diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/cert')
13 files changed, 809 insertions, 822 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java index ed20d76f3..d8b298126 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.util.Comparator; import java.util.Date; import netscape.security.x509.X509CertImpl; - /** * Compares validity dates for use in sorting. - * + * * @author kanda * @version $Revision$, $Date$ */ @@ -44,11 +42,11 @@ public class CertDateCompare implements Comparator { } catch (Exception e) { e.printStackTrace(); } - if (d1 == d2) return 0; + if (d1 == d2) + return 0; if (d1.after(d2)) return 1; else return -1; } } - diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java index 3168b92f2..8441df83a 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java @@ -17,20 +17,18 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.security.cert.Certificate; import com.netscape.certsrv.base.ICertPrettyPrint; - /** - * This class will display the certificate content in predefined - * format. - * + * This class will display the certificate content in predefined format. + * * @author Jack Pan-Chen * @version $Revision$, $Date$ */ -public class CertPrettyPrint extends netscape.security.util.CertPrettyPrint implements ICertPrettyPrint { +public class CertPrettyPrint extends netscape.security.util.CertPrettyPrint + implements ICertPrettyPrint { public CertPrettyPrint(Certificate cert) { super(cert); diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java index 5a49d06e8..4b45c48cd 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -64,10 +63,9 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.osutil.OSUtil; /** - * Utility class with assorted methods to check for - * smime pairs, determining the type of cert - signature - * or encryption ..etc. - * + * Utility class with assorted methods to check for smime pairs, determining the + * type of cert - signature or encryption ..etc. + * * @author kanda * @version $Revision$, $Date$ */ @@ -78,20 +76,17 @@ public class CertUtils { public static final String CERT_REQUEST_TRAILER = "-----END CERTIFICATE REQUEST-----"; public static final String CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----"; public static final String CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----"; - public static final String BEGIN_CRL_HEADER = - "-----BEGIN CERTIFICATE REVOCATION LIST-----"; - public static final String END_CRL_HEADER = - "-----END CERTIFICATE REVOCATION LIST-----"; + public static final String BEGIN_CRL_HEADER = "-----BEGIN CERTIFICATE REVOCATION LIST-----"; + public static final String END_CRL_HEADER = "-----END CERTIFICATE REVOCATION LIST-----"; protected static ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = - "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; + private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; /** * Remove the header and footer in the PKCS10 request. */ public static String unwrapPKCS10(String request, boolean checkHeader) - throws EBaseException { + throws EBaseException { String unwrapped; String header = null; int head = -1; @@ -112,7 +107,8 @@ public class CertUtils { head = request.indexOf(CERT_REQUEST_HEADER); trail = request.indexOf(CERT_REQUEST_TRAILER); - // If this is not a request header, check if this is a renewal header. + // If this is not a request header, check if this is a renewal + // header. if (!(head == -1 && trail == -1)) { header = CERT_REQUEST_HEADER; @@ -130,10 +126,12 @@ public class CertUtils { // Now validate if any headers or trailers are in place if (head == -1 && checkHeader) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_HEADER")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_HEADER")); } if (trail == -1 && checkHeader) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_TRAILER")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_MISSING_PKCS10_TRAILER")); } if (header != null) { @@ -162,41 +160,44 @@ public class CertUtils { pkcs10 = new PKCS10(decodedBytes); } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } return pkcs10; } - public static void setRSAKeyToCertInfo(X509CertInfo info, - byte encoded[]) throws EBaseException { + public static void setRSAKeyToCertInfo(X509CertInfo info, byte encoded[]) + throws EBaseException { try { if (info == null) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); } - X509Key key = new X509Key(AlgorithmId.getAlgorithmId( - "RSAEncryption"), encoded); + X509Key key = new X509Key( + AlgorithmId.getAlgorithmId("RSAEncryption"), encoded); info.set(X509CertInfo.KEY, key); } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); } } - public static X509CertInfo createCertInfo(int ver, - BigInteger serialno, String alg, String issuerName, - Date notBefore, Date notAfter) throws EBaseException { + public static X509CertInfo createCertInfo(int ver, BigInteger serialno, + String alg, String issuerName, Date notBefore, Date notAfter) + throws EBaseException { try { X509CertInfo info = new X509CertInfo(); info.set(X509CertInfo.VERSION, new CertificateVersion(ver)); - info.set(X509CertInfo.SERIAL_NUMBER, new - CertificateSerialNumber(serialno)); - info.set(X509CertInfo.ALGORITHM_ID, new - CertificateAlgorithmId(AlgorithmId.getAlgorithmId(alg))); - info.set(X509CertInfo.ISSUER, new - CertificateIssuerName(new X500Name(issuerName))); - info.set(X509CertInfo.VALIDITY, new - CertificateValidity(notBefore, notAfter)); + info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( + serialno)); + info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( + AlgorithmId.getAlgorithmId(alg))); + info.set(X509CertInfo.ISSUER, new CertificateIssuerName( + new X500Name(issuerName))); + info.set(X509CertInfo.VALIDITY, new CertificateValidity(notBefore, + notAfter)); return info; } catch (Exception e) { System.out.println(e.toString()); @@ -233,19 +234,20 @@ public class CertUtils { return false; else if (keyUsage.length == 3) return keyUsage[2]; - else return keyUsage[2] || keyUsage[3]; + else + return keyUsage[2] || keyUsage[3]; } public static boolean haveSameValidityPeriod(X509CertImpl cert1, - X509CertImpl cert2) { + X509CertImpl cert2) { long notBefDiff = 0; long notAfterDiff = 0; try { - notBefDiff = Math.abs(cert1.getNotBefore().getTime() - - cert2.getNotBefore().getTime()); - notAfterDiff = Math.abs(cert1.getNotAfter().getTime() - - cert2.getNotAfter().getTime()); + notBefDiff = Math.abs(cert1.getNotBefore().getTime() + - cert2.getNotBefore().getTime()); + notAfterDiff = Math.abs(cert1.getNotAfter().getTime() + - cert2.getNotAfter().getTime()); } catch (Exception e) { e.printStackTrace(); } @@ -255,7 +257,8 @@ public class CertUtils { return true; } - public static boolean isSmimePair(X509CertImpl cert1, X509CertImpl cert2, boolean matchSubjectDN) { + public static boolean isSmimePair(X509CertImpl cert1, X509CertImpl cert2, + boolean matchSubjectDN) { // Check for subjectDN equality. if (matchSubjectDN) { String dn1 = cert1.getSubjectDN().toString(); @@ -264,27 +267,27 @@ public class CertUtils { if (!sameSubjectDN(dn1, dn2)) return false; } - + // Check for the presence of signing and encryption certs. boolean hasSigningCert = isSigningCert(cert1) || isSigningCert(cert2); if (!hasSigningCert) return false; - boolean hasEncryptionCert = isEncryptionCert(cert1) || isEncryptionCert(cert2); + boolean hasEncryptionCert = isEncryptionCert(cert1) + || isEncryptionCert(cert2); if (!hasEncryptionCert) return false; - // If both certs have signing & encryption usage set, they are - // not really pairs. - if ((isSigningCert(cert1) && isEncryptionCert(cert1)) || - (isSigningCert(cert2) && isEncryptionCert(cert2))) + // If both certs have signing & encryption usage set, they are + // not really pairs. + if ((isSigningCert(cert1) && isEncryptionCert(cert1)) + || (isSigningCert(cert2) && isEncryptionCert(cert2))) return false; - // See if the certs have the same validity. - boolean haveSameValidity = - haveSameValidityPeriod(cert1, cert2); + // See if the certs have the same validity. + boolean haveSameValidity = haveSameValidityPeriod(cert1, cert2); return haveSameValidity; } @@ -341,7 +344,8 @@ public class CertUtils { return ret; } - public static String getValidCertsDisplayInfo(String cn, X509CertImpl[] validCerts) { + public static String getValidCertsDisplayInfo(String cn, + X509CertImpl[] validCerts) { StringBuffer sb = new StringBuffer(1024); sb.append(cn + "'s Currently Valid Certificates\n\n"); @@ -349,7 +353,8 @@ public class CertUtils { return new String(sb); } - public static String getExpiredCertsDisplayInfo(String cn, X509CertImpl[] expiredCerts) { + public static String getExpiredCertsDisplayInfo(String cn, + X509CertImpl[] expiredCerts) { StringBuffer sb = new StringBuffer(1024); sb.append(cn + "'s Expired Certificates\n\n"); @@ -358,7 +363,7 @@ public class CertUtils { } public static String getRenewedCertsDisplayInfo(String cn, - X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) { + X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) { StringBuffer sb = new StringBuffer(1024); if (validCerts != null) { @@ -386,25 +391,29 @@ public class CertUtils { signingCert = validCerts[1]; encryptionCert = validCerts[0]; } - sb.append("Signing Certificate Serial No: " + signingCert.getSerialNumber().toString(16).toUpperCase()); + sb.append("Signing Certificate Serial No: " + + signingCert.getSerialNumber().toString(16).toUpperCase()); sb.append("\n"); - sb.append("Encryption Certificate Serial No: " + encryptionCert.getSerialNumber().toString(16).toUpperCase()); + sb.append("Encryption Certificate Serial No: " + + encryptionCert.getSerialNumber().toString(16).toUpperCase()); sb.append("\n"); - sb.append("Validity: From: " + signingCert.getNotBefore().toString() + " To: " + signingCert.getNotAfter().toString()); + sb.append("Validity: From: " + signingCert.getNotBefore().toString() + + " To: " + signingCert.getNotAfter().toString()); sb.append("\n"); return new String(sb); } /** * Returns the index of the given cert in an array of certs. - * - * Assumptions: The certs are issued by the same CA - * - * @param certArray The array of certs. - * @param givenCert The certificate we are lokking for in the array. + * + * Assumptions: The certs are issued by the same CA + * + * @param certArray The array of certs. + * @param givenCert The certificate we are lokking for in the array. * @return -1 if not found or the index of the given cert in the array. */ - public static int getCertIndex(X509CertImpl[] certArray, X509CertImpl givenCert) { + public static int getCertIndex(X509CertImpl[] certArray, + X509CertImpl givenCert) { int i = 0; for (; i < certArray.length; i++) { @@ -418,21 +427,21 @@ public class CertUtils { } /** - * Returns the most recently issued signing certificate from an - * an array of certs. - * - * Assumptions: The certs are issued by the same CA - * - * @param certArray The array of certs. - * @param givenCert The certificate we are lokking for in the array. + * Returns the most recently issued signing certificate from an an array of + * certs. + * + * Assumptions: The certs are issued by the same CA + * + * @param certArray The array of certs. + * @param givenCert The certificate we are lokking for in the array. * @return null if there is no recent cert or the most recent cert. */ public static X509CertImpl getRecentSigningCert(X509CertImpl[] certArray, - X509CertImpl currentCert) { + X509CertImpl currentCert) { if (certArray == null || currentCert == null) return null; - // Sort the certificate array. + // Sort the certificate array. Arrays.sort(certArray, new CertDateCompare()); // Get the index of the current cert in the array. @@ -446,8 +455,9 @@ public class CertUtils { for (; i < certArray.length; i++) { // Check if it is a signing cert and has its // NotAfter later than the current cert. - if (isSigningCert(certArray[i]) && - certArray[i].getNotAfter().after(recentCert.getNotAfter())) + if (isSigningCert(certArray[i]) + && certArray[i].getNotAfter().after( + recentCert.getNotAfter())) recentCert = certArray[i]; } return ((recentCert == currentCert) ? null : recentCert); @@ -466,14 +476,13 @@ public class CertUtils { // Is is object signing cert? try { - CertificateExtensions extns = (CertificateExtensions) - cert.get(X509CertImpl.NAME + "." + - X509CertImpl.INFO + "." + - X509CertInfo.EXTENSIONS); + CertificateExtensions extns = (CertificateExtensions) cert + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO + "." + + X509CertInfo.EXTENSIONS); if (extns != null) { - NSCertTypeExtension nsExtn = (NSCertTypeExtension) - extns.get(NSCertTypeExtension.NAME); + NSCertTypeExtension nsExtn = (NSCertTypeExtension) extns + .get(NSCertTypeExtension.NAME); if (nsExtn != null) { String nsType = getNSExtensionInfo(nsExtn); @@ -485,7 +494,7 @@ public class CertUtils { } } } - }catch (Exception e) { + } catch (Exception e) { } return (sb.length() > 0) ? sb.toString() : null; } @@ -517,14 +526,13 @@ public class CertUtils { res = (Boolean) nsExtn.get(NSCertTypeExtension.OBJECT_SIGNING_CA); if (res.equals(Boolean.TRUE)) sb.append(" object_signing_CA"); - }catch (Exception e) { + } catch (Exception e) { } return (sb.length() > 0) ? sb.toString() : null; } - public static byte[] readFromFile(String fileName) - throws IOException { + public static byte[] readFromFile(String fileName) throws IOException { FileInputStream fin = new FileInputStream(fileName); int available = fin.available(); byte[] ba = new byte[available]; @@ -537,7 +545,7 @@ public class CertUtils { } public static void storeInFile(String fileName, byte[] ba) - throws IOException { + throws IOException { FileOutputStream fout = new FileOutputStream(fileName); fout.write(ba); @@ -546,17 +554,15 @@ public class CertUtils { public static String toMIME64(X509CertImpl cert) { try { - return - "-----BEGIN CERTIFICATE-----\n" + - com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) + - "-----END CERTIFICATE-----\n"; + return "-----BEGIN CERTIFICATE-----\n" + + com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) + + "-----END CERTIFICATE-----\n"; } catch (CertificateException e) { } return null; } - public static X509Certificate mapCert(String mime64) - throws IOException { + public static X509Certificate mapCert(String mime64) throws IOException { mime64 = stripCertBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval); @@ -569,8 +575,8 @@ public class CertUtils { return cert; } - public static X509Certificate[] mapCertFromPKCS7(String mime64) - throws IOException { + public static X509Certificate[] mapCertFromPKCS7(String mime64) + throws IOException { mime64 = stripCertBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval); @@ -584,8 +590,7 @@ public class CertUtils { } } - public static X509CRL mapCRL(String mime64) - throws IOException { + public static X509CRL mapCRL(String mime64) throws IOException { mime64 = stripCRLBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval); @@ -598,8 +603,7 @@ public class CertUtils { return crl; } - public static X509CRL mapCRL1(String mime64) - throws IOException { + public static X509CRL mapCRL1(String mime64) throws IOException { mime64 = stripCRLBrackets(mime64.trim()); byte rawPub[] = OSUtil.AtoB(mime64); X509CRL crl = null; @@ -634,8 +638,8 @@ public class CertUtils { if (s == null) { return s; } - if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) && - (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) { + if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) + && (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) { return (s.substring(43, (s.length() - 41))); } return s; @@ -643,8 +647,9 @@ public class CertUtils { /** * strips out the begin and end certificate brackets + * * @param s the string potentially bracketed with - * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" + * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" * @return string without the brackets */ public static String stripCertBrackets(String s) { @@ -652,14 +657,14 @@ public class CertUtils { return s; } - if ((s.startsWith("-----BEGIN CERTIFICATE-----")) && - (s.endsWith("-----END CERTIFICATE-----"))) { + if ((s.startsWith("-----BEGIN CERTIFICATE-----")) + && (s.endsWith("-----END CERTIFICATE-----"))) { return (s.substring(27, (s.length() - 25))); } // To support Thawte's header and footer - if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) && - (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { + if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) + && (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { return (s.substring(35, (s.length() - 33))); } @@ -667,13 +672,14 @@ public class CertUtils { } /** - * Returns a string that represents a cert's fingerprint. - * The fingerprint is a MD5 digest of the DER encoded certificate. - * @param cert Certificate to get the fingerprint of. + * Returns a string that represents a cert's fingerprint. The fingerprint is + * a MD5 digest of the DER encoded certificate. + * + * @param cert Certificate to get the fingerprint of. * @return a String that represents the cert's fingerprint. */ - public static String getFingerPrint(Certificate cert) - throws CertificateEncodingException, NoSuchAlgorithmException { + public static String getFingerPrint(Certificate cert) + throws CertificateEncodingException, NoSuchAlgorithmException { byte certDer[] = cert.getEncoded(); MessageDigest md = MessageDigest.getInstance("MD5"); @@ -685,16 +691,17 @@ public class CertUtils { sb.append(pp.toHexString(digestedCert, 4, 20)); return sb.toString(); } - + /** - * Returns a string that has the certificate's fingerprint using - * MD5, MD2 and SHA1 hashes. - * A certificate's fingerprint is a hash digest of the DER encoded - * certificate. + * Returns a string that has the certificate's fingerprint using MD5, MD2 + * and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER + * encoded certificate. + * * @param cert Certificate to get the fingerprints of. * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes. - * For example, - * <pre> + * For example, + * + * <pre> * MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 * * MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 @@ -703,34 +710,33 @@ public class CertUtils { * </pre> */ public static String getFingerPrints(Certificate cert) - throws NoSuchAlgorithmException, CertificateEncodingException { + throws NoSuchAlgorithmException, CertificateEncodingException { byte certDer[] = cert.getEncoded(); - /* - String[] hashes = new String[] {"MD2", "MD5", "SHA1"}; - String certFingerprints = ""; - PrettyPrintFormat pp = new PrettyPrintFormat(":"); - - for (int i = 0; i < hashes.length; i++) { - MessageDigest md = MessageDigest.getInstance(hashes[i]); - - md.update(certDer); - certFingerprints += " " + hashes[i] + ":" + - pp.toHexString(md.digest(), 6 - hashes[i].length()); - } - return certFingerprints; - */ - return getFingerPrints(certDer); + /* + * String[] hashes = new String[] {"MD2", "MD5", "SHA1"}; String + * certFingerprints = ""; PrettyPrintFormat pp = new + * PrettyPrintFormat(":"); + * + * for (int i = 0; i < hashes.length; i++) { MessageDigest md = + * MessageDigest.getInstance(hashes[i]); + * + * md.update(certDer); certFingerprints += " " + hashes[i] + ":" + + * pp.toHexString(md.digest(), 6 - hashes[i].length()); } return + * certFingerprints; + */ + return getFingerPrints(certDer); } - + /** - * Returns a string that has the certificate's fingerprint using - * MD5, MD2 and SHA1 hashes. - * A certificate's fingerprint is a hash digest of the DER encoded - * certificate. + * Returns a string that has the certificate's fingerprint using MD5, MD2 + * and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER + * encoded certificate. + * * @param cert Certificate to get the fingerprints of. * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes. - * For example, - * <pre> + * For example, + * + * <pre> * MD2: 78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71 * * MD5: 0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75 @@ -739,9 +745,10 @@ public class CertUtils { * </pre> */ public static String getFingerPrints(byte[] certDer) - throws NoSuchAlgorithmException/*, CertificateEncodingException*/ { - // byte certDer[] = cert.getEncoded(); - String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"}; + throws NoSuchAlgorithmException/* , CertificateEncodingException */{ + // byte certDer[] = cert.getEncoded(); + String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", + "SHA512" }; String certFingerprints = ""; PrettyPrintFormat pp = new PrettyPrintFormat(":"); @@ -749,41 +756,42 @@ public class CertUtils { MessageDigest md = MessageDigest.getInstance(hashes[i]); md.update(certDer); - certFingerprints += hashes[i] + ":\n" + - pp.toHexString(md.digest(), 8, 16); + certFingerprints += hashes[i] + ":\n" + + pp.toHexString(md.digest(), 8, 16); } return certFingerprints; } /** - * Check if a object identifier in string form is valid, - * that is a string in the form n.n.n.n and der encode and decode-able. + * Check if a object identifier in string form is valid, that is a string in + * the form n.n.n.n and der encode and decode-able. + * * @param attrName attribute name (from the configuration file) * @param value object identifier string. - */ + */ public static ObjectIdentifier checkOID(String attrName, String value) - throws EBaseException { + throws EBaseException { String msg = "value must be a object identifier in the form n.n.n.n"; String msg1 = "not a valid object identifier."; ObjectIdentifier oid; - try { - oid = ObjectIdentifier.getObjectIdentifier(value); + try { + oid = ObjectIdentifier.getObjectIdentifier(value); } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - attrName, msg)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_ATTR_VALUE", attrName, msg)); } // if the OID isn't valid (ex. n.n) the error isn't caught til // encoding time leaving a bad request in the request queue. - try { + try { DerOutputStream derOut = new DerOutputStream(); derOut.putOID(oid); new ObjectIdentifier(new DerInputStream(derOut.toByteArray())); } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - attrName, msg1)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_ATTR_VALUE", attrName, msg1)); } return oid; } @@ -803,20 +811,21 @@ public class CertUtils { return tmp.toString(); } - + /* - * verify a certificate by its nickname - * returns true if it verifies; false if any not + * verify a certificate by its nickname returns true if it verifies; false + * if any not */ - public static boolean verifySystemCertByNickname(String nickname, String certusage) { + public static boolean verifySystemCertByNickname(String nickname, + String certusage) { boolean r = true; - CertificateUsage cu = null; + CertificateUsage cu = null; cu = getCertificateUsage(certusage); int ccu = 0; if (cu == null) { - CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+ - nickname + " with unsupported certusage ="+ certusage); + CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + + nickname + " with unsupported certusage =" + certusage); return false; } @@ -825,12 +834,15 @@ public class CertUtils { CMS.debug("CertUtils: verifySystemCertByNickname(): calling isCertValid()"); try { CryptoManager cm = CryptoManager.getInstance(); - if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages.getUsage()) { + if (cu.getUsage() != CryptoManager.CertificateUsage.CheckAllUsages + .getUsage()) { if (cm.isCertValid(nickname, true, cu)) { r = true; - CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname); + CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + + nickname); } else { - CMS.debug("CertUtils: verifySystemCertByNickname() failed:" + nickname); + CMS.debug("CertUtils: verifySystemCertByNickname() failed:" + + nickname); r = false; } } else { @@ -839,48 +851,60 @@ public class CertUtils { if (ccu == CertificateUsage.basicCertificateUsages) { /* cert is good for nothing */ r = false; - CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:"+ nickname); + CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:" + + nickname); } else { r = true; - CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname); + CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + + nickname); - if ((ccu & CryptoManager.CertificateUsage.SSLServer.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.SSLServer + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLServer"); - if ((ccu & CryptoManager.CertificateUsage.SSLClient.