summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java')
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java546
1 files changed, 272 insertions, 274 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
index f15a4bc21..cdf4784ae 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
@@ -101,10 +100,10 @@ import com.netscape.cmscore.cert.CertUtils;
import com.netscape.cmscore.util.Debug;
import com.netscape.cmsutil.crypto.CryptoUtil;
-
/**
* Subsystem for initializing JSS>
* <P>
+ *
* @version $Revision$ $Date$
*/
public final class JssSubsystem implements ICryptoSubsystem {
@@ -131,7 +130,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
private Hashtable mNicknameMapCertsTable = new Hashtable();
private Hashtable mNicknameMapUserCertsTable = new Hashtable();
- private FileInputStream devRandomInputStream=null;
+ private FileInputStream devRandomInputStream = null;
// This date format is to format the date string of the certificate in such a way as
// May 01, 1999 01:55:55.
@@ -148,19 +147,19 @@ public final class JssSubsystem implements ICryptoSubsystem {
private static Hashtable mCipherNames = new Hashtable();
/* default sslv2 and sslv3 cipher suites(all), set if no prefs in config.*/
- private static final String DEFAULT_CIPHERPREF =
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +
- "TLS_RSA_WITH_AES_128_CBC_SHA," +
- "TLS_RSA_WITH_AES_256_CBC_SHA," +
- "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +
- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +
-// "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
-// "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
-// "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
- "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +
- "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +
- "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +
- "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+ private static final String DEFAULT_CIPHERPREF =
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +
+ "TLS_RSA_WITH_AES_128_CBC_SHA," +
+ "TLS_RSA_WITH_AES_256_CBC_SHA," +
+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +
+ // "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
+ // "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
+ // "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
+ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +
+ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
/* list of all ciphers JSS supports */
private static final int mJSSCipherSuites[] = {
@@ -199,29 +198,29 @@ public final class JssSubsystem implements ICryptoSubsystem {
Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5));
*/
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_RC4_128_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_DES_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,
- Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
+ Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
- Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
+ Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
+ Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
}
public static JssSubsystem getInstance() {
@@ -243,40 +242,37 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
- // Add entropy to the 'default' RNG token
- public void addEntropy(int bits)
- throws org.mozilla.jss.util.NotImplementedException,
- IOException,
- TokenException
- {
- int read=0;
- int bytes = (7+bits)/8;
- byte[] b = new byte[bytes];
- if (devRandomInputStream == null) {
- throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
- }
- do {
- int c = devRandomInputStream.read(b,read,bytes-read);
- read += c;
- }
- while (read < bytes);
-
- CMS.debug("JssSubsystem adding "+bits+" bits ("+bytes+" bytes) of entropy to default RNG token");
- CMS.debug(b);
- PK11SecureRandom sr = new PK11SecureRandom();
- sr.setSeed(b);
- }
-
+ // Add entropy to the 'default' RNG token
+ public void addEntropy(int bits)
+ throws org.mozilla.jss.util.NotImplementedException,
+ IOException,
+ TokenException {
+ int read = 0;
+ int bytes = (7 + bits) / 8;
+ byte[] b = new byte[bytes];
+ if (devRandomInputStream == null) {
+ throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
+ }
+ do {
+ int c = devRandomInputStream.read(b, read, bytes - read);
+ read += c;
+ } while (read < bytes);
+
+ CMS.debug("JssSubsystem adding " + bits + " bits (" + bytes + " bytes) of entropy to default RNG token");
+ CMS.debug(b);
+ PK11SecureRandom sr = new PK11SecureRandom();
+ sr.setSeed(b);
+ }
+
/**
- * Initializes the Jss security subsystem.
+ * Initializes the Jss security subsystem.
* <P>
*/
- public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem owner, IConfigStore config)
+ throws EBaseException {
mLogger = CMS.getLogger();
-
- if (mInited)
- {
+
+ if (mInited) {
// This used to throw an exeception (e.g. - on Solaris).
// If JSS is already initialized simply return.
