getExpiredCertsDisplayInfo(String cn, - X509CertImpl[] expiredCerts) { + public static String getExpiredCertsDisplayInfo(String cn, X509CertImpl[] expiredCerts) { StringBuffer sb = new StringBuffer(1024); sb.append(cn + "'s Expired Certificates\n\n"); @@ -363,7 +358,7 @@ public class CertUtils { } public static String getRenewedCertsDisplayInfo(String cn, - X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) { + X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) { StringBuffer sb = new StringBuffer(1024); if (validCerts != null) { @@ -391,29 +386,25 @@ public class CertUtils { signingCert = validCerts[1]; encryptionCert = validCerts[0]; } - sb.append("Signing Certificate Serial No: " - + signingCert.getSerialNumber().toString(16).toUpperCase()); + sb.append("Signing Certificate Serial No: " + signingCert.getSerialNumber().toString(16).toUpperCase()); sb.append("\n"); - sb.append("Encryption Certificate Serial No: " - + encryptionCert.getSerialNumber().toString(16).toUpperCase()); + sb.append("Encryption Certificate Serial No: " + encryptionCert.getSerialNumber().toString(16).toUpperCase()); sb.append("\n"); - sb.append("Validity: From: " + signingCert.getNotBefore().toString() - + " To: " + signingCert.getNotAfter().toString()); + sb.append("Validity: From: " + signingCert.getNotBefore().toString() + " To: " + signingCert.getNotAfter().toString()); sb.append("\n"); return new String(sb); } /** * Returns the index of the given cert in an array of certs. - * - * Assumptions: The certs are issued by the same CA - * - * @param certArray The array of certs. - * @param givenCert The certificate we are lokking for in the array. + * + * Assumptions: The certs are issued by the same CA + * + * @param certArray The array of certs. + * @param givenCert The certificate we are lokking for in the array. * @return -1 if not found or the index of the given cert in the array. */ - public static int getCertIndex(X509CertImpl[] certArray, - X509CertImpl givenCert) { + public static int getCertIndex(X509CertImpl[] certArray, X509CertImpl givenCert) { int i = 0; for (; i < certArray.length; i++) { @@ -427,21 +418,21 @@ public class CertUtils { } /** - * Returns the most recently issued signing certificate from an an array of - * certs. - * - * Assumptions: The certs are issued by the same CA - * - * @param certArray The array of certs. - * @param givenCert The certificate we are lokking for in the array. + * Returns the most recently issued signing certificate from an + * an array of certs. + * + * Assumptions: The certs are issued by the same CA + * + * @param certArray The array of certs. + * @param givenCert The certificate we are lokking for in the array. * @return null if there is no recent cert or the most recent cert. */ public static X509CertImpl getRecentSigningCert(X509CertImpl[] certArray, - X509CertImpl currentCert) { + X509CertImpl currentCert) { if (certArray == null || currentCert == null) return null; - // Sort the certificate array. + // Sort the certificate array. Arrays.sort(certArray, new CertDateCompare()); // Get the index of the current cert in the array. @@ -455,9 +446,8 @@ public class CertUtils { for (; i < certArray.length; i++) { // Check if it is a signing cert and has its // NotAfter later than the current cert. - if (isSigningCert(certArray[i]) - && certArray[i].getNotAfter().after( - recentCert.getNotAfter())) + if (isSigningCert(certArray[i]) && + certArray[i].getNotAfter().after(recentCert.getNotAfter())) recentCert = certArray[i]; } return ((recentCert == currentCert) ? null : recentCert); @@ -476,13 +466,14 @@ public class CertUtils { // Is is object signing cert? try { - CertificateExtensions extns = (CertificateExtensions) cert - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO + "." - + X509CertInfo.EXTENSIONS); + CertificateExtensions extns = (CertificateExtensions) + cert.get(X509CertImpl.NAME + "." + + X509CertImpl.INFO + "." + + X509CertInfo.EXTENSIONS); if (extns != null) { - NSCertTypeExtension nsExtn = (NSCertTypeExtension) extns - .get(NSCertTypeExtension.NAME); + NSCertTypeExtension nsExtn = (NSCertTypeExtension) + extns.get(NSCertTypeExtension.NAME); if (nsExtn != null) { String nsType = getNSExtensionInfo(nsExtn); @@ -494,7 +485,7 @@ public class CertUtils { } } } - } catch (Exception e) { + }catch (Exception e) { } return (sb.length() > 0) ? sb.toString() : null; } @@ -526,13 +517,14 @@ public class CertUtils { res = (Boolean) nsExtn.get(NSCertTypeExtension.OBJECT_SIGNING_CA); if (res.equals(Boolean.TRUE)) sb.append(" object_signing_CA"); - } catch (Exception e) { + }catch (Exception e) { } return (sb.length() > 0) ? sb.toString() : null; } - public static byte[] readFromFile(String fileName) throws IOException { + public static byte[] readFromFile(String fileName) + throws IOException { FileInputStream fin = new FileInputStream(fileName); int available = fin.available(); byte[] ba = new byte[available]; @@ -545,7 +537,7 @@ public class CertUtils { } public static void storeInFile(String fileName, byte[] ba) - throws IOException { + throws IOException { FileOutputStream fout = new FileOutputStream(fileName); fout.write(ba); @@ -554,15 +546,17 @@ public class CertUtils { public static String toMIME64(X509CertImpl cert) { try { - return "-----BEGIN CERTIFICATE-----\n" - + com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) - + "-----END CERTIFICATE-----\n"; + return + "-----BEGIN CERTIFICATE-----\n" + + com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) + + "-----END CERTIFICATE-----\n"; } catch (CertificateException e) { } return null; } - public static X509Certificate mapCert(String mime64) throws IOException { + public static X509Certificate mapCert(String mime64) + throws IOException { mime64 = stripCertBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval); @@ -575,8 +569,8 @@ public class CertUtils { return cert; } - public static X509Certificate[] mapCertFromPKCS7(String mime64) - throws IOException { + public static X509Certificate[] mapCertFromPKCS7(String mime64) + throws IOException { mime64 = stripCertBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval); @@ -590,7 +584,8 @@ public class CertUtils { } } - public static X509CRL mapCRL(String mime64) throws IOException { + public static X509CRL mapCRL(String mime64) + throws IOException { mime64 = stripCRLBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval); @@ -603,7 +598,8 @@ public class CertUtils { return crl; } - public static X509CRL mapCRL1(String mime64) throws IOException { + public static X509CRL mapCRL1(String mime64) + throws IOException { mime64 = stripCRLBrackets(mime64.trim()); byte rawPub[] = OSUtil.AtoB(mime64); X509CRL crl = null; @@ -638,8 +634,8 @@ public class CertUtils { if (s == null) { return s; } - if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) - && (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) { + if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) && + (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) { return (s.substring(43, (s.length() - 41))); } return s; @@ -647,9 +643,8 @@ public class CertUtils { /** * strips out the begin and end certificate brackets - * * @param s the string potentially bracketed with - * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" + * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" * @return string without the brackets */ public static String stripCertBrackets(String s) { @@ -657,14 +652,14 @@ public class CertUtils { return s; } - if ((s.startsWith("-----BEGIN CERTIFICATE-----")) - && (s.endsWith("-----END CERTIFICATE-----"))) { + if ((s.startsWith("-----BEGIN CERTIFICATE-----")) && + (s.endsWith("-----END CERTIFICATE-----"))) { return (s.substring(27, (s.length() - 25))); } // To support Thawte's header and footer - if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) - && (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { + if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) && + (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { return (s.substring(35, (s.length() - 33))); } @@ -672,14 +667,13 @@ public class CertUtils { } /** - * Returns a string that represents a cert's fingerprint. The fingerprint is - * a MD5 digest of the DER encoded certificate. - * - * @param cert Certificate to get the fingerprint of. + * Returns a string that represents a cert's fingerprint. + * The fingerprint is a MD5 digest of the DER encoded certificate. + * @param cert Certificate to get the fingerprint of. * @return a String that represents the cert's fingerprint. */ - public static String getFingerPrint(Certificate cert) - throws CertificateEncodingException, NoSuchAlgorithmException { + public static String getFingerPrint(Certificate cert) + throws CertificateEncodingException, NoSuchAlgorithmException { byte certDer[] = cert.getEncoded(); MessageDigest md = MessageDigest.getInstance("MD5"); @@ -691,17 +685,16 @@ public class CertUtils { sb.append(pp.toHexString(digestedCert, 4, 20)); return sb.toString(); } - + /** - * Returns a string that has the certificate's fingerprint using MD5, MD2 - * and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER - * encoded certificate. - * + * Returns a string that has the certificate's fingerprint using + * MD5, MD2 and SHA1 hashes. + * A certificate's fingerprint is a hash digest of the DER encoded + * certificate. * @param cert Certificate to get the fingerprints of. * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes. - * For example, - * - * <pre> + * For example, + * <pre> * MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 * * MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 @@ -710,33 +703,34 @@ public class CertUtils { * </pre> */ public static String getFingerPrints(Certificate cert) - throws NoSuchAlgorithmException, CertificateEncodingException { + throws NoSuchAlgorithmException, CertificateEncodingException { byte certDer[] = cert.getEncoded(); - /* - * String[] hashes = new String[] {"MD2", "MD5", "SHA1"}; String - * certFingerprints = ""; PrettyPrintFormat pp = new - * PrettyPrintFormat(":"); - * - * for (int i = 0; i < hashes.length; i++) { MessageDigest md = - * MessageDigest.getInstance(hashes[i]); - * - * md.update(certDer); certFingerprints += " " + hashes[i] + ":" + - * pp.toHexString(md.digest(), 6 - hashes[i].length()); } return - * certFingerprints; - */ - return getFingerPrints(certDer); - } + /* + String[] hashes = new String[] {"MD2", "MD5", "SHA1"}; + String certFingerprints = ""; + PrettyPrintFormat pp = new PrettyPrintFormat(":"); + for (int i = 0; i < hashes.length; i++) { + MessageDigest md = MessageDigest.getInstance(hashes[i]); + + md.update(certDer); + certFingerprints += " " + hashes[i] + ":" + + pp.toHexString(md.digest(), 6 - hashes[i].length()); + } + return certFingerprints; + */ + return getFingerPrints(certDer); + } + /** - * Returns a string that has the certificate's fingerprint using MD5, MD2 - * and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER - * encoded certificate. - * + * Returns a string that has the certificate's fingerprint using + * MD5, MD2 and SHA1 hashes. + * A certificate's fingerprint is a hash digest of the DER