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.SSLClient + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLClient"); - if ((ccu & CryptoManager.CertificateUsage.SSLServerWithStepUp.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.SSLServerWithStepUp + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLServerWithStepUp"); if ((ccu & CryptoManager.CertificateUsage.SSLCA.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is SSLCA"); - if ((ccu & CryptoManager.CertificateUsage.EmailSigner.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.EmailSigner + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is EmailSigner"); - if ((ccu & CryptoManager.CertificateUsage.EmailRecipient.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.EmailRecipient + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is EmailRecipient"); - if ((ccu & CryptoManager.CertificateUsage.ObjectSigner.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.ObjectSigner + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is ObjectSigner"); - if ((ccu & CryptoManager.CertificateUsage.UserCertImport.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.UserCertImport + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is UserCertImport"); - if ((ccu & CryptoManager.CertificateUsage.VerifyCA.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.VerifyCA + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is VerifyCA"); - if ((ccu & CryptoManager.CertificateUsage.ProtectedObjectSigner.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.ProtectedObjectSigner + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is ProtectedObjectSigner"); - if ((ccu & CryptoManager.CertificateUsage.StatusResponder.getUsage()) != 0) + if ((ccu & CryptoManager.CertificateUsage.StatusResponder + .getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is StatusResponder"); if ((ccu & CryptoManager.CertificateUsage.AnyCA.getUsage()) != 0) CMS.debug("CertUtils: verifySystemCertByNickname(): cert is AnyCA"); } } } catch (Exception e) { - CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+ - e.toString()); + CMS.debug("CertUtils: verifySystemCertByNickname() failed: " + + e.toString()); r = false; } return r; } /* - * verify a certificate by its tag name - * returns true if it verifies; false if any not + * verify a certificate by its tag name returns true if it verifies; false + * if any not */ public static boolean verifySystemCertByTag(String tag) { String auditMessage = null; @@ -896,52 +920,49 @@ public class CertUtils { if (subsysType == null) { CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.FAILURE, - ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, ILogger.FAILURE, ""); audit(auditMessage); r = false; return r; } - String nickname = config.getString(subsysType+".cert."+tag+".nickname", ""); + String nickname = config.getString(subsysType + ".cert." + tag + + ".nickname", ""); if (nickname.equals("")) { - CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " + tag + " undefined in CS.cfg"); + CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " + + tag + " undefined in CS.cfg"); r = false; } - String certusage = config.getString(subsysType+".cert."+tag+".certusage", ""); + String certusage = config.getString(subsysType + ".cert." + tag + + ".certusage", ""); if (certusage.equals("")) { - CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + tag + " undefined in CS.cfg, getting current certificate usage"); + CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + + tag + + " undefined in CS.cfg, getting current certificate usage"); } r = verifySystemCertByNickname(nickname, certusage); if (r == true) { // audit here auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.SUCCESS, - nickname); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, ILogger.SUCCESS, nickname); audit(auditMessage); } else { // audit here auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.FAILURE, - nickname); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, ILogger.FAILURE, nickname); audit(auditMessage); } } catch (Exception e) { - CMS.debug("CertUtils: verifySystemCertsByTag() failed: "+ - e.toString()); + CMS.debug("CertUtils: verifySystemCertsByTag() failed: " + + e.toString()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.FAILURE, - ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, ILogger.FAILURE, ""); audit(auditMessage); r = false; @@ -986,9 +1007,8 @@ public class CertUtils { } /* - * goes through all system certs and check to see if they are good - * and audit the result - * returns true if all verifies; false if any not + * goes through all system certs and check to see if they are good and audit + * the result returns true if all verifies; false if any not */ public static boolean verifySystemCerts() { String auditMessage = null; @@ -1000,10 +1020,8 @@ public class CertUtils { if (subsysType.equals("")) { CMS.debug("CertUtils: verifySystemCerts() cs.type not defined in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.FAILURE, - ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, ILogger.FAILURE, ""); audit(auditMessage); r = false; @@ -1013,23 +1031,21 @@ public class CertUtils { if (subsysType == null) { CMS.debug("CertUtils: verifySystemCerts() invalid cs.type in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.FAILURE, - ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, ILogger.FAILURE, ""); audit(auditMessage); r = false; return r; } - String certlist = config.getString(subsysType+".cert.list", ""); + String certlist = config.getString(subsysType + ".cert.list", ""); if (certlist.equals("")) { - CMS.debug("CertUtils: verifySystemCerts() "+subsysType+ ".cert.list not defined in CS.cfg. System certificates verification not done"); + CMS.debug("CertUtils: verifySystemCerts() " + + subsysType + + ".cert.list not defined in CS.cfg. System certificates verification not done"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.FAILURE, - ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, ILogger.FAILURE, ""); audit(auditMessage); r = false; @@ -1045,12 +1061,10 @@ public class CertUtils { } catch (Exception e) { // audit here auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - ILogger.SYSTEM_UID, - ILogger.FAILURE, - ""); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + ILogger.SYSTEM_UID, ILogger.FAILURE, ""); - audit(auditMessage); + audit(auditMessage); r = false; CMS.debug("CertUtils: verifySystemCerts():" + e.toString()); } @@ -1073,8 +1087,9 @@ public class CertUtils { } /** - * Signed Audit Log - * This method is called to store messages to the signed audit log. + * Signed Audit Log This method is called to store messages to the signed + * audit log. + * * @param msg signed audit log message */ private static void audit(String msg) { @@ -1084,12 +1099,8 @@ public class CertUtils { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } - } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java index effd86edd..adae21372 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.io.IOException; import java.io.OutputStream; import java.security.cert.CertificateException; @@ -34,10 +33,9 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.cert.ICrossCertPairSubsystem; - /** * This class implements CertificatePair used for Cross Certification - * + * * @author cfu * @version $Revision$, $Date$ */ @@ -47,16 +45,17 @@ public class CertificatePair implements ASN1Value { private static final Tag TAG = SEQUENCE.TAG; /** - * construct a CertificatePair. It doesn't matter which is - * forward and which is reverse in the parameters. It will figure - * it out + * construct a CertificatePair. It doesn't matter which is forward and which + * is reverse in the parameters. It will figure it out + * * @param cert1 one X509Certificate * @param cert2 one X509Certificate */ - public CertificatePair (X509Certificate cert1, X509Certificate cert2) - throws EBaseException { + public CertificatePair(X509Certificate cert1, X509Certificate cert2) + throws EBaseException { if ((cert1 == null) || (cert2 == null)) - throw new EBaseException("CertificatePair: both certs can not be null"); + throw new EBaseException( + "CertificatePair: both certs can not be null"); debug("in CertificatePair()"); boolean rightOrder = certOrders(cert1, cert2); @@ -69,21 +68,22 @@ public class CertificatePair implements ASN1Value { mReverse = cert2.getEncoded(); } } catch (CertificateException e) { - throw new EBaseException("CertificatePair: constructor failed:" + e.toString()); + throw new EBaseException("CertificatePair: constructor failed:" + + e.toString()); } } /** - * construct a CertificatePair. It doesn't matter which is - * forward and which is reverse in the parameters. It will figure - * it out + * construct a CertificatePair. It doesn't matter which is forward and which + * is reverse in the parameters. It will figure it out + * * @param cert1 one certificate byte array * @param cert2 one certificate byte array */ - public CertificatePair (byte[] cert1, byte[] cert2) - throws EBaseException { + public CertificatePair(byte[] cert1, byte[] cert2) throws EBaseException { if ((cert1 == null) || (cert2 == null)) - throw new EBaseException("CertificatePair: both certs can not be null"); + throw new EBaseException( + "CertificatePair: both certs can not be null"); boolean rightOrder = certOrders(cert1, cert2); if (rightOrder == false) { @@ -96,14 +96,15 @@ public class CertificatePair implements ASN1Value { } /* - * returns true if c1 is forward and cert2 is reverse - * returns false if c2 is forward and cert1 is reverse + * returns true if c1 is forward and cert2 is reverse returns false if c2 is + * forward and cert1 is reverse */ private boolean certOrders(X509Certificate c1, X509Certificate c2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with X509Cert"); - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); X509Certificate caCert = (X509Certificate) ca.getCACert(); debug("got this caCert"); @@ -111,55 +112,43 @@ public class CertificatePair implements ASN1Value { // more check really should be done here regarding the // validity of the two certs...later - /* It looks the DN's returned are not normalized and fail - * comparison - - if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))) - debug("myCA signed c1"); - else { - debug("c1 issuerDN="+c1.getIssuerDN().toString()); - debug("myCA subjectDN="+caCert.getSubjectDN().toString()); - } - - if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN())) - debug("myCA subject == c2 subject"); - else { - debug("caCert subjectDN="+caCert.getSubjectDN().toString()); - debug("c2 subjectDN="+c2.getSubjectDN().toString()); - } - - if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))) - debug("myCA signed c2"); - else { - debug("c2 issuerDN="+c1.getIssuerDN().toString()); - debug("myCA subjectDN="+caCert.getSubjectDN().toString()); - } - - if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN())) - debug("myCA subject == c1 subject"); - else { - debug("caCert subjectDN="+caCert.getSubjectDN().toString()); - debug("c1 subjectDN="+c1.getSubjectDN().toString()); - } - - if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) - && (caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))) - - { - return false; - } else if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())) - && (caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))) - { - return true; - } else { - throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); - } + /* + * It looks the DN's returned are not normalized and fail comparison + * + * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))) + * debug("myCA signed c1"); else { + * debug("c1 issuerDN="+c1.getIssuerDN().toString()); + * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); } + * + * if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN())) + * debug("myCA subject == c2 subject"); else { + * debug("caCert subjectDN="+caCert.getSubjectDN().toString()); + * debug("c2 subjectDN="+c2.getSubjectDN().toString()); } + * + * if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))) + * debug("myCA signed c2"); else { + * debug("c2 issuerDN="+c1.getIssuerDN().toString()); + * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); } + * + * if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN())) + * debug("myCA