CMS.debug("JssSubsystem already inited.. returning.");
@@ -309,9 +305,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
String certDir;
certDir = config.getString(CONFIG_DIR, null);
-
- CryptoManager.InitializationValues vals =
- new CryptoManager.InitializationValues(certDir,
+
+ CryptoManager.InitializationValues vals =
+ new CryptoManager.InitializationValues(certDir,
"", "", "secmod.db");
vals.removeSunProvider = false;
@@ -321,7 +317,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
} catch (AlreadyInitializedException e) {
// do nothing
} catch (Exception e) {
- String[] params = {mId, e.toString()};
+ String[] params = { mId, e.toString() };
EBaseException ex = new EBaseException(
CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
@@ -333,19 +329,19 @@ public final class JssSubsystem implements ICryptoSubsystem {
mCryptoManager = CryptoManager.getInstance();
initSSL();
} catch (CryptoManager.NotInitializedException e) {
- String[] params = {mId, e.toString()};
+ String[] params = { mId, e.toString() };
EBaseException ex = new EBaseException(
CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
}
-
+
mInited = true;
}
public String getCipherVersion() throws EBaseException {
- return "cipherdomestic";
+ return "cipherdomestic";
}
public String getCipherPreferences() throws EBaseException {
@@ -383,13 +379,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (position == -1) {
Debug.trace("Unable to install CMS provider");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
}
}
- public void setCipherPreferences(String cipherPrefs)
- throws EBaseException {
+ public void setCipherPreferences(String cipherPrefs)
+ throws EBaseException {
if (mSSLConfig != null) {
if (cipherPrefs.equals(""))
throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS"));
@@ -418,11 +414,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (Debug.ON)
Debug.trace("configured ssl cipher prefs is " + sslCiphers);
- // first, disable all ciphers, since JSS defaults to all-enabled
+ // first, disable all ciphers, since JSS defaults to all-enabled
for (int i = mJSSCipherSuites.length - 1; i >= 0; i--) {
try {
SSLSocket.setCipherPreferenceDefault(mJSSCipherSuites[i],
- false);
+ false);
} catch (SocketException e) {
}
}
@@ -433,8 +429,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
StringTokenizer ciphers = new StringTokenizer(sslCiphers, ",");
if (!ciphers.hasMoreTokens()) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF));
}
while (ciphers.hasMoreTokens()) {
@@ -444,13 +440,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (sslcipher != null) {
String msg = "setting ssl cipher " + cipher;
- CMS.debug("JSSSubsystem: initSSL(): "+msg);
+ CMS.debug("JSSSubsystem: initSSL(): " + msg);
log(ILogger.LL_INFO, msg);
if (Debug.ON)
Debug.trace(msg);
try {
SSLSocket.setCipherPreferenceDefault(
- sslcipher.intValue(), true);
+ sslcipher.intValue(), true);
} catch (SocketException e) {
}
}
@@ -458,7 +454,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
-
+
/**
* Retrieves a configuration store of this subsystem.
* <P>
@@ -472,26 +468,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
*/
public void startup() throws EBaseException {
}
-
+
/**
* Shutdowns this subsystem.
* <P>
*/
public void shutdown() {
try {
- // After talking to NSS teamm, we should not call close databases
- // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
- boolean isClosing = mConfig.getBoolean("closeDatabases", false);
- if (isClosing) {
- JSSDatabaseCloser closer = new JSSDatabaseCloser();
- closer.closeDatabases();
- }
+ // After talking to NSS teamm, we should not call close databases
+ // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
+ boolean isClosing = mConfig.getBoolean("closeDatabases", false);
+ if (isClosing) {
+ JSSDatabaseCloser closer = new JSSDatabaseCloser();
+ closer.closeDatabases();
+ }
} catch (Exception e) {
}
}
public void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg);
}
public PasswordCallback getPWCB() {
@@ -505,7 +501,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
try {
name = c.getName();
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
+ String[] params = { mId, e.toString() };
EBaseException ex = new EBaseException(
CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
@@ -531,12 +527,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
if (num++ == 0)
- tokenList = tokenList + c.getName();
- else
+ tokenList = tokenList + c.getName();
+ else
tokenList = tokenList + "," + c.getName();
}
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
+ String[] params = { mId, e.toString() };
EBaseException ex = new EBaseException(
CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
@@ -544,8 +540,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
throw ex;
}
- if (tokenList.equals(""))
- return Constants.PR_INTERNAL_TOKEN;
+ if (tokenList.equals(""))
+ return Constants.PR_INTERNAL_TOKEN;
else
return (tokenList + "," + Constants.PR_INTERNAL_TOKEN);
}
@@ -584,8 +580,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
- public String getCertSubjectName(String tokenname, String nickname)
- throws EBaseException {
+ public String getCertSubjectName(String tokenname, String nickname)
+ throws EBaseException {
try {
return KeyCertUtil.getCertSubjectName(tokenname, nickname);
} catch (NoSuchTokenException e) {
@@ -624,7 +620,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
+ String[] params = { mId, e.toString() };
EBaseException ex = new EBaseException(
CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
@@ -653,7 +649,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (list == null)
return "";
-
+
for (int i = 0; i < list.length; i++) {
String nickname = list[i].getNickname();
int index = nickname.indexOf(":");
@@ -670,14 +666,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
return "";
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
+ String[] params = { mId, e.toString() };
EBaseException ex = new EBaseException(
CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
} catch (NoSuchTokenException e) {
- String[] params = {mId, e.toString()};
+ String[] params = { mId, e.toString() };
EBaseException ex = new EBaseException(
CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
@@ -704,7 +700,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (list == null)
return "";
-
+
for (int i = 0; i < list.length; i++) {
String nickname = list[i].getNickname();
@@ -718,14 +714,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
return "";
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
+ String[] params = { mId, e.toString() };
EBaseException ex = new EBaseException(
CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
} catch (NoSuchTokenException e) {
- String[] params = {mId, e.toString()};
+ String[] params = { mId, e.toString() };
EBaseException ex = new EBaseException(
CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
@@ -734,8 +730,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
- public AlgorithmId getAlgorithmId(String algname, IConfigStore store)
- throws EBaseException {
+ public AlgorithmId getAlgorithmId(String algname, IConfigStore store)
+ throws EBaseException {
try {
if (algname.equals("DSA")) {
byte[] p = store.getByteArray("ca.dsaP", null);
@@ -758,8 +754,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
public String getSignatureAlgorithm(String nickname) throws EBaseException {
try {
- X509Certificate cert =
- CryptoManager.getInstance().findCertByNickname(nickname);
+ X509Certificate cert =
+ CryptoManager.getInstance().findCertByNickname(nickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
return impl.getSigAlgName();
@@ -775,15 +771,15 @@ public final class JssSubsystem implements ICryptoSubsystem {
} catch (CertificateException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
- }
+ }
}
public KeyPair getKeyPair(String nickname) throws EBaseException {
try {
- X509Certificate cert =
- CryptoManager.getInstance().findCertByNickname(nickname);
- PrivateKey priKey =
- CryptoManager.getInstance().findPrivKeyByCert(cert);
+ X509Certificate cert =
+ CryptoManager.getInstance().findCertByNickname(nickname);
+ PrivateKey priKey =
+ CryptoManager.getInstance().findPrivKeyByCert(cert);
PublicKey publicKey = cert.getPublicKey();
return new KeyPair(publicKey, priKey);
@@ -800,12 +796,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
public KeyPair getKeyPair(String tokenName, String alg,
- int keySize) throws EBaseException {
+ int keySize) throws EBaseException {
return getKeyPair(tokenName, alg, keySize, null);
}
public KeyPair getKeyPair(String tokenName, String alg,
- int keySize, PQGParams pqg) throws EBaseException {
+ int keySize, PQGParams pqg) throws EBaseException {
String t = tokenName;
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN))
@@ -813,12 +809,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
CryptoToken token = null;
try {
- token = mCryptoManager.getTokenByName(t);
+ token = mCryptoManager.getTokenByName(t);
} catch (NoSuchTokenException e) {
log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e);
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName));
}
-
+
KeyPairAlgorithm kpAlg = null;
if (alg.equals("RSA"))
@@ -860,11 +856,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