encoded + * certificate. * @param cert Certificate to get the fingerprints of. * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes. - * For example, - * - * <pre> + * For example, + * <pre> * MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 * * MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 @@ -745,10 +739,9 @@ public class CertUtils { * </pre> */ public static String getFingerPrints(byte[] certDer) - throws NoSuchAlgorithmException/* , CertificateEncodingException */{ - // byte certDer[] = cert.getEncoded(); - String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", - "SHA512" }; + throws NoSuchAlgorithmException/*, CertificateEncodingException*/ { + // byte certDer[] = cert.getEncoded(); + String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"}; String certFingerprints = ""; PrettyPrintFormat pp = new PrettyPrintFormat(":"); @@ -756,42 +749,41 @@ public class CertUtils { MessageDigest md = MessageDigest.getInstance(hashes[i]); md.update(certDer); - certFingerprints += hashes[i] + ":\n" - + pp.toHexString(md.digest(), 8, 16); + certFingerprints += hashes[i] + ":\n" + + pp.toHexString(md.digest(), 8, 16); } return certFingerprints; } /** - * Check if a object identifier in string form is valid, that is a string in - * the form n.n.n.n and der encode and decode-able. - * + * Check if a object identifier in string form is valid, + * that is a string in the form n.n.n.n and der encode and decode-able. * @param attrName attribute name (from the configuration file) * @param value object identifier string. - */ + */ public static ObjectIdentifier checkOID(String attrName, String value) - throws EBaseException { + throws EBaseException { String msg = "value must be a object identifier in the form n.n.n.n"; String msg1 = "not a valid object identifier."; ObjectIdentifier oid; - try { - oid = ObjectIdentifier.getObjectIdentifier(value); + try { + oid = ObjectIdentifier.getObjectIdentifier(value); } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", attrName, msg)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + attrName, msg)); } // if the OID isn't valid (ex. n.n) the error isn't caught til // encoding time leaving a bad request in the request queue. - try { + try { DerOutputStream derOut = new DerOutputStream(); derOut.putOID(oid); new ObjectIdentifier(new DerInputStream(derOut.toByteArray())); } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", attrName, msg1)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + attrName, msg1)); } return oid; } @@ -811,21 +803,20 @@ public class CertUtils { return tmp.toString(); } - + /* - * verify a certificate by its nickname returns true if it verifies; false - * if any not + * verify a certificate by its nickname + * returns true if it verifies; false if any not */ - public static boolean verifySystemCertByNickname(String nickname, - String certusage) { + public static boolean verifySystemCertByNickname(String nickname, String certusage) { boolean r = true; - CertificateUsage cu = null; + CertificateUsage cu = null; cu = getCertificateUsage(certusage); int ccu = 0; if (cu == null) { - CMS.debug("CertUtils: verifySystemCertByNickname() failed: " - + nickname + " with unsupported certusage =" + certusage); + CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+ + nickname + " with unsupported certusage ="+ certusage); return false; } @@ -834,15 +825,12 @@ public class CertUtils { CMS.debug("CertUtils: verifySystemCertByNickname(): calling isCertValid()"); try { CryptoManager cm = CryptoManager.getInstance(); - if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages - .getUsage()) { + if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) { if (cm.isCertValid(nickname, true, cu)) { r = true; - CMS.debug("CertUtils: verifySystemCertByNickname() passed:" - + nickname); + CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname); } else { - CMS.debug("CertUtils: verifySystemCertByNickname() failed:" - + nickname); + CMS.debug("CertUtils: verifySystemCertByNickname() failed:" + nickname); r = false; } } else { @@ -851,60 +839,48 @@ public class CertUtils { if (ccu == CertificateUsage.basicCertificateUsages) { /* cert is good for nothing */ r = false; - CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:" - + nickname); + CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:"+ nickname); } else { r = true; - CMS.debug("CertUtils: verifySystemCertByNickname() passed:" - + nickname); + CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname); - if ((ccu & CryptoManager.CertificateUsage.SSLServer - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.SSLServer.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLServer"); - if ((ccu & CryptoManager.CertificateUsage.SSLClient - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.SSLClient.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLClient"); - if ((ccu & CryptoManager.CertificateUsage.SSLServerWithStepUp - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.SSLServerWithStepUp.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLServerWithStepUp"); if ((ccu & CryptoManager.CertificateUsage.SSLCA.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLCA"); - if ((ccu & CryptoManager.CertificateUsage.EmailSigner - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.EmailSigner.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is EmailSigner"); - if ((ccu & CryptoManager.CertificateUsage.EmailRecipient - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.EmailRecipient.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is EmailRecipient"); - if ((ccu & CryptoManager.CertificateUsage.ObjectSigner - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.ObjectSigner.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is ObjectSigner"); - if ((ccu & CryptoManager.CertificateUsage.UserCertImport - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.UserCertImport.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is UserCertImport"); - if ((ccu & CryptoManager.CertificateUsage.VerifyCA - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.VerifyCA.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is VerifyCA"); - if ((ccu & CryptoManager.CertificateUsage.ProtectedObjectSigner - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.ProtectedObjectSigner.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is ProtectedObjectSigner"); - if ((ccu & CryptoManager.CertificateUsage.StatusResponder - .getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.StatusResponder.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is StatusResponder"); if ((ccu & CryptoManager.CertificateUsage.AnyCA.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is AnyCA"); } } } catch (Exception e) { - CMS.debug("CertUtils: verifySystemCertByNickname() failed: " - + e.toString()); + CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+ + e.toString()); r = false; } return r; } /* - * verify a certificate by its tag name returns true if it verifies; false - * if any not + * verify a certificate by its tag name + * returns true if it verifies; false if any not */ public static boolean verifySystemCertByTag(String tag) { String auditMessage = null; @@ -920,49 +896,52 @@ public class CertUtils { if (subsysType == null) { CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, ILogger.FAILURE, ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.FAILURE, + ""); audit(auditMessage); r = false; return r; } - String nickname = config.getString(subsysType + ".cert." + tag - + ".nickname", ""); + String nickname = config.getString(subsysType+".cert."+tag+".nickname", ""); if (nickname.equals("")) { - CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " - + tag + " undefined in CS.cfg"); + CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " + tag + " undefined in CS.cfg"); r = false; } - String certusage = config.getString(subsysType + ".cert." + tag - + ".certusage", ""); + String certusage = config.getString(subsysType+".cert."+tag+".certusage", ""); if (certusage.equals("")) { - CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " - + tag - + " undefined in CS.cfg, getting current certificate usage"); + CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + tag + " undefined in CS.cfg, getting current certificate usage"); } r = verifySystemCertByNickname(nickname, certusage); if (r == true) { // audit here auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, ILogger.SUCCESS, nickname); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.SUCCESS, + nickname); audit(auditMessage); } else { // audit here auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, ILogger.FAILURE, nickname); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.FAILURE, + nickname); audit(auditMessage); } } catch (Exception e) { - CMS.debug("CertUtils: verifySystemCertsByTag() failed: " - + e.toString()); + CMS.debug("CertUtils: verifySystemCertsByTag() failed: "+ + e.toString()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, ILogger.FAILURE, ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.FAILURE, + ""); audit(auditMessage); r = false; @@ -1007,8 +986,9 @@ public class CertUtils { } /* - * goes through all system certs and check to see if they are good and audit - * the result returns true if all verifies; false if any not + * goes through all system certs and check to see if they are good + * and audit the result + * returns true if all verifies; false if any not */ public static boolean verifySystemCerts() { String auditMessage = null; @@ -1020,8 +1000,10 @@ public class CertUtils { if (subsysType.equals("")) { CMS.debug("CertUtils: verifySystemCerts() cs.type not defined in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, ILogger.FAILURE, ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.FAILURE, + ""); audit(auditMessage); r = false; @@ -1031,21 +1013,23 @@ public class CertUtils { if (subsysType == null) { CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, ILogger.FAILURE, ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.FAILURE, + ""); audit(auditMessage); r = false; return r; } - String certlist = config.getString(subsysType + ".cert.list", ""); + String certlist = config.getString(subsysType+".cert.list", ""); if (certlist.equals("")) { - CMS.debug("CertUtils: verifySystemCerts() " - + subsysType - + ".cert.list not defined in CS.cfg. System certificates verification not done"); + CMS.debug("CertUtils: verifySystemCerts() "+subsysType+ ".cert.list not defined in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, ILogger.FAILURE, ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.FAILURE, + ""); audit(auditMessage); r = false; @@ -1061,10 +1045,12 @@ public class CertUtils { } catch (Exception e) { // audit here auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, ILogger.FAILURE, ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, + ILogger.FAILURE, + ""); - audit(auditMessage); + audit(auditMessage); r = false; CMS.debug("CertUtils: verifySystemCerts():" + e.toString()); } @@ -1087,9 +1073,8 @@ public class CertUtils { } /** - * Signed Audit Log This method is called to store messages to the signed - * audit