subject == c1 subject"); else { + * debug("caCert subjectDN="+caCert.getSubjectDN().toString()); + * debug("c1 subjectDN="+c1.getSubjectDN().toString()); } + * + * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) && + * (caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))) + * + * { return false; } else if ((c2.getIssuerDN().equals((Object) + * caCert.getSubjectDN())) && (caCert.getSubjectDN().equals((Object) + * c1.getSubjectDN()))) { return true; } else { throw new + * EBaseException( + * "CertificatePair: need correct forward and reverse relationship to construct CertificatePair" + * ); } */ /* - * my other attempt: - * one of the certs has to share the same public key as this - * CA, and that will be the "forward" cert; the other one is + * my other attempt: one of the certs has to share the same public key + * as this CA, and that will be the "forward" cert; the other one is * assumed to be the "reverse" cert */ byte[] caCertBytes = caCert.getPublicKey().getEncoded(); @@ -168,7 +157,8 @@ public class CertificatePair implements ASN1Value { debug("got cacert public key bytes length=" + caCertBytes.length); else { debug("cacert public key bytes null"); - throw new EBaseException("CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); + throw new EBaseException( + "CertificatePair: certOrders() fails to get this CA's signing certificate public key encoded"); } byte[] c1Bytes = c1.getPublicKey().getEncoded(); @@ -177,7 +167,8 @@ public class CertificatePair implements ASN1Value { debug("got c1 public key bytes length=" + c1Bytes.length); else { debug("c1 cert public key bytes length null"); - throw new EBaseException("CertificatePair::certOrders() public key bytes are of length null"); + throw new EBaseException( + "CertificatePair::certOrders() public key bytes are of length null"); } byte[] c2Bytes = c2.getPublicKey().getEncoded(); @@ -196,7 +187,8 @@ public class CertificatePair implements ASN1Value { return false; } else { debug("neither c1 nor c2 public key matches with this ca"); - throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); + throw new EBaseException( + "CertificatePair: need correct forward and reverse relationship to construct CertificatePair"); } } @@ -220,14 +212,14 @@ public class CertificatePair implements ASN1Value { } /* - * returns true if cert1 is forward and cert2 is reverse - * returns false if cert2 is forward and cert1 is reverse + * returns true if cert1 is forward and cert2 is reverse returns false if + * cert2 is forward and cert1 is reverse */ private boolean certOrders(byte[] cert1, byte[] cert2) - throws EBaseException { + throws EBaseException { debug("in certOrders() with byte[]"); - ICrossCertPairSubsystem ccps = - (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); + ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS + .getSubsystem("CrossCertPair"); X509Certificate c1 = null; X509Certificate c2 = null; @@ -235,7 +227,8 @@ public class CertificatePair implements ASN1Value { c1 = ccps.byteArray2X509Cert(cert1); c2 = ccps.byteArray2X509Cert(cert2); } catch (CertificateException e) { - throw new EBaseException("CertificatePair: certOrders() failed:" + e.toString()); + throw new EBaseException("CertificatePair: certOrders() failed:" + + e.toString()); } return certOrders(c1, c2); } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java index 232035250..38f00f2e6 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.text.DateFormat; import java.util.Iterator; import java.util.Locale; @@ -35,44 +34,45 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint; import com.netscape.certsrv.ca.ICertificateAuthority; /** - * This class will display the certificate content in predefined - * format. - * + * This class will display the certificate content in predefined format. + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ -public class CrlCachePrettyPrint implements ICRLPrettyPrint -{ +public class CrlCachePrettyPrint implements ICRLPrettyPrint { - /*========================================================== - * constants - *==========================================================*/ + /* + * ========================================================== constants + * ========================================================== + */ private final static String CUSTOM_LOCALE = "Custom"; - /*========================================================== - * variables - *==========================================================*/ + /* + * ========================================================== variables + * ========================================================== + */ private ICRLIssuingPoint mIP = null; private PrettyPrintFormat pp = null; - /*========================================================== - * constructors - *==========================================================*/ + /* + * ========================================================== constructors + * ========================================================== + */ public CrlCachePrettyPrint(ICRLIssuingPoint ip) { mIP = ip; pp = new PrettyPrintFormat(":"); } - /*========================================================== - * public methods - *==========================================================*/ + /* + * ========================================================== public methods + * ========================================================== + */ /** - * This method return string representation of the certificate - * revocation list in predefined format using specified client - * local. I18N Support. - * + * This method return string representation of the certificate revocation + * list in predefined format using specified client local. I18N Support. + * * @param clientLocale Locale to be used for localization * @return string representation of the certificate */ @@ -80,61 +80,61 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint return toString(clientLocale, 0, 0, 0); } - public String toString(Locale clientLocale, long crlSize, long pageStart, long pageSize) { + public String toString(Locale clientLocale, long crlSize, long pageStart, + long pageSize) { - //get I18N resources - ResourceBundle resource = ResourceBundle.getBundle( - PrettyPrintResources.class.getName()); + // get I18N resources + ResourceBundle resource = ResourceBundle + .getBundle(PrettyPrintResources.class.getName()); DateFormat dateFormater = DateFormat.getDateTimeInstance( DateFormat.FULL, DateFormat.FULL, clientLocale); - //get timezone and timezone ID + // get timezone and timezone ID String tz = " "; String tzid = " "; StringBuffer sb = new StringBuffer(); try { - sb.append(pp.indent(4) + resource.getString( - PrettyPrintResources.TOKEN_CRL) + "\n"); - sb.append(pp.indent(8) + resource.getString( - PrettyPrintResources.TOKEN_DATA) + "\n"); + sb.append(pp.indent(4) + + resource.getString(PrettyPrintResources.TOKEN_CRL) + "\n"); + sb.append(pp.indent(8) + + resource.getString(PrettyPrintResources.TOKEN_DATA) + + "\n"); String signingAlgorithm = mIP.getLastSigningAlgorithm(); if (signingAlgorithm != null) { - sb.append(pp.indent(12) + resource.getString( - PrettyPrintResources.TOKEN_SIGALG) + - signingAlgorithm + "\n"); + sb.append(pp.indent(12) + + resource.getString(PrettyPrintResources.TOKEN_SIGALG) + + signingAlgorithm + "\n"); } - sb.append(pp.indent(12) + resource.getString( - PrettyPrintResources.TOKEN_ISSUER) + - ((ICertificateAuthority)(mIP.getCertificateAuthority())) - .getCRLX500Name().toString() + "\n"); + sb.append(pp.indent(12) + + resource.getString(PrettyPrintResources.TOKEN_ISSUER) + + ((ICertificateAuthority) (mIP.getCertificateAuthority())) + .getCRLX500Name().toString() + "\n"); // Format thisUpdate String thisUpdate = dateFormater.format(mIP.getLastUpdate()); // get timezone and timezone ID if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( - TimeZone.getDefault().inDaylightTime(mIP.getLastUpdate()), - TimeZone.SHORT, - clientLocale); + TimeZone.getDefault().inDaylightTime( + mIP.getLastUpdate()), TimeZone.SHORT, + clientLocale); tzid = TimeZone.getDefault().getID(); } // Specify ThisUpdate if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_THIS_UPDATE) - + thisUpdate - + "\n"); + + resource + .getString(PrettyPrintResources.TOKEN_THIS_UPDATE) + + thisUpdate + "\n"); } else { // Append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_THIS_UPDATE) - + thisUpdate - + " " + tzid + "\n"); + + resource + .getString(PrettyPrintResources.TOKEN_THIS_UPDATE) + + thisUpdate + " " + tzid + "\n"); } // Check for presence of NextUpdate if (mIP.getNextUpdate() != null) { @@ -144,96 +144,110 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint // re-get timezone (just in case it is different . . .) if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( - TimeZone.getDefault().inDaylightTime(mIP.getNextUpdate()), - TimeZone.SHORT, - clientLocale); + TimeZone.getDefault().inDaylightTime( + mIP.getNextUpdate()), TimeZone.SHORT, + clientLocale); } // Specify NextUpdate if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_NEXT_UPDATE) - + nextUpdate - + "\n"); + + resource + .getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) + + nextUpdate + "\n"); } else { // Append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_NEXT_UPDATE) - + nextUpdate - + " " + tzid + "\n"); + + resource + .getString(PrettyPrintResources.TOKEN_NEXT_UPDATE) + + nextUpdate + " " + tzid + "\n"); } } if (crlSize > 0 && pageStart == 0 && pageSize == 0) { - sb.append(pp.indent(12) + resource.getString( - PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + crlSize + "\n"); - } else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) || - (crlSize > 0 && pageStart > 0 && pageSize > 0)) { - sb.append(pp.indent(12) + resource.getString( - PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES)); + sb.append(pp.indent(12) + + resource + .getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + + crlSize + "\n"); + } else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) + || (crlSize > 0 && pageStart > 0 && pageSize > 0)) { + sb.append(pp.indent(12) + + resource + .getString(PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES)); long upperLimit = crlSize; if (crlSize > 0 && pageStart > 0 && pageSize > 0) { - upperLimit = (pageStart + pageSize - 1 > crlSize) ? crlSize : pageStart + pageSize - 1; - sb.append("" + pageStart + "-" + upperLimit + " of " + crlSize); + upperLimit = (pageStart + pageSize - 1 > crlSize) ? crlSize + : pageStart + pageSize - 1; + sb.append("" + pageStart + "-" + upperLimit + " of " + + crlSize); } else { pageStart = 1; sb.append("" + crlSize); } sb.append("\n"); - Set revokedCerts = mIP.getRevokedCertificates((int)(pageStart-1), (int)upperLimit); + Set revokedCerts = mIP.getRevokedCertificates( + (int) (pageStart - 1), (int) upperLimit); if (revokedCerts != null) { Iterator i = revokedCerts.iterator(); long l = 1; - while ((i.hasNext()) && ((crlSize == 0) || (upperLimit - pageStart + 1 >= l))) { - RevokedCertImpl revokedCert = (RevokedCertImpl)i.next(); + while ((i.hasNext()) + && ((crlSize == 0) || (upperLimit - pageStart + 1 >= l))) { + RevokedCertImpl revokedCert = (RevokedCertImpl) i + .next(); if ((crlSize == 0) || (upperLimit - pageStart + 1 >= l)) { - sb.append(pp.indent(16) + resource.getString( - PrettyPrintResources.TOKEN_SERIAL) + "0x" + - revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n"); - String revocationDate = - dateFormater.format(revokedCert.getRevocationDate()); + sb.append(pp.indent(16) + + resource + .getString(PrettyPrintResources.TOKEN_SERIAL) + + "0x" + + revokedCert.getSerialNumber() + .toString(16).toUpperCase() + "\n"); + String revocationDate = dateFormater + .format(revokedCert.getRevocationDate()); // re-get timezone // (just in case it is different . . .) if (TimeZone.getDefault() != null) { - tz = TimeZone.getDefault().getDisplayName( - TimeZone.getDefault().inDaylightTime( - revokedCert.getRevocationDate()), - TimeZone.SHORT, - clientLocale); + tz = TimeZone + .getDefault() + .getDisplayName( + TimeZone.getDefault() + .inDaylightTime( + revokedCert + .getRevocationDate()), + TimeZone.SHORT, clientLocale); } // Specify revocationDate - if (tz.equals(tzid) || - tzid.equals(CUSTOM_LOCALE)) { + if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_REVOCATION_DATE) - + revocationDate - + "\n"); + + resource + .getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) + + revocationDate + "\n"); } else { // Append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_REVOCATION_DATE) - + revocationDate - + " " + tzid + "\n"); + + resource + .getString(PrettyPrintResources.TOKEN_REVOCATION_DATE) + + revocationDate + " " + tzid + "\n"); } if (revokedCert.hasExtensions()) { - sb.append(pp.indent(16) + resource.getString( - PrettyPrintResources.TOKEN_EXTENSIONS) + "\n"); - CRLExtensions crlExtensions = revokedCert.getExtensions(); + sb.append(pp.indent(16) + + resource + .getString(PrettyPrintResources.TOKEN_EXTENSIONS) + + "\n"); + CRLExtensions crlExtensions = revokedCert + .getExtensions(); if (crlExtensions != null) { for (int k = 0; k < crlExtensions.size(); k++) { - Extension ext = (Extension) crlExtensions.elementAt(k); - ExtPrettyPrint extpp = new ExtPrettyPrint(ext, 20); + Extension ext = (Extension) crlExtensions + .elementAt(k); + ExtPrettyPrint extpp = new ExtPrettyPrint( + ext, 20); sb.append(extpp.toString()); } @@ -243,18 +257,27 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint l++; } } else if (mIP.isCRLCacheEnabled() && mIP.isCRLCacheEmpty()) { - sb.append("\n" + pp.indent(16) + resource.getString( - PrettyPrintResources.TOKEN_CACHE_IS_EMPTY) + "\n\n"); + sb.append("\n" + + pp.indent(16) + + resource + .getString(PrettyPrintResources.TOKEN_CACHE_IS_EMPTY) + + "\n\n"); } else { - sb.append("\n" + pp.indent(16) + resource.getString( - PrettyPrintResources.TOKEN_CACHE_NOT_AVAILABLE) + "\n\n"); + sb.append("\n" + + pp.indent(16) + + resource + .getString(PrettyPrintResources.TOKEN_CACHE_NOT_AVAILABLE) + + "\n\n"); } } } catch (Exception e) { - sb.append("\n\n" + pp.indent(4) + resource.getString( - PrettyPrintResources.TOKEN_DECODING_ERROR) + "\n\n"); - CMS.debug("Exception="+e.toString()); + sb.append("\n\n" + + pp.indent(4) + + resource + .getString(PrettyPrintResources.TOKEN_DECODING_ERROR) + + "\n\n"); + CMS.debug("Exception=" + e.toString()); CMS.debugStackTrace(); } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java index 1a3969b4e..06e88d283 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java @@ -17,20 +17,18 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import netscape.security.x509.X509CRLImpl; import com.netscape.certsrv.base.ICRLPrettyPrint; - /** - * This class will display the certificate content in predefined - * format. - * + * This class will display the certificate content in predefined format. + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ -public class CrlPrettyPrint extends netscape.security.util.CrlPrettyPrint implements ICRLPrettyPrint { +public class CrlPrettyPrint extends netscape.security.util.CrlPrettyPrint + implements ICRLPrettyPrint { public CrlPrettyPrint(X509CRLImpl crl) { super(crl); diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java index 663585bf0..58d6aba6e 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -47,23 +46,21 @@ import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.certsrv.publish.IXcertPublisherProcessor; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; - /** - * Subsystem for handling cross certificate pairing and publishing - * Intended use: + * Subsystem for handling cross certificate pairing and publishing Intended use: * <ul> - * <li> when signing a subordinate CA cert which is intended to be - * part of the crossCertificatePair - * <li> when this ca submits a request (with existing CA signing key - * material to another ca for cross-signing - *</ul> - * In both cases, administrator needs to "import" the crossSigned - * certificates via the admin console. When importCert() is called, - * the imported cert will be stored in the internal db - * first until it's pairing cert shows up. - * If it happens that the above two cases finds its pairing - * cert already there, then a CertifiatePair is created and put - * in the internal db "crosscertificatepair;binary" attribute + * <li>when signing a subordinate CA cert which is intended to be part of the + * crossCertificatePair + * <li>when this ca submits a request (with existing CA signing key material to + * another ca for cross-signing + * </ul> + * In both cases, administrator needs to "import" the crossSigned certificates + * via the admin console. When importCert() is called, the imported cert will be + * stored in the internal db first until it's pairing cert shows up. If it + * happens that the above two cases finds its pairing cert already there, then a + * CertifiatePair is created and put in the internal db + * "crosscertificatepair;binary" attribute + * * @author cfu * @version $Revision$, $Date$ */ @@ -100,7 +97,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { try { mConfig = config; mLogger = CMS.getLogger(); @@ -112,21 +109,19 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { if (ldapConfig == null) { log(ILogger.LL_MISCONF, - CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", - PROP_LDAP)); + CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", PROP_LDAP)); return; } mBaseDN = ldapConfig.getString(PROP_BASEDN, null); - + mLdapConnFactory = new LdapBoundConnFactory(); if (mLdapConnFactory != null) mLdapConnFactory.init(ldapConfig); else { log(ILogger.LL_MISCONF, - CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", - PROP_LDAP)); + CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", PROP_LDAP)); return; } } catch (EBaseException e) { @@ -137,14 +132,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } /** - * "import" the CA cert cross-signed by another CA (potentially a - * bridge CA) into internal ldap db. - * the imported cert will be stored in the internal db - * first until it's pairing cert shows up. - * If it happens that it finds its pairing - * cert already there, then a CertifiatePair is created and put + * "import" the CA cert cross-signed by another CA (potentially a bridge CA) + * into internal ldap db. the imported cert will be stored in the internal + * db first until it's pairing cert shows up. If it happens that it finds + * its pairing cert already there, then a CertifiatePair is created and put * in the internal db "crosscertificatepair;binary" attribute - * + * * @param certBytes cert in byte array to be imported */ public void importCert(byte[] certBytes) throws EBaseException { @@ -154,7 +147,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { try { cert = byteArray2X509Cert(certBytes); } catch (CertificateException e) { - throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); + throw new EBaseException( + "CrossCertPairSubsystem: importCert() failed:" + + e.toString()); } @@ -162,14 +157,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } /** - * "import" the CA cert cross-signed by another CA (potentially a - * bridge CA) into internal ldap db. - * the imported cert will be stored in the internal db - * first until it's pairing cert shows up. - * If it happens that it finds its pairing - * cert already there, then a CertifiatePair is created and put + * "import" the CA cert cross-signed by another CA (potentially a bridge CA) + * into internal ldap db. the imported cert will be stored in the internal + * db first until it's pairing cert shows up. If it happens that it finds + * its pairing cert already there, then a CertifiatePair is created and put * in the internal db "crosscertificatepair;binary" attribute - * + * * @param certBytes cert in byte array to be imported */ public synchronized void importCert(Object certObj) throws EBaseException { @@ -182,8 +175,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // 1. does cert2 share the same key pair as this CA's signing // cert // 2. does cert2's subject match this CA's subject? - // 3. other valididity checks: is this a ca cert? Is this - // cert still valid? If the issuer is not yet trusted, let it + // 3. other valididity checks: is this a ca cert? Is this + // cert still valid? If the issuer is not yet trusted, let it // be. // get certs from internal db to see if we find a pair @@ -199,7 +192,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { LDAPEntry entry = (LDAPEntry) res.nextElement(); LDAPAttribute caCerts = entry.getAttribute(LDAP_ATTR_CA_CERT); - LDAPAttribute certPairs = entry.getAttribute(LDAP_ATTR_XCERT_PAIR); + LDAPAttribute certPairs = entry + .getAttribute(LDAP_ATTR_XCERT_PAIR); if (caCerts == null) { debug("no existing ca certs, just import"); @@ -208,7 +202,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } Enumeration en = caCerts.getByteValues(); - + if ((en == null) || (en.hasMoreElements() == false)) { debug("1st potential xcert"); addCAcert(conn, cert.getEncoded()); @@ -232,8 +226,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // caCertificate attr, and publish if so configured debug("found a pair!"); CertificatePair cp = new - // CertificatePair(inCert.getEncoded(), cert.getEncoded()); - CertificatePair(inCert, cert); + // CertificatePair(inCert.getEncoded(), + // cert.getEncoded()); + CertificatePair(inCert, cert); addXCertPair(conn, certPairs, cp); deleteCAcert(conn, inCert.getEncoded()); @@ -242,7 +237,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { break; } } - } //while + } // while if (match == false) { // don't find a pair, add it into // caCertificate attr for later pairing @@ -256,22 +251,32 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { log(ILogger.LL_INFO, "ldap search found no " + DN_XCERTS); } } catch (IOException e) { - throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); + throw new EBaseException( + "CrossCertPairSubsystem: importCert() failed:" + + e.toString()); } catch (LDAPException e) { log(ILogger.LL_FAILURE, "exception: " + e.toString()); - throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); + throw new EBaseException( + "CrossCertPairSubsystem: importCert() failed:" + + e.toString()); } catch (ELdapException e) { log(ILogger.LL_FAILURE, "exception: " + e.toString()); - throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); + throw new EBaseException( + "CrossCertPairSubsystem: importCert() failed:" + + e.toString()); } catch (CertificateException e) { log(ILogger.LL_FAILURE, "exception: " + e.toString()); - throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); + throw new EBaseException( + "CrossCertPairSubsystem: importCert() failed:" + + e.toString()); } finally { try { returnConn(conn); } catch (ELdapException e) { log(ILogger.LL_FAILURE, "exception: " + e.toString()); - throw new EBaseException("CrossCertPairSubsystem: importCert() failed:" + e.toString()); + throw new EBaseException( + "CrossCertPairSubsystem: importCert() failed:" + + e.toString()); } } debug("importCert(Object) completed"); @@ -279,41 +284,41 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { /** * are cert1 and cert2 cross-signed certs? + * * @param cert1 the cert for comparison in our internal db * @param cert2 the cert that's being considered */ protected boolean arePair(X509Certificate cert1, X509Certificate cert2) { // 1. does cert1's issuer match cert2's subject? // 2. does cert2's issuer match cert1's subject? - if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) - && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN()))) + if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) + && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN()))) return true; else return false; } - public X509Certificate byteArray2X509Cert(byte[] certBytes) - throws CertificateException { + public X509Certificate byteArray2X509Cert(byte[] certBytes) + throws CertificateException { debug("in bytearray2X509Cert()"); - ByteArrayInputStream inStream = new - ByteArrayInputStream(certBytes); + ByteArrayInputStream inStream = new ByteArrayInputStream(certBytes); - CertificateFactory cf = - CertificateFactory.getInstance("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream); + X509Certificate cert = (X509Certificate) cf + .generateCertificate(inStream); debug("done bytearray2X509Cert()"); return cert; } public synchronized void addXCertPair(LDAPConnection conn, - LDAPAttribute certPairs, CertificatePair pair) - throws LDAPException, IOException { + LDAPAttribute certPairs, CertificatePair pair) + throws