- public String getCertRequest(String subjectName, KeyPair kp)
- throws EBaseException {
+ public String getCertRequest(String subjectName, KeyPair kp)
+ throws EBaseException {
try {
netscape.security.pkcs.PKCS10 pkcs =
- KeyCertUtil.getCertRequest(subjectName, kp);
+ KeyCertUtil.getCertRequest(subjectName, kp);
ByteArrayOutputStream bs = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(bs);
@@ -891,8 +887,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
- public void importCert(String b64E, String nickname, String certType)
- throws EBaseException {
+ public void importCert(String b64E, String nickname, String certType)
+ throws EBaseException {
try {
KeyCertUtil.importCert(b64E, nickname, certType);
} catch (CertificateException e) {
@@ -929,7 +925,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
if ((tmp != null) &&
- (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
tokenname = tmp;
tmp = (String) properties.get(Constants.PR_KEY_TYPE);
if (tmp != null)
@@ -951,9 +947,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
KeyPair pair = null;
String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
- if (tmp != null)
+ if (tmp != null)
token = tmp;
-
+
tmp = (String) properties.get(Constants.PR_KEY_CURVENAME);
if (tmp != null)
keyCurve = tmp;
@@ -964,7 +960,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
return pair;
}
-
+
public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException {
KeyPair pair = null;
@@ -972,26 +968,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
token = Constants.PR_INTERNAL_TOKEN_NAME;
if ((keyCurve == null) || (keyCurve.equals("")))
- keyCurve = "nistp512";
+ keyCurve = "nistp512";
String ectype = getECType(certType);
// ECDHE needs "SIGN" but no "DERIVE"
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
};
// ECDH needs "DERIVE" but no any kind of "SIGN"
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
};
try {
- if (ectype.equals("ECDHE"))
- pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask);
+ if (ectype.equals("ECDHE"))
+ pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask);
else
- pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask);
+ pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask);
} catch (NotInitializedException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
@@ -1007,10 +1003,10 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
return pair;
- }
+ }
public void importCert(X509CertImpl signedCert, String nickname,
- String certType) throws EBaseException {
+ String certType) throws EBaseException {
try {
KeyCertUtil.importCert(signedCert, nickname, certType);
@@ -1063,23 +1059,23 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
public void deleteUserCert(String nickname, String serialno, String issuername)
- throws EBaseException {
+ throws EBaseException {
try {
X509Certificate cert = getCertificate(nickname, serialno, issuername);
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
CryptoStore store = tcert.getOwningToken().getCryptoStore();
-CMS.debug("*** deleting this token cert");
+ CMS.debug("*** deleting this token cert");
tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
-CMS.debug("*** finish deleting this token cert");
+ CMS.debug("*** finish deleting this token cert");
} else {
- CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
- CryptoStore store = token.getCryptoStore();
+ CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
+ CryptoStore store = token.getCryptoStore();
-CMS.debug("*** deleting this interna cert");
- store.deleteCert(cert);
-CMS.debug("*** removing this interna cert");
+ CMS.debug("*** deleting this interna cert");
+ store.deleteCert(cert);
+ CMS.debug("*** removing this interna cert");
}
} catch (NotInitializedException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
@@ -1093,12 +1089,12 @@ CMS.debug("*** removing this interna cert");
}
}
- public void deleteRootCert(String nickname, String serialno,
- String issuername) throws EBaseException {
+ public void deleteRootCert(String nickname, String serialno,
+ String issuername) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
if (mNicknameMapCertsTable != null) {
@@ -1115,24 +1111,24 @@ CMS.debug("*** removing this interna cert");
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
String num = impl.getSerialNumber().toString();
String issuer = impl.getIssuerDN().toString();
-CMS.debug("*** num "+num);
-CMS.debug("*** issuer "+issuer);
+ CMS.debug("*** num " + num);
+ CMS.debug("*** issuer " + issuer);
if (num.equals(serialno) && issuername.equals(issuer)) {
-CMS.debug("*** removing root cert");
+ CMS.debug("*** removing root cert");