log. - * + * Signed Audit Log + * This method is called to store messages to the signed audit log. * @param msg signed audit log message */ private static void audit(String msg) { @@ -1099,8 +1084,12 @@ public class CertUtils { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } + } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java index adae21372..effd86edd 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.io.IOException; import java.io.OutputStream; import java.security.cert.CertificateException; @@ -33,9 +34,10 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.cert.ICrossCertPairSubsystem; + /** * This class implements CertificatePair used for Cross Certification - * + * * @author cfu * @version $Revision$, $Date$ */ @@ -45,17 +47,16 @@ public class CertificatePair implements ASN1Value { private static final Tag TAG = SEQUENCE.TAG; /** - * construct a CertificatePair. It doesn't matter which is forward and which - * is reverse in the parameters. It will figure it out - * + * construct a CertificatePair. It doesn't matter which is + * forward and which is reverse in the parameters. It will figure + * it out * @param cert1 one X509Certificate * @param cert2 one X509Certificate */ - public CertificatePair(X509Certificate cert1, X509Certificate cert2) - throws EBaseException { + public CertificatePair (X509Certificate cert1, X509Certificate cert2) + throws EBaseException { if ((cert1 == null) || (cert2 == null)) - throw new EBaseException( - "CertificatePair: both certs can not be null"); + throw new EBaseException("CertificatePair: both certs can not be null"); debug("in CertificatePair()"); boolean rightOrder = certOrders(cert1, cert2); @@ -68,22 +69,21 @@ public class CertificatePair implements ASN1Value { mReverse = cert2.getEncoded(); } } catch (CertificateException e) { - throw new EBaseException("CertificatePair: constructor failed:" - + e.toString()); + throw new EBaseException("CertificatePair: constructor failed:" + e.toString()); } } /** - * construct a CertificatePair. It doesn't matter which is forward and which - * is reverse in the parameters. It will figure it out - * + * construct a CertificatePair. It doesn't matter which is + * forward and which is reverse in the parameters. It will figure + * it out * @param cert1 one certificate byte array * @param cert2 one certificate byte array */ - public CertificatePair(byte[] cert1, byte[] cert2) throws EBaseException { + public CertificatePair (byte[] cert1, byte[] cert2) + throws EBaseException { if ((cert1 == null) || (cert2 == null)) - throw new EBaseException( - "CertificatePair: both certs can not be null"); + throw new EBaseException("CertificatePair: both certs can not be null"); boolean rightOrder = certOrders(cert1, cert2); if (rightOrder == false) { @@ -96,15 +96,14 @@ public class CertificatePair implements ASN1Value { } /* - * returns true if c1 is forward and cert2 is reverse returns false if c2 is - * forward and cert1 is reverse + * returns true if c1 is forward and cert2 is reverse + * returns false if c2 is forward and cert1 is reverse */ private boolean certOrders(X509Certificate c1, X509Certificate c2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with X509Cert"); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); X509Certificate caCert = (X509Certificate) ca.getCACert(); debug("got this caCert"); @@ -112,43 +111,55 @@ public class CertificatePair implements ASN1Value { // more check really should be done here regarding the // validity of the two certs...later - /* - * It looks the DN's returned are not normalized and fail comparison - * - * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))) - * debug("myCA signed c1"); else { - * debug("c1 issuerDN="+c1.getIssuerDN().toString()); - * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); } - * - * if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN())) - * debug("myCA subject == c2 subject"); else { - * debug("caCert subjectDN="+caCert.getSubjectDN().toString()); - * debug("c2 subjectDN="+c2.getSubjectDN().toString()); } - * - * if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))) - * debug("myCA signed c2"); else { - * debug("c2 issuerDN="+c1.getIssuerDN().toString()); - * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); } - * - * if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN())) - * debug("myCA subject == c1 subject"); else { - * debug("caCert subjectDN="+caCert.getSubjectDN().toString()); - * debug("c1 subjectDN="+c1.getSubjectDN().toString()); } - * - * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) && - * (caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))) - * - * { return false; } else if ((c2.getIssuerDN().equals((Object) - * caCert.getSubjectDN())) && (caCert.getSubjectDN().equals((Object) - * c1.getSubjectDN()))) { return true; } else { throw new - * EBaseException( - * "CertificatePair: need correct forward and reverse relationship to construct CertificatePair" - * ); } + /* It looks the DN's returned are not normalized and fail + * comparison + + if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))) + debug("myCA signed c1"); + else { + debug("c1 issuerDN="+c1.getIssuerDN().toString()); + debug("myCA subjectDN="+caCert.getSubjectDN().toString()); + } + + if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN())) + debug("myCA subject == c2 subject"); + else { + debug("caCert subjectDN="+caCert.getSubjectDN().toString()); + debug("c2 subjectDN="+c2.getSubjectDN().toString()); + } + + if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))) + debug("myCA signed c2"); + else { + debug("c2 issuerDN="+c1.getIssuerDN().toString()); + debug("myCA subjectDN="+caCert.getSubjectDN().toString()); + } + + if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN())) + debug("myCA subject == c1 subject"); + else { + debug("caCert subjectDN="+caCert.getSubjectDN().toString()); + debug("c1 subjectDN="+c1.getSubjectDN().toString()); + } + + if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) + && (caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))) + + { + return false; + } else if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())) + && (caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))) + { + return true; + } else { + throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); + } */ /* - * my other attempt: one of the certs has to share the same public key - * as this CA, and that will be the "forward" cert; the other one is + * my other attempt: + * one of the certs has to share the same public key as this + * CA, and that will be the "forward" cert; the other one is * assumed to be the "reverse" cert */ byte[] caCertBytes = caCert.getPublicKey().getEncoded(); @@ -157,8 +168,7 @@ public class CertificatePair implements ASN1Value { debug("got cacert public key bytes length=" + caCertBytes.length); else { debug("cacert public key bytes null"); - throw new EBaseException( - "CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); + throw new EBaseException("CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); } byte[] c1Bytes = c1.getPublicKey().getEncoded(); @@ -167,8 +177,7 @@ public class CertificatePair implements ASN1Value { debug("got c1 public key bytes length=" + c1Bytes.length); else { debug("c1 cert public key bytes length null"); - throw new EBaseException( - "CertificatePair::certOrders() public key bytes are of length null"); + throw new EBaseException("CertificatePair::certOrders() public key bytes are of length null"); } byte[] c2Bytes = c2.getPublicKey().getEncoded(); @@ -187,8 +196,7 @@ public class CertificatePair implements ASN1Value { return false; } else { debug("neither c1 nor c2 public key matches with this ca"); - throw new EBaseException( - "CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); + throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); } } @@ -212,14 +220,14 @@ public class CertificatePair implements ASN1Value { } /* - * returns true if cert1 is forward and cert2 is reverse returns false if - * cert2 is forward and cert1 is reverse + * returns true if cert1 is forward and cert2 is reverse + * returns false if cert2 is forward and cert1 is reverse */ private boolean certOrders(byte[] cert1, byte[] cert2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with byte[]"); - ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS - .getSubsystem("CrossCertPair"); + ICrossCertPairSubsystem ccps = + (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); X509Certificate c1 = null; X509Certificate c2 = null; @@ -227,8 +235,7 @@ public class CertificatePair implements ASN1Value { c1 = ccps.byteArray2X509Cert(cert1); c2 = ccps.byteArray2X509Cert(cert2); } catch (CertificateException e) { - throw new EBaseException("CertificatePair: certOrders() failed:" - + e.toString()); + throw new EBaseException("CertificatePair: certOrders() failed:" + e.toString()); } return certOrders(c1, c2); } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java index 38f00f2e6..232035250 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.text.DateFormat; import java.util.Iterator; import java.util.Locale; @@ -34,45 +35,44 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.ca.ICertificateAuthority; /** - * This class will display the certificate content in predefined format. - * + * This class will display the certificate content in predefined + * format. + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ -public class CrlCachePrettyPrint implements ICRLPrettyPrint { +public class CrlCachePrettyPrint implements ICRLPrettyPrint +{ - /* - * ========================================================== constants - * ========================================================== - */ + /*========================================================== + * constants + *==========================================================*/ private final static String CUSTOM_LOCALE = "Custom"; - /* - * ========================================================== variables - * ========================================================== - */ + /*========================================================== + * variables + *==========================================================*/ private ICRLIssuingPoint mIP = null; private PrettyPrintFormat pp = null; - /* - * ========================================================== constructors - * ========================================================== - */ + /*========================================================== + * constructors + *==========================================================*/ public CrlCachePrettyPrint(ICRLIssuingPoint ip) { mIP = ip; pp = new PrettyPrintFormat(":"); } - /* - * ========================================================== public methods - * ========================================================== - */ + /*========================================================== + * public methods + *==========================================================*/ /** - * This method return string representation of the certificate revocation - * list in predefined format using specified client local. I18N Support. - * + * This method return string representation of the certificate + * revocation list in predefined format using specified client + * local. I18N Support. + * * @param clientLocale Locale to be used for localization * @return string representation of the certificate */ @@ -80,61 +80,61 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint { return toString(clientLocale, 0, 0, 0); } - public String toString(Locale clientLocale, long crlSize, long pageStart, - long pageSize) { + public String toString(Locale clientLocale, long crlSize, long pageStart, long pageSize) { - // get I18N resources - ResourceBundle resource = ResourceBundle - .getBundle(PrettyPrintResources.class.getName()); + //get I18N resources + ResourceBundle resource = ResourceBundle.getBundle( + PrettyPrintResources.class.getName()); DateFormat dateFormater = DateFormat.getDateTimeInstance( DateFormat.FULL, DateFormat.FULL, clientLocale); - // get timezone and timezone ID + //get timezone and timezone ID String tz = " "; String tzid = " "; StringBuffer sb = new StringBuffer(); try { - sb.append(pp.indent(4) - + resource.getString(PrettyPrintResources.TOKEN_CRL) + "\n"); - sb.append(pp.indent(8) - + resource.getString(PrettyPrintResources.TOKEN_DATA) - + "\n"); + sb.append(pp.indent(4) + resource.getString( + PrettyPrintResources.TOKEN_CRL) + "\n"); + sb.append(pp.indent(8) + resource.getString( + PrettyPrintResources.TOKEN_DATA) + "\n"); String signingAlgorithm = mIP.getLastSigningAlgorithm(); if (signingAlgorithm != null) { - sb.append(pp.indent(12) - + resource.getString(PrettyPrintResources.TOKEN_SIGALG) - + signingAlgorithm + "\n"); + sb.append(pp.indent(12) + resource.getString( + PrettyPrintResources.TOKEN_SIGALG) + + signingAlgorithm + "\n"); } - sb.append(pp.indent(12) - + resource.getString(PrettyPrintResources.TOKEN_ISSUER) - + ((ICertificateAuthority) (mIP.getCertificateAuthority())) - .getCRLX500Name().toString() + "\n"); + sb.append(pp.indent(12) + resource.getString( + PrettyPrintResources.TOKEN_ISSUER) + + ((ICertificateAuthority)(mIP.getCertificateAuthority())) + .getCRLX500Name().toString() + "\n"); // Format thisUpdate String thisUpdate = dateFormater.format(mIP.getLastUpdate()); // get timezone and timezone ID if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( - TimeZone.getDefault().inDaylightTime( - mIP.getLastUpdate()), TimeZone.SHORT, - clientLocale); + TimeZone.getDefault().inDaylightTime(mIP.getLastUpdate()), + TimeZone.SHORT, + clientLocale); tzid = TimeZone.getDefault().getID(); } // Specify ThisUpdate if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(12) - + resource - .getString(PrettyPrintResources.TOKEN_THIS_UPDATE) - + thisUpdate + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_THIS_UPDATE) + + thisUpdate + + "\n"); } else { // Append timezone ID sb.append(pp.indent(12) - + resource - .getString(PrettyPrintResources.TOKEN_THIS_UPDATE) - + thisUpdate + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_THIS_UPDATE) + + thisUpdate + + " " + tzid + "\n"); } // Check for presence of NextUpdate if (mIP.getNextUpdate() != null) { @@ -144,110 +144,96 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint { // re-get timezone (just in case it is different . . .) if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( - TimeZone.getDefault().inDaylightTime( - mIP.getNextUpdate()), TimeZone.SHORT, - clientLocale); + TimeZone.getDefault().inDaylightTime(mIP.getNextUpdate()), + TimeZone.SHORT, + clientLocale); } // Specify NextUpdate if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(12) - + resource - .getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) - + nextUpdate + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NEXT_UPDATE) + + nextUpdate + + "\n"); } else { // Append timezone ID sb.append(pp.indent(12) - + resource - .getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) - + nextUpdate + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NEXT_UPDATE) + + nextUpdate + + " " + tzid + "\n"); } } if (crlSize > 0 && pageStart == 0 && pageSize == 0) { - sb.append(pp.indent(12) - + resource - .getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) - + crlSize + "\n"); - } else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) - || (crlSize > 0 && pageStart > 0 && pageSize > 0)) { - sb.append(pp.indent(12) - + resource - .getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES)); + sb.append(pp.indent(12) + resource.getString( + PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + crlSize + "\n"); + } else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) || + (crlSize > 0 && pageStart > 0 && pageSize > 0)) { + sb.append(pp.indent(12) + resource.getString( + PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES)); long upperLimit = crlSize; if (crlSize > 0 && pageStart > 0 && pageSize > 0) { - upperLimit = (pageStart + pageSize - 1 > crlSize) ? crlSize - : pageStart + pageSize - 1; - sb.append("" + pageStart + "-" + upperLimit + " of " - + crlSize); + upperLimit = (pageStart + pageSize - 1 > crlSize) ? crlSize : pageStart + pageSize - 1; + sb.append("" + pageStart + "-" + upperLimit + " of " + crlSize); } else { pageStart = 1; sb.append("" + crlSize); } sb.append("\n"); - Set revokedCerts = mIP.getRevokedCertificates( - (int) (pageStart - 1), (int) upperLimit); + Set revokedCerts = mIP.getRevokedCertificates((int)(pageStart-1), (int)upperLimit); if (revokedCerts != null) { Iterator i = revokedCerts.iterator(); long l = 1; - while ((i.hasNext()) - && ((crlSize == 0) || (upperLimit - pageStart + 1 >= l))) { - RevokedCertImpl revokedCert = (RevokedCertImpl) i - .next(); + while ((i.hasNext()) && ((crlSize == 0) || (upperLimit - pageStart + 1 >= l))) { + RevokedCertImpl revokedCert = (RevokedCertImpl)i.next(); if ((crlSize == 0) || (upperLimit - pageStart + 1 >= l)) { - sb.append(pp.indent(16) - + resource - .getString(PrettyPrintResources.TOKEN_SERIAL) - + "0x" - + revokedCert.getSerialNumber() - .toString(16).toUpperCase() + "\n"); - String revocationDate = dateFormater - .format(revokedCert.getRevocationDate()); + sb.append(pp.indent(16) + resource.getString( + PrettyPrintResources.TOKEN_SERIAL) + "0x" + + revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n"); + String revocationDate = + dateFormater.format(revokedCert.getRevocationDate()); // re-get timezone // (just in case it is different . . .) if (TimeZone.getDefault() != null) { - tz = TimeZone - .getDefault() - .getDisplayName( - TimeZone.getDefault() - .inDaylightTime( - revokedCert - .getRevocationDate()), - TimeZone.SHORT, clientLocale); + tz = TimeZone.getDefault().getDisplayName( + TimeZone.getDefault().inDaylightTime( + revokedCert.getRevocationDate()), + TimeZone.SHORT, + clientLocale); } // Specify revocationDate - if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { + if (tz.equals(tzid) || + tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(16) - + resource - .getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) - + revocationDate + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_REVOCATION_DATE) + + revocationDate + + "\n"); } else { // Append timezone ID sb.append(pp.indent(16) - + resource - .getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) - + revocationDate + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_REVOCATION_DATE) + + revocationDate + + " " + tzid + "\n"); } if (revokedCert.hasExtensions()) { - sb.append(pp.indent(16) - + resource - .getString(PrettyPrintResources.TOKEN_EXTENSIONS) - + "\n"); - CRLExtensions crlExtensions = revokedCert - .getExtensions(); + sb.append(pp.indent(16) + resource.getString( + PrettyPrintResources.TOKEN_EXTENSIONS) + "\n"); + CRLExtensions crlExtensions = revokedCert.getExtensions(); if (crlExtensions != null) { for (int k = 0; k < crlExtensions.size(); k++) { - Extension ext = (Extension) crlExtensions - .elementAt(k); - ExtPrettyPrint extpp = new ExtPrettyPrint( - ext, 20); + Extension ext = (Extension) crlExtensions.elementAt(k); + ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 20); sb.append(extpp.toString()); } @@ -257,27 +243,18 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint { l++; } } else if (mIP.isCRLCacheEnabled() && mIP.isCRLCacheEmpty()) { - sb.append("\n" - + pp.indent(16) - + resource - .getString(PrettyPrintResources.TOKEN_CACHE_IS_EMPTY) - + "\n\n"); + sb.append("\n" + pp.indent(16) + resource.getString( + PrettyPrintResources.TOKEN_CACHE_IS_EMPTY) + "\n\n"); } else { - sb.append("\n" - + pp.indent(16) - + resource - .getString(PrettyPrintResources.TOKEN_CACHE_NOT_AVAILABLE) - + "\n\n"); + sb.append("\n" + pp.indent(16) + resource.getString( + PrettyPrintResources.TOKEN_CACHE_NOT_AVAILABLE) + "\n\n"); } } } catch (Exception e) { - sb.append("\n\n" - + pp.indent(4) - + resource - .getString(PrettyPrintResources.TOKEN_DECODING_ERROR) - + "\n\n"); - CMS.debug("Exception=" + e.toString()); + sb.append("\n\n" + pp.indent(4) + resource.getString( + PrettyPrintResources.TOKEN_DECODING_ERROR) + "\n\n"); + CMS.debug("Exception="+e.toString()); CMS.debugStackTrace(); } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java index 06e88d283..1a3969b4e 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java @@ -17,18 +17,20 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import netscape.security.x509.X509CRLImpl; import com.netscape.certsrv.base.ICRLPrettyPrint; + /** - * This class will display the certificate content in predefined format. - * + * This class will display the certificate content in predefined + * format. + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ -public class CrlPrettyPrint extends netscape.security.util.CrlPrettyPrint - implements ICRLPrettyPrint { +public class CrlPrettyPrint extends netscape.security.util.CrlPrettyPrint implements ICRLPrettyPrint { public CrlPrettyPrint(X509CRLImpl crl) { super(crl); diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java index 58d6aba6e..663585bf0 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -46,21 +47,23 @@ import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.certsrv.publish.IXcertPublisherProcessor; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; + /** - * Subsystem for handling cross certificate pairing and publishing Intended use: + * Subsystem for handling cross certificate pairing and publishing + * Intended use: * <ul> - * <li>when signing a subordinate CA cert which is intended to be part of the - * crossCertificatePair - * <li>when this ca submits a request (with existing CA signing key material to - * another ca for cross-signing - * </ul> - * In both cases, administrator needs to "import" the crossSigned certificates - * via the admin console. When importCert() is called, the imported cert will be - * stored in the internal db first until it's pairing cert shows up. If it - * happens that the above two cases finds its pairing cert already there, then a - * CertifiatePair is created and put in the internal db - * "crosscertificatepair;binary" attribute - * + * <li> when signing a subordinate CA cert which is intended to be + * part of the crossCertificatePair + * <li> when this ca submits a request (with existing CA signing key + * material to another ca for cross-signing + *</ul> + * In both cases, administrator