LDAPException, IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); pair.encode(bos); - + if (ByteValueExists(certPairs, bos.toByteArray()) == true) { debug("cross cert pair exists in internal db, don't add again"); return; @@ -322,9 +327,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // add certificatePair LDAPModificationSet modSet = new LDAPModificationSet(); - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray())); - conn.modify(DN_XCERTS + "," + mBaseDN, modSet); + modSet.add(LDAPModification.ADD, new LDAPAttribute( + LDAP_ATTR_XCERT_PAIR, bos.toByteArray())); + conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } /** @@ -366,24 +371,22 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { debug("exiting byteArraysAreEqual(): true"); return true; } - + public synchronized void addCAcert(LDAPConnection conn, byte[] certEnc) - throws LDAPException { - LDAPModificationSet modSet = new - LDAPModificationSet(); - - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); + throws LDAPException { + LDAPModificationSet modSet = new LDAPModificationSet(); + + modSet.add(LDAPModification.ADD, new LDAPAttribute(LDAP_ATTR_CA_CERT, + certEnc)); conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } public synchronized void deleteCAcert(LDAPConnection conn, byte[] certEnc) - throws LDAPException { - LDAPModificationSet modSet = new - LDAPModificationSet(); + throws LDAPException { + LDAPModificationSet modSet = new LDAPModificationSet(); - modSet.add(LDAPModification.DELETE, - new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); + modSet.add(LDAPModification.DELETE, new LDAPAttribute( + LDAP_ATTR_CA_CERT, certEnc)); conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } @@ -393,8 +396,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { public synchronized void publishCertPairs() throws EBaseException { LDAPConnection conn = null; - if ((mPublisherProcessor == null) || - !mPublisherProcessor.enabled()) + if ((mPublisherProcessor == null) || !mPublisherProcessor.enabled()) return; try { @@ -421,7 +423,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } Enumeration en = xcerts.getByteValues(); - + if ((en == null) || (en.hasMoreElements() == false)) { debug("publishCertPair found no pairs in internal db"); return; @@ -435,19 +437,23 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { continue; } else { try { - //found a cross cert pair, publish if we could + // found a cross cert pair, publish if we could IXcertPublisherProcessor xp = null; xp = (IXcertPublisherProcessor) mPublisherProcessor; xp.publishXCertPair(val); } catch (Exception e) { - throw new EBaseException("CrossCertPairSubsystem: publishCertPairs() failed:" + e.toString()); + throw new EBaseException( + "CrossCertPairSubsystem: publishCertPairs() failed:" + + e.toString()); } } }// while - }//if + }// if } catch (Exception e) { - throw new EBaseException("CrossCertPairSubsystem: publishCertPairs() failed:" + e.toString()); + throw new EBaseException( + "CrossCertPairSubsystem: publishCertPairs() failed:" + + e.toString()); } } @@ -476,16 +482,16 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { try { mLdapConnFactory.reset(); } catch (ELdapException e) { - CMS.debug("CrossCertPairSubsystem shutdown exception: "+e.toString()); + CMS.debug("CrossCertPairSubsystem shutdown exception: " + + e.toString()); } } mLdapConnFactory = null; } /* - * Returns the root configuration storage of this system. - * <P> - * + * Returns the root configuration storage of this system. <P> + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { @@ -493,8 +499,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_XCERT, level, msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_XCERT, level, msg); } private static void debug(String msg) { diff --git a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java index ea9fabf24..802418cac 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java @@ -17,23 +17,20 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import netscape.security.x509.Extension; import com.netscape.certsrv.base.IExtPrettyPrint; - /** - * This class will display the certificate content in predefined - * format. - * + * This class will display the certificate content in predefined format. + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ -public class ExtPrettyPrint extends netscape.security.util.ExtPrettyPrint implements IExtPrettyPrint { +public class ExtPrettyPrint extends netscape.security.util.ExtPrettyPrint + implements IExtPrettyPrint { public ExtPrettyPrint(Extension ext, int indentSize) { super(ext, indentSize); } } - diff --git a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java index b340ea236..bfcfc72f7 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.security.cert.CertificateException; import java.util.Enumeration; @@ -38,7 +37,6 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.cmscore.util.Debug; - /** * * @author stevep @@ -47,7 +45,7 @@ import com.netscape.cmscore.util.Debug; public class OidLoaderSubsystem implements ISubsystem { private IConfigStore mConfig = null; - public static final String ID = "oidmap"; + public static final String ID = "oidmap"; private String mId = ID; private static final String PROP_OID = "oid"; @@ -77,61 +75,51 @@ public class OidLoaderSubsystem implements ISubsystem { public static OidLoaderSubsystem getInstance() { return mInstance; } - + private static final int CertType_data[] = { 2, 16, 840, 1, 113730, 1, 1 }; /** * Identifies the particular public key used to sign the certificate. */ - public static final ObjectIdentifier CertType_Id = new - ObjectIdentifier(CertType_data); + public static final ObjectIdentifier CertType_Id = new ObjectIdentifier( + CertType_data); private static final String[][] oidMapEntries = new String[][] { - {NSCertTypeExtension.class.getName(), - CertType_Id.toString(), - NSCertTypeExtension.NAME}, - {CertificateRenewalWindowExtension.class.getName(), - CertificateRenewalWindowExtension.ID.toString(), - CertificateRenewalWindowExtension.NAME}, - {CertificateScopeOfUseExtension.class.getName(), - CertificateScopeOfUseExtension.ID.toString(), - CertificateScopeOfUseExtension.NAME}, - {DeltaCRLIndicatorExtension.class.getName(), - DeltaCRLIndicatorExtension.OID, - DeltaCRLIndicatorExtension.NAME}, - {HoldInstructionExtension.class.getName(), - HoldInstructionExtension.OID, - HoldInstructionExtension.NAME}, - {InvalidityDateExtension.class.getName(), - InvalidityDateExtension.OID, - InvalidityDateExtension.NAME}, - {IssuingDistributionPointExtension.class.getName(), - IssuingDistributionPointExtension.OID, - IssuingDistributionPointExtension.NAME}, - {FreshestCRLExtension.class.getName(), - FreshestCRLExtension.OID, - FreshestCRLExtension.NAME}, - }; + { NSCertTypeExtension.class.getName(), CertType_Id.toString(), + NSCertTypeExtension.NAME }, + { CertificateRenewalWindowExtension.class.getName(), + CertificateRenewalWindowExtension.ID.toString(), + CertificateRenewalWindowExtension.NAME }, + { CertificateScopeOfUseExtension.class.getName(), + CertificateScopeOfUseExtension.ID.toString(), + CertificateScopeOfUseExtension.NAME }, + { DeltaCRLIndicatorExtension.class.getName(), + DeltaCRLIndicatorExtension.OID, + DeltaCRLIndicatorExtension.NAME }, + { HoldInstructionExtension.class.getName(), + HoldInstructionExtension.OID, HoldInstructionExtension.NAME }, + { InvalidityDateExtension.class.getName(), + InvalidityDateExtension.OID, InvalidityDateExtension.NAME }, + { IssuingDistributionPointExtension.class.getName(), + IssuingDistributionPointExtension.OID, + IssuingDistributionPointExtension.NAME }, + { FreshestCRLExtension.class.getName(), FreshestCRLExtension.OID, + FreshestCRLExtension.NAME }, }; /** - * Initializes this subsystem with the given - * configuration store. - * It first initializes resident subsystems, - * and it loads and initializes loadable - * subsystem specified in the configuration - * store. + * Initializes this subsystem with the given configuration store. It first + * initializes resident subsystems, and it loads and initializes loadable + * subsystem specified in the configuration store. * <P> - * Note that individual subsystem should be - * initialized in a separated thread if - * it has dependency on the initialization - * of other subsystems. + * Note that individual subsystem should be initialized in a separated + * thread if it has dependency on the initialization of other subsystems. * <P> - * + * * @param owner owner of this subsystem * @param config configuration store */ public synchronized void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { if (Debug.ON) { Debug.trace("OIDLoaderSubsystem started"); } @@ -143,9 +131,8 @@ public class OidLoaderSubsystem implements ISubsystem { for (int i = 0; i < oidMapEntries.length; i++) { try { - OIDMap.addAttribute(oidMapEntries[i][0], - oidMapEntries[i][1], - oidMapEntries[i][2]); + OIDMap.addAttribute(oidMapEntries[i][0], oidMapEntries[i][1], + oidMapEntries[i][2]); } catch (Exception e) { } } @@ -160,9 +147,7 @@ public class OidLoaderSubsystem implements ISubsystem { String oidname = substore.getString(PROP_OID); String classname = substore.getString(PROP_CLASS); - OIDMap.addAttribute(classname, - oidname, - substorename); + OIDMap.addAttribute(classname, oidname, substorename); } catch (EPropertyNotFound e) { // Log error } catch (CertificateException e) { @@ -181,9 +166,8 @@ public class OidLoaderSubsystem implements ISubsystem { } /* - * Returns the root configuration storage of this system. - * <P> - * + * Returns the root configuration storage of this system. <P> + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java index 3ace3c67b..137901ae3 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java @@ -17,40 +17,39 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import com.netscape.certsrv.base.IPrettyPrintFormat; - /** - * This class will display the certificate content in predefined - * format. - * + * This class will display the certificate content in predefined format. + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ public class PrettyPrintFormat implements IPrettyPrintFormat { - /*========================================================== - * variables - *==========================================================*/ + /* + * ========================================================== variables + * ========================================================== + */ private String mSeparator = ""; private int mIndentSize = 0; private int mLineLen = 0; - /*========================================================== - * constants - * - *==========================================================*/ - private final static String spaces = - " " + - " " + - " " + - " " + - " "; - - /*========================================================== - * constructors - *==========================================================*/ + /* + * ========================================================== constants + * + * ========================================================== + */ + private final static String spaces = " " + + " " + + " " + + " " + + " "; + + /* + * ========================================================== constructors + * ========================================================== + */ public PrettyPrintFormat(String separator) { mSeparator = separator; @@ -67,18 +66,20 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { mIndentSize = indentSize; } - /*========================================================== - * Private methods - *==========================================================*/ - - - /*========================================================== - * public methods - *==========================================================*/ + /* + * ========================================================== Private + * methods========================================================== + */ + + /* + * ========================================================== public methods + * ========================================================== + */ /** - * Provide white space indention - * stevep - speed improvements. Factor of 10 improvement + * Provide white space indention stevep - speed improvements. Factor of 10 + * improvement + * * @param numSpace number of white space to be returned * @return white