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
CryptoStore store = tcert.getOwningToken().getCryptoStore();
-
-CMS.debug("*** deleting this token cert");
- tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
-CMS.debug("*** finish deleting this token cert");
+
+ CMS.debug("*** deleting this token cert");
+ tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
+ CMS.debug("*** finish deleting this token cert");
} else {
- CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
+ CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
CryptoStore store = token.getCryptoStore();
-
-CMS.debug("*** deleting this interna cert");
+
+ CMS.debug("*** deleting this interna cert");
store.deleteCert(cert);
-CMS.debug("*** removing this interna cert");
+ CMS.debug("*** removing this interna cert");
}
mNicknameMapCertsTable.remove(nickname);
break;
@@ -1175,14 +1171,14 @@ CMS.debug("*** removing this interna cert");
for (int i = 0; i < list.length; i++) {
try {
- PrivateKey key =
- CryptoManager.getInstance().findPrivKeyByCert(list[i]);
+ PrivateKey key =
+ CryptoManager.getInstance().findPrivKeyByCert(list[i]);
Debug.trace("JssSubsystem getRootCerts: find private key "
- +list[i].getNickname());
+ + list[i].getNickname());
} catch (ObjectNotFoundException e) {
String nickname = list[i].getNickname();
- if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
+ if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
+ nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + nickname;
}
X509CertImpl impl = null;
@@ -1203,14 +1199,14 @@ CMS.debug("*** removing this interna cert");
}
String serialno = impl.getSerialNumber().toString();
String issuer = impl.getIssuerDN().toString();
- nvps.add(nickname+","+serialno, issuer);
- Debug.trace("getRootCerts: nickname="+nickname+", serialno="+
- serialno+", issuer="+issuer);
+ nvps.add(nickname + "," + serialno, issuer);
+ Debug.trace("getRootCerts: nickname=" + nickname + ", serialno=" +
+ serialno + ", issuer=" + issuer);
continue;
} catch (CryptoManager.NotInitializedException e) {
continue;
}
- }
+ }
// convert hashtable of vectors to hashtable of arrays
Enumeration elms = vecTable.keys();
@@ -1246,16 +1242,16 @@ CMS.debug("*** removing this interna cert");
for (int i = 0; i < list.length; i++) {
try {
- PrivateKey key =
- CryptoManager.getInstance().findPrivKeyByCert(list[i]);
+ PrivateKey key =
+ CryptoManager.getInstance().findPrivKeyByCert(list[i]);
String nickname = list[i].getNickname();
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) ||
- tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
- nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
+ tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
+ nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + nickname;
}
X509CertImpl impl = null;
- try {
+ try {
impl = new X509CertImpl(list[i].getEncoded());
} catch (CertificateException e) {
// skip bad certificate
@@ -1264,17 +1260,17 @@ CMS.debug("*** removing this interna cert");
}
String serialno = impl.getSerialNumber().toString();
String issuer = impl.getIssuerDN().toString();
- nvps.add(nickname+","+serialno, issuer);
- Debug.trace("getUserCerts: nickname="+nickname+", serialno="+
- serialno+", issuer="+issuer);
+ nvps.add(nickname + "," + serialno, issuer);
+ Debug.trace("getUserCerts: nickname=" + nickname + ", serialno=" +
+ serialno + ", issuer=" + issuer);
} catch (ObjectNotFoundException e) {
Debug.trace("JssSubsystem getUserCerts: cant find private key "
- +list[i].getNickname());
+ + list[i].getNickname());
continue;
} catch (CryptoManager.NotInitializedException e) {
continue;
}
- }
+ }
}
} catch (TokenException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
@@ -1312,14 +1308,14 @@ CMS.debug("*** removing this interna cert");
for (int i = 0; i < list.length; i++) {
String nickname = list[i].getNickname();
- X509Certificate[] certificates =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ X509Certificate[] certificates =
+ CryptoManager.getInstance().findCertsByNickname(nickname);
mNicknameMapUserCertsTable.put(nickname, certificates);
X509CertImpl impl = null;
- try {
+ try {
impl = new X509CertImpl(list[i].getEncoded());
} catch (CertificateException e) {
// skip bad certificate
@@ -1341,7 +1337,7 @@ CMS.debug("*** removing this interna cert");
if (vvalue.endsWith(",u")) {
pair.setValue(vvalue + ";" + certValue);
}
- }
+ }
}
} /* while */
@@ -1366,22 +1362,22 @@ CMS.debug("*** removing this interna cert");
X509Certificate[] certs;
try {
- certs =
+ certs =
CryptoManager.getInstance().getCACerts();
} catch (NotInitializedException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