needs to "import" the crossSigned + * certificates via the admin console. When importCert() is called, + * the imported cert will be stored in the internal db + * first until it's pairing cert shows up. + * If it happens that the above two cases finds its pairing + * cert already there, then a CertifiatePair is created and put + * in the internal db "crosscertificatepair;binary" attribute * @author cfu * @version $Revision$, $Date$ */ @@ -97,7 +100,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { try { mConfig = config; mLogger = CMS.getLogger(); @@ -109,19 +112,21 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { if (ldapConfig == null) { log(ILogger.LL_MISCONF, - CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", PROP_LDAP)); + CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", + PROP_LDAP)); return; } mBaseDN = ldapConfig.getString(PROP_BASEDN, null); - + mLdapConnFactory = new LdapBoundConnFactory(); if (mLdapConnFactory != null) mLdapConnFactory.init(ldapConfig); else { log(ILogger.LL_MISCONF, - CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", PROP_LDAP)); + CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", + PROP_LDAP)); return; } } catch (EBaseException e) { @@ -132,12 +137,14 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } /** - * "import" the CA cert cross-signed by another CA (potentially a bridge CA) - * into internal ldap db. the imported cert will be stored in the internal - * db first until it's pairing cert shows up. If it happens that it finds - * its pairing cert already there, then a CertifiatePair is created and put + * "import" the CA cert cross-signed by another CA (potentially a + * bridge CA) into internal ldap db. + * the imported cert will be stored in the internal db + * first until it's pairing cert shows up. + * If it happens that it finds its pairing + * cert already there, then a CertifiatePair is created and put * in the internal db "crosscertificatepair;binary" attribute - * + * * @param certBytes cert in byte array to be imported */ public void importCert(byte[] certBytes) throws EBaseException { @@ -147,9 +154,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { try { cert = byteArray2X509Cert(certBytes); } catch (CertificateException e) { - throw new EBaseException( - "CrossCertPairSubsystem: importCert() failed:" - + e.toString()); + throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); } @@ -157,12 +162,14 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } /** - * "import" the CA cert cross-signed by another CA (potentially a bridge CA) - * into internal ldap db. the imported cert will be stored in the internal - * db first until it's pairing cert shows up. If it happens that it finds - * its pairing cert already there, then a CertifiatePair is created and put + * "import" the CA cert cross-signed by another CA (potentially a + * bridge CA) into internal ldap db. + * the imported cert will be stored in the internal db + * first until it's pairing cert shows up. + * If it happens that it finds its pairing + * cert already there, then a CertifiatePair is created and put * in the internal db "crosscertificatepair;binary" attribute - * + * * @param certBytes cert in byte array to be imported */ public synchronized void importCert(Object certObj) throws EBaseException { @@ -175,8 +182,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // 1. does cert2 share the same key pair as this CA's signing // cert // 2. does cert2's subject match this CA's subject? - // 3. other valididity checks: is this a ca cert? Is this - // cert still valid? If the issuer is not yet trusted, let it + // 3. other valididity checks: is this a ca cert? Is this + // cert still valid? If the issuer is not yet trusted, let it // be. // get certs from internal db to see if we find a pair @@ -192,8 +199,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { LDAPEntry entry = (LDAPEntry) res.nextElement(); LDAPAttribute caCerts = entry.getAttribute(LDAP_ATTR_CA_CERT); - LDAPAttribute certPairs = entry - .getAttribute(LDAP_ATTR_XCERT_PAIR); + LDAPAttribute certPairs = entry.getAttribute(LDAP_ATTR_XCERT_PAIR); if (caCerts == null) { debug("no existing ca certs, just import"); @@ -202,7 +208,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } Enumeration en = caCerts.getByteValues(); - + if ((en == null) || (en.hasMoreElements() == false)) { debug("1st potential xcert"); addCAcert(conn, cert.getEncoded()); @@ -226,9 +232,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // caCertificate attr, and publish if so configured debug("found a pair!"); CertificatePair cp = new - // CertificatePair(inCert.getEncoded(), - // cert.getEncoded()); - CertificatePair(inCert, cert); + // CertificatePair(inCert.getEncoded(), cert.getEncoded()); + CertificatePair(inCert, cert); addXCertPair(conn, certPairs, cp); deleteCAcert(conn, inCert.getEncoded()); @@ -237,7 +242,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { break; } } - } // while + } //while if (match == false) { // don't find a pair, add it into // caCertificate attr for later pairing @@ -251,32 +256,22 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { log(ILogger.LL_INFO, "ldap search found no " + DN_XCERTS); } } catch (IOException e) { - throw new EBaseException( - "CrossCertPairSubsystem: importCert() failed:" - + e.toString()); + throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); } catch (LDAPException e) { log(ILogger.LL_FAILURE, "exception: " + e.toString()); - throw new EBaseException( - "CrossCertPairSubsystem: importCert() failed:" - + e.toString()); + throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); } catch (ELdapException e) { log(ILogger.LL_FAILURE, "exception: " + e.toString()); - throw new EBaseException( - "CrossCertPairSubsystem: importCert() failed:" - + e.toString()); + throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); } catch (CertificateException e) { log(ILogger.LL_FAILURE, "exception: " + e.toString()); - throw new EBaseException( - "CrossCertPairSubsystem: importCert() failed:" - + e.toString()); + throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); } finally { try { returnConn(conn); } catch (ELdapException e) { log(ILogger.LL_FAILURE, "exception: " + e.toString()); - throw new EBaseException( - "CrossCertPairSubsystem: importCert() failed:" - + e.toString()); + throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); } } debug("importCert(Object) completed"); @@ -284,41 +279,41 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { /** * are cert1 and cert2 cross-signed certs? - * * @param cert1 the cert for comparison in our internal db * @param cert2 the cert that's being considered */ protected boolean arePair(X509Certificate cert1, X509Certificate cert2) { // 1. does cert1's issuer match cert2's subject? // 2. does cert2's issuer match cert1's subject? - if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) - && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN()))) + if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) + && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN()))) return true; else return false; } - public X509Certificate byteArray2X509Cert(byte[] certBytes) - throws CertificateException { + public X509Certificate byteArray2X509Cert(byte[] certBytes) + throws CertificateException { debug("in bytearray2X509Cert()"); - ByteArrayInputStream inStream = new ByteArrayInputStream(certBytes); + ByteArrayInputStream inStream = new + ByteArrayInputStream(certBytes); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); + CertificateFactory cf = + CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate) cf - .generateCertificate(inStream); + X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream); debug("done bytearray2X509Cert()"); return cert; } public synchronized void addXCertPair(LDAPConnection conn, - LDAPAttribute certPairs, CertificatePair pair) - throws LDAPException, IOException { + LDAPAttribute certPairs, CertificatePair pair) + throws LDAPException, IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); pair.encode(bos); - + if (ByteValueExists(certPairs, bos.toByteArray()) == true) { debug("cross cert pair exists in internal db, don't add again"); return; @@ -327,9 +322,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // add certificatePair LDAPModificationSet modSet = new LDAPModificationSet(); - modSet.add(LDAPModification.ADD, new LDAPAttribute( - LDAP_ATTR_XCERT_PAIR, bos.toByteArray())); - conn.modify(DN_XCERTS + "," + mBaseDN, modSet); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray())); + conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } /** @@ -371,22 +366,24 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { debug("exiting byteArraysAreEqual(): true"); return true; } - + public synchronized void addCAcert(LDAPConnection conn, byte[] certEnc) - throws LDAPException { - LDAPModificationSet modSet = new LDAPModificationSet(); - - modSet.add(LDAPModification.ADD, new LDAPAttribute(LDAP_ATTR_CA_CERT, - certEnc)); + throws LDAPException { + LDAPModificationSet modSet = new + LDAPModificationSet(); + + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } public synchronized void deleteCAcert(LDAPConnection conn, byte[] certEnc) - throws LDAPException { - LDAPModificationSet modSet = new LDAPModificationSet(); + throws LDAPException { + LDAPModificationSet modSet = new + LDAPModificationSet(); - modSet.add(LDAPModification.DELETE, new LDAPAttribute( - LDAP_ATTR_CA_CERT, certEnc)); + modSet.add(LDAPModification.DELETE, + new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } @@ -396,7 +393,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { public synchronized void publishCertPairs() throws EBaseException { LDAPConnection conn = null; - if ((mPublisherProcessor == null) || !mPublisherProcessor.enabled()) + if ((mPublisherProcessor == null) || + !mPublisherProcessor.enabled()) return; try { @@ -423,7 +421,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } Enumeration en = xcerts.getByteValues(); - + if ((en == null) || (en.hasMoreElements() == false)) { debug("publishCertPair found no pairs in internal db"); return; @@ -437,23 +435,19 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { continue; } else { try { - // found a cross cert pair, publish if we could + //found a cross cert pair, publish if we could IXcertPublisherProcessor xp = null; xp = (IXcertPublisherProcessor) mPublisherProcessor; xp.publishXCertPair(val); } catch (Exception e) { - throw new EBaseException( - "CrossCertPairSubsystem: publishCertPairs() failed:" - + e.toString()); + throw new EBaseException("CrossCertPairSubsystem: publishCertPairs() failed:" + e.toString()); } } }// while - }// if + }//if } catch (Exception e) { - throw new EBaseException( - "CrossCertPairSubsystem: publishCertPairs() failed:" - + e.toString()); + throw new EBaseException("CrossCertPairSubsystem: publishCertPairs() failed:" + e.toString()); } } @@ -482,16 +476,16 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { try { mLdapConnFactory.reset(); } catch (ELdapException e) { - CMS.debug("CrossCertPairSubsystem shutdown exception: " - + e.toString()); + CMS.debug("CrossCertPairSubsystem