spaces */ @@ -86,25 +87,23 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { return spaces.substring(0, size); } - private static final char[] hexdigits = { - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', - 'A', 'B', 'C', 'D', 'E', 'F' - }; + private static final char[] hexdigits = { '0', '1', '2', '3', '4', '5', + '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; /** - * Convert Byte Array to Hex String Format - * stevep - speedup by factor of 8 + * Convert Byte Array to Hex String Format stevep - speedup by factor of 8 + * * @param byte array of data to hexify * @param indentSize number of spaces to prepend before each line - * @param lineLen number of bytes to output on each line (0 - means: put everything on one line - * @param separator the first character of this string will be used as - the separator between bytes. + * @param lineLen number of bytes to output on each line (0 means: put + * everything on one line + * @param separator the first character of this string will be used as the + * separator between bytes. * @return string representation */ - public String toHexString(byte[] in, int indentSize, - int lineLen, String separator) { + public String toHexString(byte[] in, int indentSize, int lineLen, + String separator) { StringBuffer sb = new StringBuffer(); int hexCount = 0; char c[]; @@ -144,7 +143,7 @@ public class PrettyPrintFormat implements IPrettyPrintFormat { c[j++] = '\n'; sb.append(c, 0, j); } - // sb.append("\n"); + // sb.append("\n"); return sb.toString(); } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java index 4bf1147ac..849ff4952 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java @@ -17,21 +17,19 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.util.ListResourceBundle; import netscape.security.extensions.NSCertTypeExtension; import netscape.security.x509.KeyUsageExtension; - /** * Resource Boundle for the Pretty Print - * + * * @author Jack Pan-Chen * @version $Revision$, $Date$ */ -public class PrettyPrintResources extends ListResourceBundle { +public class PrettyPrintResources extends ListResourceBundle { /** * Returns content @@ -41,11 +39,10 @@ public class PrettyPrintResources extends ListResourceBundle { } /** - * Constants. The suffix represents the number of - * possible parameters. + * Constants. The suffix represents the number of possible parameters. */ - //certificate pretty print + // certificate pretty print public final static String TOKEN_CERTIFICATE = "tokenCertificate"; public final static String TOKEN_DATA = "tokenData"; public final static String TOKEN_VERSION = "tokenVersion"; @@ -64,14 +61,14 @@ public class PrettyPrintResources extends ListResourceBundle { public final static String TOKEN_EXTENSIONS = "tokenExtensions"; public final static String TOKEN_SIGNATURE = "tokenSignature"; - //extension pretty print + // extension pretty print public final static String TOKEN_YES = "tokenYes"; public final static String TOKEN_NO = "tokenNo"; public final static String TOKEN_IDENTIFIER = "tokenIdentifier"; public final static String TOKEN_CRITICAL = "tokenCritical"; public final static String TOKEN_VALUE = "tokenValue"; - //specific extension token + // specific extension token public final static String TOKEN_KEY_TYPE = "tokenKeyType"; public final static String TOKEN_CERT_TYPE = "tokenCertType"; public final static String TOKEN_SKI = "tokenSKI"; @@ -174,122 +171,111 @@ public class PrettyPrintResources extends ListResourceBundle { public final static String TOKEN_CACHE_NOT_AVAILABLE = "cacheNotAvailable"; public final static String TOKEN_CACHE_IS_EMPTY = "cacheIsEmpty"; - //Tokens should have blank_space as trailer + // Tokens should have blank_space as trailer static final Object[][] contents = { - {TOKEN_CERTIFICATE, "Certificate: "}, - {TOKEN_DATA, "Data: "}, - {TOKEN_VERSION, "Version: "}, - {TOKEN_SERIAL, "Serial Number: "}, - {TOKEN_SIGALG, "Signature Algorithm: "}, - {TOKEN_ISSUER, "Issuer: "}, - {TOKEN_VALIDITY, "Validity: "}, - {TOKEN_NOT_BEFORE, "Not Before: "}, - {TOKEN_NOT_AFTER, "Not After: "}, - {TOKEN_SUBJECT, "Subject: "}, - {TOKEN_SPKI, "Subject Public Key Info: "}, - {TOKEN_ALGORITHM, "Algorithm: "}, - {TOKEN_PUBLIC_KEY, "Public Key: "}, - {TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: "}, - {TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: "}, - {TOKEN_EXTENSIONS, "Extensions: "}, - {TOKEN_SIGNATURE, "Signature: "}, - {TOKEN_YES, "yes "}, - {TOKEN_NO, "no "}, - {TOKEN_IDENTIFIER, "Identifier: "}, - {TOKEN_CRITICAL, "Critical: "}, - {TOKEN_VALUE, "Value: "}, - {TOKEN_KEY_TYPE, "Key Type "}, - {TOKEN_CERT_TYPE, "Netscape Certificate Type "}, - {TOKEN_SKI, "Subject Key Identifier "}, - {TOKEN_AKI, "Authority Key Identifier "}, - {TOKEN_ACCESS_DESC, "Access Description: "}, - {TOKEN_OCSP_NOCHECK, "OCSP NoCheck: "}, - {TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: "}, - {TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: "}, - {TOKEN_PRESENCE_SERVER, "Presence Server: "}, - {TOKEN_AIA, "Authority Info Access: "}, - {TOKEN_KEY_USAGE, "Key Usage: "}, - {KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature "}, - {KeyUsageExtension.NON_REPUDIATION, "Non Repudiation "}, - {KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment "}, - {KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment "}, - {KeyUsageExtension.KEY_AGREEMENT, "Key Agreement "}, - {KeyUsageExtension.KEY_CERTSIGN, "Key CertSign "}, - {KeyUsageExtension.CRL_SIGN, "Crl Sign "}, - {KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only "}, - {KeyUsageExtension.DECIPHER_ONLY, "Decipher Only "}, - {TOKEN_CERT_USAGE, "Certificate Usage: "}, - {NSCertTypeExtension.SSL_CLIENT, "SSL Client "}, - {NSCertTypeExtension.SSL_SERVER, "SSL Server "}, - {NSCertTypeExtension.EMAIL, "Secure Email "}, - {NSCertTypeExtension.OBJECT_SIGNING, "Object Signing "}, - {NSCertTypeExtension.SSL_CA, "SSL CA "}, - {NSCertTypeExtension.EMAIL_CA, "Secure Email CA "}, - {NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA "}, - {TOKEN_KEY_ID, "Key Identifier: "}, - {TOKEN_AUTH_NAME, "Authority Name: "}, - {TOKEN_CRL, "Certificate Revocation List: "}, - {TOKEN_THIS_UPDATE, "This Update: "}, - {TOKEN_NEXT_UPDATE, "Next Update: "}, - {TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: "}, - {TOKEN_REVOCATION_DATE, "Revocation Date: "}, - {TOKEN_REVOCATION_REASON, "Revocation Reason "}, - {TOKEN_REASON, "Reason: "}, - {TOKEN_BASIC_CONSTRAINTS, "Basic Constraints "}, - {TOKEN_NAME_CONSTRAINTS, "Name Constraints "}, - {TOKEN_NSC_COMMENT, "Netscape Comment "}, - {TOKEN_IS_CA, "Is CA: "}, - {TOKEN_PATH_LEN, "Path Length Constraint: "}, - {TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED"}, - {TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED"}, - {TOKEN_PATH_LEN_INVALID, "INVALID"}, - {TOKEN_CRL_NUMBER, "CRL Number "}, - {TOKEN_NUMBER, "Number: "}, - {TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator "}, - {TOKEN_BASE_CRL_NUMBER, "Base CRL Number: "}, - {TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use "}, - {TOKEN_SCOPE_OF_USE, "Scope of Use: "}, - {TOKEN_PORT, "Port: "}, - {TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name "}, - {TOKEN_ISSUER_NAMES, "Issuer Names: "}, - {TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name "}, - {TOKEN_DECODING_ERROR, "Decoding Error"}, - {TOKEN_FRESHEST_CRL_EXT, "Freshest CRL "}, - {TOKEN_CRL_DP_EXT, "CRL Distribution Points "}, - {TOKEN_CRLDP_NUMPOINTS, "Number of Points: "}, - {TOKEN_CRLDP_POINTN, "Point "}, - {TOKEN_CRLDP_DISTPOINT, "Distribution Point: "}, - {TOKEN_CRLDP_REASONS, "Reason Flags: "}, - {TOKEN_CRLDP_CRLISSUER, "CRL Issuer: "}, - {TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point "}, - {TOKEN_DIST_POINT_NAME, "Distribution Point: "}, - {TOKEN_FULL_NAME, "Full Name: "}, - {TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: "}, - {TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: "}, - {TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: "}, - {TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: "}, - {TOKEN_INDIRECT_CRL, "Indirect CRL: "}, - {TOKEN_INVALIDITY_DATE, "Invalidity Date "}, - {TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: "}, - {TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer "}, - {TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code "}, - {TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: "}, - {TOKEN_POLICY_CONSTRAINTS, "Policy Constraints "}, - {TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: "}, - {TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: "}, - {TOKEN_POLICY_MAPPINGS, "Policy Mappings "}, - {TOKEN_MAPPINGS, "Mappings: "}, - {TOKEN_MAP, "Map "}, - {TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: "}, - {TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: "}, - {TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes "}, - {TOKEN_ATTRIBUTES, "Attributes:" }, - {TOKEN_ATTRIBUTE, "Attribute "}, - {TOKEN_VALUES, "Values: "}, - {TOKEN_NOT_SET, "not set"}, - {TOKEN_NONE, "none"}, - {TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. "}, - {TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. "}, - }; + { TOKEN_CERTIFICATE, "Certificate: " }, { TOKEN_DATA, "Data: " }, + { TOKEN_VERSION, "Version: " }, + { TOKEN_SERIAL, "Serial Number: " }, + { TOKEN_SIGALG, "Signature Algorithm: " }, + { TOKEN_ISSUER, "Issuer: " }, { TOKEN_VALIDITY, "Validity: " }, + { TOKEN_NOT_BEFORE, "Not Before: " }, + { TOKEN_NOT_AFTER, "Not After: " }, + { TOKEN_SUBJECT, "Subject: " }, + { TOKEN_SPKI, "Subject Public Key Info: " }, + { TOKEN_ALGORITHM, "Algorithm: " }, + { TOKEN_PUBLIC_KEY, "Public Key: " }, + { TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: " }, + { TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: " }, + { TOKEN_EXTENSIONS, "Extensions: " }, + { TOKEN_SIGNATURE, "Signature: " }, { TOKEN_YES, "yes " }, + { TOKEN_NO, "no " }, { TOKEN_IDENTIFIER, "Identifier: " }, + { TOKEN_CRITICAL, "Critical: " }, { TOKEN_VALUE, "Value: " }, + { TOKEN_KEY_TYPE, "Key Type " }, + { TOKEN_CERT_TYPE, "Netscape Certificate Type " }, + { TOKEN_SKI, "Subject Key Identifier " }, + { TOKEN_AKI, "Authority Key Identifier " }, + { TOKEN_ACCESS_DESC, "Access Description: " }, + { TOKEN_OCSP_NOCHECK, "OCSP NoCheck: " }, + { TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: " }, + { TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: " }, + { TOKEN_PRESENCE_SERVER, "Presence Server: " }, + { TOKEN_AIA, "Authority Info Access: " }, + { TOKEN_KEY_USAGE, "Key Usage: " }, + { KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature " }, + { KeyUsageExtension.NON_REPUDIATION, "Non Repudiation " }, + { KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment " }, + { KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment " }, + { KeyUsageExtension.KEY_AGREEMENT, "Key Agreement " }, + { KeyUsageExtension.KEY_CERTSIGN, "Key CertSign " }, + { KeyUsageExtension.CRL_SIGN, "Crl Sign " }, + { KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only " }, + { KeyUsageExtension.DECIPHER_ONLY, "Decipher Only " }, + { TOKEN_CERT_USAGE, "Certificate Usage: " }, + { NSCertTypeExtension.SSL_CLIENT, "SSL Client " }, + { NSCertTypeExtension.SSL_SERVER, "SSL Server " }, + { NSCertTypeExtension.EMAIL, "Secure Email " }, + { NSCertTypeExtension.OBJECT_SIGNING, "Object Signing " }, + { NSCertTypeExtension.SSL_CA, "SSL CA " }, + { NSCertTypeExtension.EMAIL_CA, "Secure Email CA " }, + { NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA " }, + { TOKEN_KEY_ID, "Key Identifier: " }, + { TOKEN_AUTH_NAME, "Authority Name: " }, + { TOKEN_CRL, "Certificate Revocation List: " }, + { TOKEN_THIS_UPDATE, "This Update: " }, + { TOKEN_NEXT_UPDATE, "Next Update: " }, + { TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: " }, + { TOKEN_REVOCATION_DATE, "Revocation Date: " }, + { TOKEN_REVOCATION_REASON, "Revocation Reason " }, + { TOKEN_REASON, "Reason: " }, + { TOKEN_BASIC_CONSTRAINTS, "Basic Constraints " }, + { TOKEN_NAME_CONSTRAINTS, "Name Constraints " }, + { TOKEN_NSC_COMMENT, "Netscape Comment " }, + { TOKEN_IS_CA, "Is CA: " }, + { TOKEN_PATH_LEN, "Path Length Constraint: " }, + { TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED" }, + { TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED" }, + { TOKEN_PATH_LEN_INVALID, "INVALID" }, + { TOKEN_CRL_NUMBER, "CRL