}
- if( mNicknameMapCertsTable == null ) {
- CMS.debug( "JssSubsystem::getCACerts() - "
- + "mNicknameMapCertsTable is null!" );
- throw new EBaseException( "mNicknameMapCertsTable is null" );
+ if (mNicknameMapCertsTable == null) {
+ CMS.debug("JssSubsystem::getCACerts() - "
+ + "mNicknameMapCertsTable is null!");
+ throw new EBaseException("mNicknameMapCertsTable is null");
} else {
mNicknameMapCertsTable.clear();
}
- // a temp hashtable with vectors
+ // a temp hashtable with vectors
Hashtable vecTable = new Hashtable();
for (int i = 0; i < certs.length; i++) {
@@ -1411,12 +1407,12 @@ CMS.debug("*** removing this interna cert");
mNicknameMapCertsTable.put(key, a);
}
- Enumeration keys = mNicknameMapCertsTable.keys();
+ Enumeration keys = mNicknameMapCertsTable.keys();
while (keys.hasMoreElements()) {
String nickname = (String) keys.nextElement();
X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
-
+
for (int i = 0; i < value.length; i++) {
InternalCertificate icert = null;
@@ -1426,14 +1422,13 @@ CMS.debug("*** removing this interna cert");
Debug.trace("cert is not an InternalCertificate");
Debug.trace("nickname: " + nickname + " index " + i);
Debug.trace("cert: " + value[i]);
- continue;
+ continue;
}
-
+
int flag = icert.getSSLTrust();
String trust = "U";
- if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) ==
- InternalCertificate.TRUSTED_CLIENT_CA)
+ if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
trust = "T";
X509CertImpl impl = null;
@@ -1450,7 +1445,7 @@ CMS.debug("*** removing this interna cert");
String vvalue = pair.getValue();
pair.setValue(vvalue + ";" + certValue);
- }
+ }
} catch (CertificateException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString()));
// allow it to continue with other certs even if one blows
@@ -1484,8 +1479,8 @@ CMS.debug("*** removing this interna cert");
if (cert instanceof InternalCertificate) {
if (trust.equals("Trust")) {
int trustflag = InternalCertificate.TRUSTED_CA |
- InternalCertificate.TRUSTED_CLIENT_CA |
- InternalCertificate.VALID_CA;
+ InternalCertificate.TRUSTED_CLIENT_CA |
+ InternalCertificate.VALID_CA;
((InternalCertificate) cert).setSSLTrust(trustflag);
} else
@@ -1498,7 +1493,7 @@ CMS.debug("*** removing this interna cert");
}
}
}
- } catch (ParseException e) {
+ } catch (ParseException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
} catch (CertificateException e) {
@@ -1509,12 +1504,13 @@ CMS.debug("*** removing this interna cert");
/**
* Delete the CA certificate from the perm database.
+ *
* @param nickname The nickname of the CA certificate.
* @param notAfterTime The notAfter of the certificate. It is possible to get multiple
- * certificates under the same nickname. If one of the certificates match the notAfterTime,
- * then the certificate will get deleted. The format of the notAfterTime has to be
- * in "MMMMM dd, yyyy HH:mm:ss" format.
- */
+ * certificates under the same nickname. If one of the certificates match the notAfterTime,
+ * then the certificate will get deleted. The format of the notAfterTime has to be
+ * in "MMMMM dd, yyyy HH:mm:ss" format.
+ */
public void deleteCACert(String nickname, String notAfterTime) throws EBaseException {
try {
if (mNicknameMapCertsTable != null) {
@@ -1570,15 +1566,17 @@ CMS.debug("*** removing this interna cert");
/**
* Delete any certificate from the any token.
+ *
* @param nickname The nickname of the certificate.
* @param notAfterTime The notAfter of the certificate. It is possible to get multiple
- * certificates under the same nickname. If one of the certificates match the notAfterTime,
- * then the certificate will get deleted. The format of the notAfterTime has to be
- * in "MMMMM dd, yyyy HH:mm:ss" format.
- */
+ * certificates under the same nickname. If one of the certificates match the notAfterTime,
+ * then the certificate will get deleted. The format of the notAfterTime has to be
+ * in "MMMMM dd, yyyy HH:mm:ss" format.
+ */
public void deleteCert(String nickname, String notAfterTime) throws EBaseException {
boolean isUserCert = false;
- X509Certificate[] certs = null;;
+ X509Certificate[] certs = null;
+ ;
try {
if (mNicknameMapCertsTable != null) {
@@ -1672,15 +1670,15 @@ CMS.debug("*** removing this interna cert");
CryptoStore store = tcert.getOwningToken().getCryptoStore();
tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
- } else
+ } else
throw new EBaseException(CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT"));
int index = nickname.indexOf(":");
-
+
// the deleted certificate is on the hardware token. We should delete the same one from
// the internal token.