shutdown exception: "+e.toString()); } } mLdapConnFactory = null; } /* - * Returns the root configuration storage of this system. <P> - * + * Returns the root configuration storage of this system. + * <P> + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { @@ -499,7 +493,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_XCERT, level, msg); + mLogger.log(ILogger.EV_SYSTEM, + ILogger.S_XCERT, level, msg); } private static void debug(String msg) { diff --git a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java index 802418cac..ea9fabf24 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java @@ -17,20 +17,23 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import netscape.security.x509.Extension; import com.netscape.certsrv.base.IExtPrettyPrint; + /** - * This class will display the certificate content in predefined format. - * + * This class will display the certificate content in predefined + * format. + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ -public class ExtPrettyPrint extends netscape.security.util.ExtPrettyPrint - implements IExtPrettyPrint { +public class ExtPrettyPrint extends netscape.security.util.ExtPrettyPrint implements IExtPrettyPrint { public ExtPrettyPrint(Extension ext, int indentSize) { super(ext, indentSize); } } + diff --git a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java index bfcfc72f7..b340ea236 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.security.cert.CertificateException; import java.util.Enumeration; @@ -37,6 +38,7 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.cmscore.util.Debug; + /** * * @author stevep @@ -45,7 +47,7 @@ import com.netscape.cmscore.util.Debug; public class OidLoaderSubsystem implements ISubsystem { private IConfigStore mConfig = null; - public static final String ID = "oidmap"; + public static final String ID = "oidmap"; private String mId = ID; private static final String PROP_OID = "oid"; @@ -75,51 +77,61 @@ public class OidLoaderSubsystem implements ISubsystem { public static OidLoaderSubsystem getInstance() { return mInstance; } - + private static final int CertType_data[] = { 2, 16, 840, 1, 113730, 1, 1 }; /** * Identifies the particular public key used to sign the certificate. */ - public static final ObjectIdentifier CertType_Id = new ObjectIdentifier( - CertType_data); + public static final ObjectIdentifier CertType_Id = new + ObjectIdentifier(CertType_data); private static final String[][] oidMapEntries = new String[][] { - { NSCertTypeExtension.class.getName(), CertType_Id.toString(), - NSCertTypeExtension.NAME }, - { CertificateRenewalWindowExtension.class.getName(), - CertificateRenewalWindowExtension.ID.toString(), - CertificateRenewalWindowExtension.NAME }, - { CertificateScopeOfUseExtension.class.getName(), - CertificateScopeOfUseExtension.ID.toString(), - CertificateScopeOfUseExtension.NAME }, - { DeltaCRLIndicatorExtension.class.getName(), - DeltaCRLIndicatorExtension.OID, - DeltaCRLIndicatorExtension.NAME }, - { HoldInstructionExtension.class.getName(), - HoldInstructionExtension.OID, HoldInstructionExtension.NAME }, - { InvalidityDateExtension.class.getName(), - InvalidityDateExtension.OID, InvalidityDateExtension.NAME }, - { IssuingDistributionPointExtension.class.getName(), - IssuingDistributionPointExtension.OID, - IssuingDistributionPointExtension.NAME }, - { FreshestCRLExtension.class.getName(), FreshestCRLExtension.OID, - FreshestCRLExtension.NAME }, }; + {NSCertTypeExtension.class.getName(), + CertType_Id.toString(), + NSCertTypeExtension.NAME}, + {CertificateRenewalWindowExtension.class.getName(), + CertificateRenewalWindowExtension.ID.toString(), + CertificateRenewalWindowExtension.NAME}, + {CertificateScopeOfUseExtension.class.getName(), + CertificateScopeOfUseExtension.ID.toString(), + CertificateScopeOfUseExtension.NAME}, + {DeltaCRLIndicatorExtension.class.getName(), + DeltaCRLIndicatorExtension.OID, + DeltaCRLIndicatorExtension.NAME}, + {HoldInstructionExtension.class.getName(), + HoldInstructionExtension.OID, + HoldInstructionExtension.NAME}, + {InvalidityDateExtension.class.getName(), + InvalidityDateExtension.OID, + InvalidityDateExtension.NAME}, + {IssuingDistributionPointExtension.class.getName(), + IssuingDistributionPointExtension.OID, + IssuingDistributionPointExtension.NAME}, + {FreshestCRLExtension.class.getName(), + FreshestCRLExtension.OID, + FreshestCRLExtension.NAME}, + }; /** - * Initializes this subsystem with the given configuration store. It first - * initializes resident subsystems, and it loads and initializes loadable - * subsystem specified in the configuration store. + * Initializes this subsystem with the given + * configuration store. + * It first initializes resident subsystems, + * and it loads and initializes loadable + * subsystem specified in the configuration + * store. * <P> - * Note that individual subsystem should be initialized in a separated - * thread if it has dependency on the initialization of other subsystems. + * Note that individual subsystem should be + * initialized in a separated thread if + * it has dependency on the initialization + * of other subsystems. * <P> - * + * * @param owner owner of this subsystem * @param config configuration store */ public synchronized void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { if (Debug.ON) { Debug.trace("OIDLoaderSubsystem started"); } @@ -131,8 +143,9 @@ public class OidLoaderSubsystem implements ISubsystem { for (int i = 0; i < oidMapEntries.length; i++) { try { - OIDMap.addAttribute(oidMapEntries[i][0], oidMapEntries[i][1], - oidMapEntries[i][2]); + OIDMap.addAttribute(oidMapEntries[i][0], + oidMapEntries[i][1], + oidMapEntries[i][2]); } catch (Exception e) { } } @@ -147,7 +160,9 @@ public class OidLoaderSubsystem implements ISubsystem { String oidname = substore.getString(PROP_OID); String classname = substore.getString(PROP_CLASS); - OIDMap.addAttribute(classname, oidname, substorename); + OIDMap.addAttribute(classname, + oidname, + substorename); } catch (EPropertyNotFound e) { // Log error } catch (CertificateException e) { @@ -166,8 +181,9 @@ public class OidLoaderSubsystem implements ISubsystem { } /* - * Returns the root configuration storage of this system. <P> - * + * Returns the root configuration storage of this system. + * <P> + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java index 137901ae3..3ace3c67b 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java @@ -17,39 +17,40 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import com.netscape.certsrv.base.IPrettyPrintFormat; + /** - * This class will display the certificate content in predefined format. - * + * This class will display the certificate content in predefined + * format. + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ public class PrettyPrintFormat implements IPrettyPrintFormat { - /* - * ========================================================== variables - * ========================================================== - */ + /*========================================================== + * variables + *==========================================================*/ private String mSeparator = ""; private int mIndentSize = 0; private int mLineLen = 0; - /* - * ========================================================== constants - * - * ========================================================== - */ - private final static String spaces = " " - + " " - + " " - + " " - + " "; - - /* - * ========================================================== constructors - * ========================================================== - */ + /*========================================================== + * constants + * + *==========================================================*/ + private final static String spaces = + " " + + " " + + " " + + " " + + " "; + + /*========================================================== + * constructors + *==========================================================*/ public PrettyPrintFormat(String separator) { mSeparator = separator; @@ -66,20 +67,18 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { mIndentSize = indentSize; } - /* - * ========================================================== Private - * methods========================================================== - */ - - /* - * ========================================================== public methods - * ========================================================== - */ + /*========================================================== + * Private methods + *==========================================================*/ + + + /*========================================================== + * public methods + *==========================================================*/ /** - * Provide white space indention stevep - speed improvements. Factor of 10 - * improvement - * + * Provide white space indention + * stevep - speed improvements. Factor of 10 improvement * @param numSpace number of white space to be returned * @return white spaces */ @@ -87,23 +86,25 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { return spaces.substring(0, size); } - private static final char[] hexdigits = { '0', '1', '2', '3', '4', '5', - '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; + private static final char[] hexdigits = { + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', + 'A', 'B', 'C', 'D', 'E', 'F' + }; /** - * Convert Byte Array to Hex String Format stevep - speedup by factor of 8 - * + * Convert Byte Array to Hex String Format + * stevep - speedup by factor of 8 * @param byte array of data to hexify * @param indentSize number of spaces to prepend before each line - * @param lineLen number of bytes to output on each line (0 means: put - * everything on one line - * @param separator the first character of this string will be used as the - * separator between bytes. + * @param lineLen number of bytes to output on each line (0 + means: put everything on one line + * @param separator the first character of this string will be used as + the separator between bytes. * @return string representation */ - public String toHexString(byte[] in, int indentSize, int lineLen, - String separator) { + public String toHexString(byte[] in, int indentSize, + int lineLen, String separator) { StringBuffer sb = new StringBuffer(); int hexCount = 0; char c[]; @@ -143,7 +144,7 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { c[j++] = '\n'; sb.append(c, 0, j); } - // sb.append("\n"); + // sb.append("\n"); return sb.toString(); } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java index 849ff4952..4bf1147ac 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java @@ -17,19 +17,21 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.util.ListResourceBundle; import netscape.security.extensions.NSCertTypeExtension; import netscape.security.x509.KeyUsageExtension; + /** * Resource Boundle for the Pretty Print - * + * * @author Jack Pan-Chen * @version $Revision$, $Date$ */ -public class PrettyPrintResources extends ListResourceBundle { +public class PrettyPrintResources extends ListResourceBundle { /** * Returns content @@ -39,10 +41,11 @@ public class PrettyPrintResources