Number " }, { TOKEN_NUMBER, "Number: " }, + { TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator " }, + { TOKEN_BASE_CRL_NUMBER, "Base CRL Number: " }, + { TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use " }, + { TOKEN_SCOPE_OF_USE, "Scope of Use: " }, { TOKEN_PORT, "Port: " }, + { TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name " }, + { TOKEN_ISSUER_NAMES, "Issuer Names: " }, + { TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name " }, + { TOKEN_DECODING_ERROR, "Decoding Error" }, + { TOKEN_FRESHEST_CRL_EXT, "Freshest CRL " }, + { TOKEN_CRL_DP_EXT, "CRL Distribution Points " }, + { TOKEN_CRLDP_NUMPOINTS, "Number of Points: " }, + { TOKEN_CRLDP_POINTN, "Point " }, + { TOKEN_CRLDP_DISTPOINT, "Distribution Point: " }, + { TOKEN_CRLDP_REASONS, "Reason Flags: " }, + { TOKEN_CRLDP_CRLISSUER, "CRL Issuer: " }, + { TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point " }, + { TOKEN_DIST_POINT_NAME, "Distribution Point: " }, + { TOKEN_FULL_NAME, "Full Name: " }, + { TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: " }, + { TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: " }, + { TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: " }, + { TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: " }, + { TOKEN_INDIRECT_CRL, "Indirect CRL: " }, + { TOKEN_INVALIDITY_DATE, "Invalidity Date " }, + { TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: " }, + { TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer " }, + { TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code " }, + { TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: " }, + { TOKEN_POLICY_CONSTRAINTS, "Policy Constraints " }, + { TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: " }, + { TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: " }, + { TOKEN_POLICY_MAPPINGS, "Policy Mappings " }, + { TOKEN_MAPPINGS, "Mappings: " }, { TOKEN_MAP, "Map " }, + { TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: " }, + { TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: " }, + { TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes " }, + { TOKEN_ATTRIBUTES, "Attributes:" }, + { TOKEN_ATTRIBUTE, "Attribute " }, { TOKEN_VALUES, "Values: " }, + { TOKEN_NOT_SET, "not set" }, { TOKEN_NONE, "none" }, + { TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. " }, + { TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. " }, }; } diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java index 01e58fa15..ba5acdffe 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java @@ -17,14 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.security.PublicKey; - /** - * This class will display the certificate content in predefined - * format. - * + * This class will display the certificate content in predefined format. + * * @author Jack Pan-Chen * @author Andrew Wnuk * @version $Revision$, $Date$ diff --git a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java index 539ec82b0..b6bdd9a93 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.util.Enumeration; import java.util.Hashtable; import java.util.StringTokenizer; @@ -35,13 +34,12 @@ import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmscore.util.Debug; - /** - * Subsystem for configuring X500Name related things. - * It is used for the following. + * Subsystem for configuring X500Name related things. It is used for the + * following. * <ul> - * <li>Add X500Name (string to oid) maps for attributes that - * are not supported by default. + * <li>Add X500Name (string to oid) maps for attributes that are not supported + * by default. * <li>Specify an order for encoding Directory Strings other than the default. * </ul> * @@ -51,11 +49,10 @@ import com.netscape.cmscore.util.Debug; public class X500NameSubsystem implements ISubsystem { private IConfigStore mConfig = null; - public static final String ID = "X500Name"; + public static final String ID = "X500Name"; private String mId = ID; - private static final String - PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder"; + private static final String PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder"; private static final String PROP_ATTR = "attr"; private static final String PROP_OID = "oid"; @@ -82,57 +79,62 @@ public class X500NameSubsystem implements ISubsystem { public static X500NameSubsystem getInstance() { return mInstance; } - + /** - * Initializes this subsystem with the given configuration store. - * All paramters are optional. + * Initializes this subsystem with the given configuration store. All + * paramters are optional. * <ul> - * <li>Change encoding order of Directory Strings: + * <li>Change encoding order of Directory Strings: + * * <pre> * X500Name.directoryStringEncodingOrder=order seperated by commas * For example: Printable,BMPString,UniversalString. * </pre> - * Possible values are: + * + * Possible values are: * <ul> * <li>Printable * <li>IA5String * <li>UniversalString * <li>BMPString - * <li>UTF8String + * <li>UTF8String * </ul> * <p> - * <li>Add X500Name attributes: + * <li>Add X500Name attributes: + * * <pre> * X500Name.attr.attribute-name.oid=n.n.n.n - * X500Name.attr.attribute-name.class=value converter class + * X500Name.attr.attribute-name.class=value converter class * </pre> * - * The value converter class converts a string to a ASN.1 value. - * It must implement netscape.security.x509.AVAValueConverter interface. - * Converter classes provided in CMS are: + * The value converter class converts a string to a ASN.1 value. It must + * implement netscape.security.x509.AVAValueConverter interface. Converter + * classes provided in CMS are: + * * <pre> * netscape.security.x509.PrintableConverter - - * Converts to a Printable String value. String must have only - * printable characters. + * Converts to a Printable String value. String must have only + * printable characters. * netscape.security.x509.IA5StringConverter - - * Converts to a IA5String value. String must have only IA5String - * characters. + * Converts to a IA5String value. String must have only IA5String + * characters. * netscape.security.x509.DirStrConverter - - * Converts to a Directory (v3) String. String is expected to - * be in Directory String format according to rfc2253. + * Converts to a Directory (v3) String. String is expected to + * be in Directory String format according to rfc2253. * netscape.security.x509.GenericValueConverter - - * Converts string character by character in the following order - * from smaller character sets to broadest character set. - * Printable, IA5String, BMPString, Universal String. + * Converts string character by character in the following order + * from smaller character sets to broadest character set. + * Printable, IA5String, BMPString, Universal String. * </pre> + * * </ul> * <P> - * + * * @param owner owner of this subsystem * @param config configuration store */ public synchronized void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { mLogger = CMS.getLogger(); if (Debug.ON) { Debug.trace(ID + " started"); @@ -142,16 +144,14 @@ public class X500NameSubsystem implements ISubsystem { // get order for encoding directory strings if any. setDirStrEncodingOrder(); - // load x500 name maps + // load x500 name maps loadX500NameAttrMaps(); } /** - * Loads X500Name String to attribute maps. - * Called from init. + * Loads X500Name String to attribute maps. Called from init. */ - private void loadX500NameAttrMaps() - throws EBaseException { + private void loadX500NameAttrMaps() throws EBaseException { X500NameAttrMap globalMap = X500NameAttrMap.getDefault(); IConfigStore attrSubStore = mConfig.getSubStore(PROP_ATTR); Enumeration attrNames = attrSubStore.getSubStoreNames(); @@ -166,28 +166,27 @@ public class X500NameSubsystem implements ISubsystem { AVAValueConverter convClass = null; try { - convClass = (AVAValueConverter) - Class.forName(className).newInstance(); + convClass = (AVAValueConverter) Class.forName(className) + .newInstance(); } catch (Exception e) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_LOAD_CLASS_FAILED", className, e.toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_LOAD_CLASS_FAILED", className, e.toString())); } globalMap.addNameOID(name, oid, convClass); if (Debug.ON) { - Debug.trace(ID + ": Loaded " + name + " " + oid + " " + className); + Debug.trace(ID + ": Loaded " + name + " " + oid + " " + + className); } } } /** - * Set directory string encoding order. - * Called from init(). + * Set directory string encoding order. Called from init(). */ - private void setDirStrEncodingOrder() - throws EBaseException { + private void setDirStrEncodingOrder() throws EBaseException { String order = mConfig.getString(PROP_DIR_STR_ENCODING_ORDER, null); - if (order == null || order.length() == 0) // nothing. + if (order == null || order.length() == 0) // nothing. return; StringTokenizer toker = new StringTokenizer(order, ", \t"); int numTokens = toker.countTokens(); @@ -195,9 +194,11 @@ public class X500NameSubsystem implements ISubsystem { if (numTokens == 0) { String msg = "must be a list of DER tag names seperated by commas."; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_DIR_STRING", PROP_DIR_STR_ENCODING_ORDER)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_DIR_STR_ENCODING_ORDER, msg)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CERT_DIR_STRING", PROP_DIR_STR_ENCODING_ORDER)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_ATTR_VALUE", PROP_DIR_STR_ENCODING_ORDER, + msg)); } byte[] tags = new byte[numTokens]; @@ -210,9 +211,12 @@ public class X500NameSubsystem implements ISubsystem { } catch (IllegalArgumentException e) { String msg = "unknown DER tag '" + nextTag + "'."; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_UNKNOWN_TAG", PROP_DIR_STR_ENCODING_ORDER, nextTag)); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", - PROP_DIR_STR_ENCODING_ORDER, msg)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CERT_UNKNOWN_TAG", + PROP_DIR_STR_ENCODING_ORDER, nextTag)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_ATTR_VALUE", + PROP_DIR_STR_ENCODING_ORDER, msg)); } } @@ -229,28 +233,24 @@ public class X500NameSubsystem implements ISubsystem { private static Hashtable mDerStr2TagHash = new Hashtable(); static { - mDerStr2TagHash.put( - PRINTABLESTRING, Byte.valueOf(DerValue.tag_PrintableString)); - mDerStr2TagHash.put( - IA5STRING, Byte.valueOf(DerValue.tag_IA5String)); - mDerStr2TagHash.put( - VISIBLESTRING, Byte.valueOf(DerValue.tag_VisibleString)); - mDerStr2TagHash.put( - T61STRING, Byte.valueOf(DerValue.tag_T61String)); - mDerStr2TagHash.put( - BMPSTRING, Byte.valueOf(DerValue.tag_BMPString)); - mDerStr2TagHash.put( - UNIVERSALSTRING, Byte.valueOf(DerValue.tag_UniversalString)); - mDerStr2TagHash.put( - UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String)); + mDerStr2TagHash.put(PRINTABLESTRING, + Byte.valueOf(DerValue.tag_PrintableString)); + mDerStr2TagHash.put(IA5STRING, Byte.valueOf(DerValue.tag_IA5String)); + mDerStr2TagHash.put(VISIBLESTRING, + Byte.valueOf(DerValue.tag_VisibleString)); + mDerStr2TagHash.put(T61STRING, Byte.valueOf(DerValue.tag_T61String)); + mDerStr2TagHash.put(BMPSTRING, Byte.valueOf(DerValue.tag_BMPString)); + mDerStr2TagHash.put(UNIVERSALSTRING, + Byte.valueOf(DerValue.tag_UniversalString)); + mDerStr2TagHash.put(UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String)); } private byte derStr2Tag(String s) { - if (s == null || s.length() == 0) + if (s == null || s.length() == 0) throw new IllegalArgumentException(); Byte tag = (Byte) mDerStr2TagHash.get(s); - if (tag == null) + if (tag == null) throw new IllegalArgumentException(); return tag.byteValue(); } @@ -265,9 +265,8 @@ public class X500NameSubsystem implements ISubsystem { } /* - * Returns the root configuration storage of this system. - * <P> - * + * Returns the root configuration storage of this system. <P> + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { @@ -277,8 +276,7 @@ public class X500NameSubsystem implements ISubsystem { protected ILogger mLogger = null; protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_ADMIN, level, msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_ADMIN, level, msg); } } |