if (index > 0) {
- CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken();
+ CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken();
CryptoStore store = cToken.getCryptoStore();
X509Certificate[] allcerts = CryptoManager.getInstance().getCACerts();
@@ -1716,7 +1714,7 @@ CMS.debug("*** removing this interna cert");
} catch (CertificateEncodingException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
- } catch (IOException e) {
+ } catch (IOException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
@@ -1725,7 +1723,7 @@ CMS.debug("*** removing this interna cert");
public String getSubjectDN(String nickname) throws EBaseException {
try {
X509Certificate cert =
- CryptoManager.getInstance().findCertByNickname(nickname);
+ CryptoManager.getInstance().findCertByNickname(nickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
return impl.getSubjectDN().getName();
@@ -1745,14 +1743,14 @@ CMS.debug("*** removing this interna cert");
}
public void setRootCertTrust(String nickname, String serialno,
- String issuerName, String trust) throws EBaseException {
-
+ String issuerName, String trust) throws EBaseException {
+
X509Certificate cert = getCertificate(nickname, serialno, issuerName);
if (cert instanceof InternalCertificate) {
if (trust.equals("trust")) {
int trustflag = InternalCertificate.TRUSTED_CA |
- InternalCertificate.TRUSTED_CLIENT_CA |
- InternalCertificate.VALID_CA;
+ InternalCertificate.TRUSTED_CLIENT_CA |
+ InternalCertificate.VALID_CA;
((InternalCertificate) cert).setSSLTrust(trustflag);
} else {
@@ -1762,31 +1760,31 @@ CMS.debug("*** removing this interna cert");
}
public X509Certificate getCertificate(String nickname, String serialno,
- String issuerName) throws EBaseException {
+ String issuerName) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ CryptoManager.getInstance().findCertsByNickname(nickname);
X509CertImpl impl = null;
- int i=0;
+ int i = 0;
if (certs != null && certs.length > 0) {
for (; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
if (impl.getIssuerDN().toString().equals(issuerName) &&
- impl.getSerialNumber().toString().equals(serialno))
+ impl.getSerialNumber().toString().equals(serialno))
return certs[i];
}
} else {
EBaseException e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw e;
}
} catch (NotInitializedException e) {
@@ -1794,50 +1792,50 @@ CMS.debug("*** removing this interna cert");
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) {
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ } catch (CertificateException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
-
+
return null;
}
public String getRootCertTrustBit(String nickname, String serialno,
- String issuerName) throws EBaseException {
+ String issuerName) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ CryptoManager.getInstance().findCertsByNickname(nickname);
X509CertImpl impl = null;
- int i=0;
+ int i = 0;
if (certs != null && certs.length > 0) {
for (; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
if (impl.getIssuerDN().toString().equals(issuerName) &&
- impl.getSerialNumber().toString().equals(serialno))
+ impl.getSerialNumber().toString().equals(serialno))
break;
}
} else {
EBaseException e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw e;
}
String trust = "U";
if (certs[i] instanceof InternalCertificate) {
- InternalCertificate icert = (InternalCertificate)certs[i];
+ InternalCertificate icert = (InternalCertificate) certs[i];
int flag = icert.getSSLTrust();
- if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) ==
- InternalCertificate.TRUSTED_CLIENT_CA)
+ if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
trust = "T";
- } else
+ } else
trust = "N/A";
return trust;
} catch (NotInitializedException e) {
@@ -1845,36 +1843,37 @@ CMS.debug("*** removing this interna cert");
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) {
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ } catch (CertificateException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
public String getCertPrettyPrint(String nickname, String serialno,
- String issuerName, Locale locale) throws EBaseException {
+ String issuerName, Locale locale) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ CryptoManager.getInstance().findCertsByNickname(nickname);
X509CertImpl impl = null;
if (certs != null && certs.length > 0) {
for (int i = 0; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
if (impl.getIssuerDN().toString().equals(issuerName) &&
- impl.getSerialNumber().toString().equals(serialno))
+ impl.getSerialNumber().toString().equals(serialno))
break;
}
} else {
- EBaseException e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ EBaseException e =
+ new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw e;
}
CertPrettyPrint print = null;
@@ -1899,42 +1898,42 @@ CMS.debug("*** removing this interna cert");
}
public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno,
- String issuerName, Locale locale) throws EBaseException {