extends ListResourceBundle { } /** - * Constants. The suffix represents the number of possible parameters. + * Constants. The suffix represents the number of + * possible parameters. */ - // certificate pretty print + //certificate pretty print public final static String TOKEN_CERTIFICATE = "tokenCertificate"; public final static String TOKEN_DATA = "tokenData"; public final static String TOKEN_VERSION = "tokenVersion"; @@ -61,14 +64,14 @@ public class PrettyPrintResources extends ListResourceBundle { public final static String TOKEN_EXTENSIONS = "tokenExtensions"; public final static String TOKEN_SIGNATURE = "tokenSignature"; - // extension pretty print + //extension pretty print public final static String TOKEN_YES = "tokenYes"; public final static String TOKEN_NO = "tokenNo"; public final static String TOKEN_IDENTIFIER = "tokenIdentifier"; public final static String TOKEN_CRITICAL = "tokenCritical"; public final static String TOKEN_VALUE = "tokenValue"; - // specific extension token + //specific extension token public final static String TOKEN_KEY_TYPE = "tokenKeyType"; public final static String TOKEN_CERT_TYPE = "tokenCertType"; public final static String TOKEN_SKI = "tokenSKI"; @@ -171,111 +174,122 @@ public class PrettyPrintResources extends ListResourceBundle { public final static String TOKEN_CACHE_NOT_AVAILABLE = "cacheNotAvailable"; public final static String TOKEN_CACHE_IS_EMPTY = "cacheIsEmpty"; - // Tokens should have blank_space as trailer + //Tokens should have blank_space as trailer static final Object[][] contents = { - { TOKEN_CERTIFICATE, "Certificate: " }, { TOKEN_DATA, "Data: " }, - { TOKEN_VERSION, "Version: " }, - { TOKEN_SERIAL, "Serial Number: " }, - { TOKEN_SIGALG, "Signature Algorithm: " }, - { TOKEN_ISSUER, "Issuer: " }, { TOKEN_VALIDITY, "Validity: " }, - { TOKEN_NOT_BEFORE, "Not Before: " }, - { TOKEN_NOT_AFTER, "Not After: " }, - { TOKEN_SUBJECT, "Subject: " }, - { TOKEN_SPKI, "Subject Public Key Info: " }, - { TOKEN_ALGORITHM, "Algorithm: " }, - { TOKEN_PUBLIC_KEY, "Public Key: " }, - { TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: " }, - { TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: " }, - { TOKEN_EXTENSIONS, "Extensions: " }, - { TOKEN_SIGNATURE, "Signature: " }, { TOKEN_YES, "yes " }, - { TOKEN_NO, "no " }, { TOKEN_IDENTIFIER, "Identifier: " }, - { TOKEN_CRITICAL, "Critical: " }, { TOKEN_VALUE, "Value: " }, - { TOKEN_KEY_TYPE, "Key Type " }, - { TOKEN_CERT_TYPE, "Netscape Certificate Type " }, - { TOKEN_SKI, "Subject Key Identifier " }, - { TOKEN_AKI, "Authority Key Identifier " }, - { TOKEN_ACCESS_DESC, "Access Description: " }, - { TOKEN_OCSP_NOCHECK, "OCSP NoCheck: " }, - { TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: " }, - { TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: " }, - { TOKEN_PRESENCE_SERVER, "Presence Server: " }, - { TOKEN_AIA, "Authority Info Access: " }, - { TOKEN_KEY_USAGE, "Key Usage: " }, - { KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature " }, - { KeyUsageExtension.NON_REPUDIATION, "Non Repudiation " }, - { KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment " }, - { KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment " }, - { KeyUsageExtension.KEY_AGREEMENT, "Key Agreement " }, - { KeyUsageExtension.KEY_CERTSIGN, "Key CertSign " }, - { KeyUsageExtension.CRL_SIGN, "Crl Sign " }, - { KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only " }, - { KeyUsageExtension.DECIPHER_ONLY, "Decipher Only " }, - { TOKEN_CERT_USAGE, "Certificate Usage: " }, - { NSCertTypeExtension.SSL_CLIENT, "SSL Client " }, - { NSCertTypeExtension.SSL_SERVER, "SSL Server " }, - { NSCertTypeExtension.EMAIL, "Secure Email " }, - { NSCertTypeExtension.OBJECT_SIGNING, "Object Signing " }, - { NSCertTypeExtension.SSL_CA, "SSL CA " }, - { NSCertTypeExtension.EMAIL_CA, "Secure Email CA " }, - { NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA " }, - { TOKEN_KEY_ID, "Key Identifier: " }, - { TOKEN_AUTH_NAME, "Authority Name: " }, - { TOKEN_CRL, "Certificate Revocation List: " }, - { TOKEN_THIS_UPDATE, "This Update: " }, - { TOKEN_NEXT_UPDATE, "Next Update: " }, - { TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: " }, - { TOKEN_REVOCATION_DATE, "Revocation Date: " }, - { TOKEN_REVOCATION_REASON, "Revocation Reason " }, - { TOKEN_REASON, "Reason: " }, - { TOKEN_BASIC_CONSTRAINTS, "Basic Constraints " }, - { TOKEN_NAME_CONSTRAINTS, "Name Constraints " }, - { TOKEN_NSC_COMMENT, "Netscape Comment " }, - { TOKEN_IS_CA, "Is CA: " }, - { TOKEN_PATH_LEN, "Path Length Constraint: " }, - { TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED" }, - { TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED" }, - { TOKEN_PATH_LEN_INVALID, "INVALID" }, - { TOKEN_CRL_NUMBER, "CRL Number " }, { TOKEN_NUMBER, "Number: " }, - { TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator " }, - { TOKEN_BASE_CRL_NUMBER, "Base CRL Number: " }, - { TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use " }, - { TOKEN_SCOPE_OF_USE, "Scope of Use: " }, { TOKEN_PORT, "Port: " }, - { TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name " }, - { TOKEN_ISSUER_NAMES, "Issuer Names: " }, - { TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name " }, - { TOKEN_DECODING_ERROR, "Decoding Error" }, - { TOKEN_FRESHEST_CRL_EXT, "Freshest CRL " }, - { TOKEN_CRL_DP_EXT, "CRL Distribution Points " }, - { TOKEN_CRLDP_NUMPOINTS, "Number of Points: " }, - { TOKEN_CRLDP_POINTN, "Point " }, - { TOKEN_CRLDP_DISTPOINT, "Distribution Point: " }, - { TOKEN_CRLDP_REASONS, "Reason Flags: " }, - { TOKEN_CRLDP_CRLISSUER, "CRL Issuer: " }, - { TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point " }, - { TOKEN_DIST_POINT_NAME, "Distribution Point: " }, - { TOKEN_FULL_NAME, "Full Name: " }, - { TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: " }, - { TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: " }, - { TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: " }, - { TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: " }, - { TOKEN_INDIRECT_CRL, "Indirect CRL: " }, - { TOKEN_INVALIDITY_DATE, "Invalidity Date " }, - { TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: " }, - { TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer " }, - { TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code " }, - { TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: " }, - { TOKEN_POLICY_CONSTRAINTS, "Policy Constraints " }, - { TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: " }, - { TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: " }, - { TOKEN_POLICY_MAPPINGS, "Policy Mappings " }, - { TOKEN_MAPPINGS, "Mappings: " }, { TOKEN_MAP, "Map " }, - { TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: " }, - { TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: " }, - { TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes " }, - { TOKEN_ATTRIBUTES, "Attributes:" }, - { TOKEN_ATTRIBUTE, "Attribute " }, { TOKEN_VALUES, "Values: " }, - { TOKEN_NOT_SET, "not set" }, { TOKEN_NONE, "none" }, - { TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. " }, - { TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. " }, }; + {TOKEN_CERTIFICATE, "Certificate: "}, + {TOKEN_DATA, "Data: "}, + {TOKEN_VERSION, "Version: "}, + {TOKEN_SERIAL, "Serial Number: "}, + {TOKEN_SIGALG, "Signature Algorithm: "}, + {TOKEN_ISSUER, "Issuer: "}, + {TOKEN_VALIDITY, "Validity: "}, + {TOKEN_NOT_BEFORE, "Not Before: "}, + {TOKEN_NOT_AFTER, "Not After: "}, + {TOKEN_SUBJECT, "Subject: "}, + {TOKEN_SPKI, "Subject Public Key Info: "}, + {TOKEN_ALGORITHM, "Algorithm: "}, + {TOKEN_PUBLIC_KEY, "Public Key: "}, + {TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: "}, + {TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: "}, + {TOKEN_EXTENSIONS, "Extensions: "}, + {TOKEN_SIGNATURE, "Signature: "}, + {TOKEN_YES, "yes "}, + {TOKEN_NO, "no "}, + {TOKEN_IDENTIFIER, "Identifier: "}, + {TOKEN_CRITICAL, "Critical: "}, + {TOKEN_VALUE, "Value: "}, + {TOKEN_KEY_TYPE, "Key Type "}, + {TOKEN_CERT_TYPE, "Netscape Certificate Type "}, + {TOKEN_SKI, "Subject Key Identifier "}, + {TOKEN_AKI, "Authority Key Identifier "}, + {TOKEN_ACCESS_DESC, "Access Description: "}, + {TOKEN_OCSP_NOCHECK, "OCSP NoCheck: "}, + {TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: "}, + {TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: "}, + {TOKEN_PRESENCE_SERVER, "Presence Server: "}, + {TOKEN_AIA, "Authority Info Access: "}, + {TOKEN_KEY_USAGE, "Key Usage: "}, + {KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature "}, + {KeyUsageExtension.NON_REPUDIATION, "Non Repudiation "}, + {KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment "}, + {KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment "}, + {KeyUsageExtension.KEY_AGREEMENT, "Key Agreement "}, + {KeyUsageExtension.KEY_CERTSIGN, "Key CertSign "}, + {KeyUsageExtension.CRL_SIGN, "Crl Sign "}, + {KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only "}, + {KeyUsageExtension.DECIPHER_ONLY, "Decipher Only "}, + {TOKEN_CERT_USAGE, "Certificate Usage: "}, + {NSCertTypeExtension.SSL_CLIENT, "SSL Client "}, + {NSCertTypeExtension.SSL_SERVER, "SSL Server "}, + {NSCertTypeExtension.EMAIL, "Secure Email "}, + {NSCertTypeExtension.OBJECT_SIGNING, "Object Signing "}, + {NSCertTypeExtension.SSL_CA, "SSL CA "}, + {NSCertTypeExtension.EMAIL_CA, "Secure Email CA "}, + {NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA "}, + {TOKEN_KEY_ID, "Key Identifier: "}, + {TOKEN_AUTH_NAME, "Authority Name: "}, + {TOKEN_CRL, "Certificate Revocation List: "}, + {TOKEN_THIS_UPDATE, "This Update: "}, + {TOKEN_NEXT_UPDATE, "Next Update: "}, + {TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: "}, + {TOKEN_REVOCATION_DATE, "Revocation Date: "}, + {TOKEN_REVOCATION_REASON, "Revocation Reason "}, + {TOKEN_REASON, "Reason: "}, + {TOKEN_BASIC_CONSTRAINTS, "Basic Constraints "}, + {TOKEN_NAME_CONSTRAINTS, "Name Constraints "}, + {TOKEN_NSC_COMMENT, "Netscape Comment "}, + {TOKEN_IS_CA, "Is CA: "}, + {TOKEN_PATH_LEN, "Path Length Constraint: "}, + {TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED"}, + {TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED"}, + {TOKEN_PATH_LEN_INVALID, "INVALID"}, + {TOKEN_CRL_NUMBER, "CRL Number "}, + {TOKEN_NUMBER, "Number: "}, + {TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator "}, + {TOKEN_BASE_CRL_NUMBER, "Base CRL Number: "}, + {TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use "}, + {TOKEN_SCOPE_OF_USE, "Scope of Use: "}, + {TOKEN_PORT, "Port: "}, + {TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name "}, + {TOKEN_ISSUER_NAMES, "Issuer Names: "}, + {TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name "}, + {TOKEN_DECODING_ERROR, "Decoding Error"}, + {TOKEN_FRESHEST_CRL_EXT, "Freshest CRL "}, + {TOKEN_CRL_DP_EXT, "CRL Distribution Points "}, + {TOKEN_CRLDP_NUMPOINTS, "Number of Points: "}, + {TOKEN_CRLDP_POINTN, "Point "}, + {TOKEN_CRLDP_DISTPOINT, "Distribution Point: "}, + {TOKEN_CRLDP_REASONS, "Reason Flags: "}, + {TOKEN_CRLDP_CRLISSUER, "CRL Issuer: "}, + {TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point "}, + {TOKEN_DIST_POINT_NAME, "Distribution