+ String issuerName, Locale locale) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ CryptoManager.getInstance().findCertsByNickname(nickname);
X509CertImpl impl = null;
if (certs != null && certs.length > 0) {
for (int i = 0; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
if (impl.getIssuerDN().toString().equals(issuerName) &&
- impl.getSerialNumber().toString().equals(serialno))
+ impl.getSerialNumber().toString().equals(serialno))
break;
}
} else {
- EBaseException e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ EBaseException e =
+ new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw e;
}
CertPrettyPrint print = null;
- String fingerPrint = "";
+ String fingerPrint = "";
if (impl != null) {
print = new CertPrettyPrint(impl);
- fingerPrint = CMS.getFingerPrints(impl.getEncoded());
- }
+ fingerPrint = CMS.getFingerPrints(impl.getEncoded());
+ }
if ((print != null) && (fingerPrint != "")) {
- String pp = print.toString(locale) + "\n" +
- "Certificate Fingerprints:"+ '\n' + fingerPrint;
+ String pp = print.toString(locale) + "\n" +
+ "Certificate Fingerprints:" + '\n' + fingerPrint;
return pp;
} else
return null;
@@ -1953,14 +1952,14 @@ CMS.debug("*** removing this interna cert");
}
}
- public String getCertPrettyPrint(String nickname, String date,
- Locale locale) throws EBaseException {
+ public String getCertPrettyPrint(String nickname, String date,
+ Locale locale) throws EBaseException {
try {
X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ CryptoManager.getInstance().findCertsByNickname(nickname);
if ((certs == null || certs.length == 0) &&
- mNicknameMapCertsTable != null) {
+ mNicknameMapCertsTable != null) {
certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
}
if (certs == null) {
@@ -2005,7 +2004,7 @@ CMS.debug("*** removing this interna cert");
}
public String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException {
- try {
+ try {
try {
byte[] b = KeyCertUtil.convertB64EToByteArray(b64E);
X509CertImpl impl = new X509CertImpl(b);
@@ -2021,7 +2020,7 @@ CMS.debug("*** removing this interna cert");
byte data[] = com.netscape.osutil.OSUtil.AtoB(normalized);
ContentInfo ci = (ContentInfo)
- ASN1Util.decode(ContentInfo.getTemplate(), data);
+ ASN1Util.decode(ContentInfo.getTemplate(), data);
if (!ci.getContentType().equals(ContentInfo.SIGNED_DATA)) {
throw new CertificateException(
@@ -2048,7 +2047,7 @@ CMS.debug("*** removing this interna cert");
}
} catch (InvalidBERException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
"Failed to decode"));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
@@ -2059,8 +2058,8 @@ CMS.debug("*** removing this interna cert");
}
}
- public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey)
- throws EBaseException {
+ public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey)
+ throws EBaseException {
CertificateInfo cert = null;
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
@@ -2082,8 +2081,8 @@ CMS.debug("*** removing this interna cert");
try {
certInfo = cert.getCertInfo();
- SignatureAlgorithm sigAlg =
- (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM);
+ SignatureAlgorithm sigAlg =
+ (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM);
signedCert = KeyCertUtil.signCert(priKey, certInfo, sigAlg);
} catch (NoSuchTokenException e) {
@@ -2110,15 +2109,15 @@ CMS.debug("*** removing this interna cert");
if (certinfo == null)
return false;
else {
- CertificateExtensions exts =
- (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions exts =
+ (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS);
if (exts == null)
return false;
else {
try {
BasicConstraintsExtension ext = (BasicConstraintsExtension)
- exts.get(BasicConstraintsExtension.NAME);
+ exts.get(BasicConstraintsExtension.NAME);
if (ext == null)
return false;
@@ -2150,8 +2149,8 @@ CMS.debug("*** removing this interna cert");
}
}
- public CertificateExtensions getExtensions(String tokenname, String nickname)
- throws EBaseException {
+ public CertificateExtensions getExtensions(String tokenname, String nickname)
+ throws EBaseException {
try {
return KeyCertUtil.getExtensions(tokenname, nickname);
} catch (NotInitializedException e) {
@@ -2185,25 +2184,24 @@ CMS.debug("*** removing this interna cert");
}
public PQGParams getCAPQG(int keysize, IConfigStore store)
- throws EBaseException {
+ throws EBaseException {
return KeyCertUtil.getCAPQG(keysize, store);
}
public CertificateExtensions getCertExtensions(String tokenname, String nickname)
- throws NotInitializedException, TokenException, ObjectNotFoundException,
+ throws NotInitializedException, TokenException, ObjectNotFoundException,
IOException, CertificateException {
return KeyCertUtil.getExtensions(tokenname, nickname);
}
}
-class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser
-{
+class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser {
public JSSDatabaseCloser() throws Exception {
- super();
+ super();
}
public void closeDatabases() {
- super.closeDatabases();
+ super.closeDatabases();
}
}
generated by cgit (git 2.34.1) at 2024-07-01 11:55:24 +0000