Point: "}, + {TOKEN_FULL_NAME, "Full Name: "}, + {TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: "}, + {TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: "}, + {TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: "}, + {TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: "}, + {TOKEN_INDIRECT_CRL, "Indirect CRL: "}, + {TOKEN_INVALIDITY_DATE, "Invalidity Date "}, + {TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: "}, + {TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer "}, + {TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code "}, + {TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: "}, + {TOKEN_POLICY_CONSTRAINTS, "Policy Constraints "}, + {TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: "}, + {TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: "}, + {TOKEN_POLICY_MAPPINGS, "Policy Mappings "}, + {TOKEN_MAPPINGS, "Mappings: "}, + {TOKEN_MAP, "Map "}, + {TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: "}, + {TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: "}, + {TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes "}, + {TOKEN_ATTRIBUTES, "Attributes:" }, + {TOKEN_ATTRIBUTE, "Attribute "}, + {TOKEN_VALUES, "Values: "}, + {TOKEN_NOT_SET, "not set"}, + {TOKEN_NONE, "none"}, + {TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. "}, + {TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. "}, + }; } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java index ba5acdffe..01e58fa15 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java @@ -17,11 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.security.PublicKey; + /** - * This class will display the certificate content in predefined format. - * + * This class will display the certificate content in predefined + * format. + * * @author Jack Pan-Chen * @author Andrew Wnuk * @version $Revision$, $Date$ diff --git a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java index b6bdd9a93..539ec82b0 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; + import java.util.Enumeration; import java.util.Hashtable; import java.util.StringTokenizer; @@ -34,12 +35,13 @@ import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmscore.util.Debug; + /** - * Subsystem for configuring X500Name related things. It is used for the - * following. + * Subsystem for configuring X500Name related things. + * It is used for the following. * <ul> - * <li>Add X500Name (string to oid) maps for attributes that are not supported - * by default. + * <li>Add X500Name (string to oid) maps for attributes that + * are not supported by default. * <li>Specify an order for encoding Directory Strings other than the default. * </ul> * @@ -49,10 +51,11 @@ import com.netscape.cmscore.util.Debug; public class X500NameSubsystem implements ISubsystem { private IConfigStore mConfig = null; - public static final String ID = "X500Name"; + public static final String ID = "X500Name"; private String mId = ID; - private static final String PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder"; + private static final String + PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder"; private static final String PROP_ATTR = "attr"; private static final String PROP_OID = "oid"; @@ -79,62 +82,57 @@ public class X500NameSubsystem implements ISubsystem { public static X500NameSubsystem getInstance() { return mInstance; } - + /** - * Initializes this subsystem with the given configuration store. All - * paramters are optional. + * Initializes this subsystem with the given configuration store. + * All paramters are optional. * <ul> - * <li>Change encoding order of Directory Strings: - * + * <li>Change encoding order of Directory Strings: * <pre> * X500Name.directoryStringEncodingOrder=order seperated by commas * For example: Printable,BMPString,UniversalString. * </pre> - * - * Possible values are: + * Possible values are: * <ul> * <li>Printable * <li>IA5String * <li>UniversalString * <li>BMPString - * <li>UTF8String + * <li>UTF8String * </ul> * <p> - * <li>Add X500Name attributes: - * + * <li>Add X500Name attributes: * <pre> * X500Name.attr.attribute-name.oid=n.n.n.n - * X500Name.attr.attribute-name.class=value converter class + * X500Name.attr.attribute-name.class=value converter class * </pre> * - * The value converter class converts a string to a ASN.1 value. It must - * implement netscape.security.x509.AVAValueConverter interface. Converter - * classes provided in CMS are: - * + * The value converter class converts a string to a ASN.1 value. + * It must implement netscape.security.x509.AVAValueConverter interface. + * Converter classes provided in CMS are: * <pre> * netscape.security.x509.PrintableConverter - - * Converts to a Printable String value. String must have only - * printable characters. + * Converts to a Printable String value. String must have only + * printable characters. * netscape.security.x509.IA5StringConverter - - * Converts to a IA5String value. String must have only IA5String - * characters. + * Converts to a IA5String value. String must have only IA5String + * characters. * netscape.security.x509.DirStrConverter - - * Converts to a Directory (v3) String. String is expected to - * be in Directory String format according to rfc2253. + * Converts to a Directory (v3) String. String is expected to + * be in Directory String format according to rfc2253. * netscape.security.x509.GenericValueConverter - - * Converts string character by character in the following order - * from smaller character sets to broadest character set. - * Printable, IA5String, BMPString, Universal String. + * Converts string character by character in the following order + * from smaller character sets to broadest character set. + * Printable, IA5String, BMPString, Universal String. * </pre> - * * </ul> * <P> - * + * * @param owner owner of this subsystem * @param config configuration store */ public synchronized void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mLogger = CMS.getLogger(); if (Debug.ON) { Debug.trace(ID + " started"); @@ -144,14 +142,16 @@ public class X500NameSubsystem implements ISubsystem { // get order for encoding directory strings if any. setDirStrEncodingOrder(); - // load x500 name maps + // load x500 name maps loadX500NameAttrMaps(); } /** - * Loads X500Name String to attribute maps. Called from init. + * Loads X500Name String to attribute maps. + * Called from init. */ - private void loadX500NameAttrMaps() throws EBaseException { + private void loadX500NameAttrMaps() + throws EBaseException { X500NameAttrMap globalMap = X500NameAttrMap.getDefault(); IConfigStore attrSubStore = mConfig.getSubStore(PROP_ATTR); Enumeration attrNames = attrSubStore.getSubStoreNames(); @@ -166,27 +166,28 @@ public class X500NameSubsystem implements ISubsystem { AVAValueConverter convClass = null; try { - convClass = (AVAValueConverter) Class.forName(className) - .newInstance(); + convClass = (AVAValueConverter) + Class.forName(className).newInstance(); } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_LOAD_CLASS_FAILED", className, e.toString())); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_LOAD_CLASS_FAILED", className, e.toString())); } globalMap.addNameOID(name, oid, convClass); if (Debug.ON) { - Debug.trace(ID + ": Loaded " + name + " " + oid + " " - + className); + Debug.trace(ID + ": Loaded " + name + " " + oid + " " + className); } } } /** - * Set directory string encoding order. Called from init(). + * Set directory string encoding order. + * Called from init(). */ - private void setDirStrEncodingOrder() throws EBaseException { + private void setDirStrEncodingOrder() + throws EBaseException { String order = mConfig.getString(PROP_DIR_STR_ENCODING_ORDER, null); - if (order == null || order.length() == 0) // nothing. + if (order == null || order.length() == 0) // nothing. return; StringTokenizer toker = new StringTokenizer(order, ", \t"); int numTokens = toker.countTokens(); @@ -194,11 +195,9 @@ public class X500NameSubsystem implements ISubsystem { if (numTokens == 0) { String msg = "must be a list of DER tag names seperated by commas."; - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_CERT_DIR_STRING", PROP_DIR_STR_ENCODING_ORDER)); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", PROP_DIR_STR_ENCODING_ORDER, - msg)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_DIR_STRING", PROP_DIR_STR_ENCODING_ORDER)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_DIR_STR_ENCODING_ORDER, msg)); } byte[] tags = new byte[numTokens]; @@ -211,12 +210,9 @@ public class X500NameSubsystem implements ISubsystem { } catch (IllegalArgumentException e) { String msg = "unknown DER tag '" + nextTag + "'."; - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_CERT_UNKNOWN_TAG", - PROP_DIR_STR_ENCODING_ORDER, nextTag)); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", - PROP_DIR_STR_ENCODING_ORDER, msg)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_UNKNOWN_TAG", PROP_DIR_STR_ENCODING_ORDER, nextTag)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", + PROP_DIR_STR_ENCODING_ORDER, msg)); } } @@ -233,24 +229,28 @@ public class X500NameSubsystem implements ISubsystem { private static Hashtable mDerStr2TagHash = new Hashtable(); static { - mDerStr2TagHash.put(PRINTABLESTRING, - Byte.valueOf(DerValue.tag_PrintableString)); - mDerStr2TagHash.put(IA5STRING, Byte.valueOf(DerValue.tag_IA5String)); - mDerStr2TagHash.put(VISIBLESTRING, - Byte.valueOf(DerValue.tag_VisibleString)); - mDerStr2TagHash.put(T61STRING, Byte.valueOf(DerValue.tag_T61String)); - mDerStr2TagHash.put(BMPSTRING, Byte.valueOf(DerValue.tag_BMPString)); - mDerStr2TagHash.put(UNIVERSALSTRING, - Byte.valueOf(DerValue.tag_UniversalString)); - mDerStr2TagHash.put(UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String)); + mDerStr2TagHash.put( + PRINTABLESTRING, Byte.valueOf(DerValue.tag_PrintableString)); + mDerStr2TagHash.put( + IA5STRING, Byte.valueOf(DerValue.tag_IA5String)); + mDerStr2TagHash.put( + VISIBLESTRING, Byte.valueOf(DerValue.tag_VisibleString)); + mDerStr2TagHash.put( + T61STRING, Byte.valueOf(DerValue.tag_T61String)); + mDerStr2TagHash.put( + BMPSTRING, Byte.valueOf(DerValue.tag_BMPString)); + mDerStr2TagHash.put( + UNIVERSALSTRING, Byte.valueOf(DerValue.tag_UniversalString)); + mDerStr2TagHash.put( + UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String)); } private byte derStr2Tag(String s) { - if (s == null || s.length() == 0) + if (s == null || s.length() == 0) throw new IllegalArgumentException(); Byte tag = (Byte) mDerStr2TagHash.get(s); - if (tag == null) + if (tag == null) throw new IllegalArgumentException(); return tag.byteValue(); } @@ -265,8 +265,9 @@ public class X500NameSubsystem implements ISubsystem { } /* - * Returns the root configuration storage of this system. <P> - * + * Returns the root configuration storage of this system. + * <P> + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { @@ -276,7 +277,8 @@ public class X500NameSubsystem implements ISubsystem { protected ILogger mLogger = null; protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_ADMIN, level, msg); + mLogger.log(ILogger.EV_SYSTEM, + ILogger.S_ADMIN, level, msg); } } |