summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore/security
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/security')
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java46
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java138
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java1754
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java39
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java562
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java41
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java92
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/PWUtil.java23
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java215
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/Provider.java15
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java36
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/SSLCert.java38
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java38
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java6
14 files changed, 1691 insertions, 1352 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
index 04f442a35..22c939582 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
@@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
-
/**
* CA signing certificate.
*
@@ -43,8 +41,7 @@ import com.netscape.certsrv.security.KeyCertData;
*/
public class CASigningCert extends CertificateInfo {
- public static final String SUBJECT_NAME =
- "CN=Certificate Authority, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME = "CN=Certificate Authority, O=Netscape Communications, C=US";
public CASigningCert(KeyCertData properties) {
this(properties, null);
@@ -52,15 +49,11 @@ public class CASigningCert extends CertificateInfo {
public CASigningCert(KeyCertData properties, KeyPair pair) {
super(properties, pair);
- /* included in console UI
- try {
- if (mProperties.get(Constants.PR_AKI) == null) {
- mProperties.put(Constants.PR_AKI, Constants.FALSE);
- }
- } catch (Exception e) {
- mProperties.put(Constants.PR_AKI, Constants.FALSE);
- }
- */
+ /*
+ * included in console UI try { if (mProperties.get(Constants.PR_AKI) ==
+ * null) { mProperties.put(Constants.PR_AKI, Constants.FALSE); } } catch
+ * (Exception e) { mProperties.put(Constants.PR_AKI, Constants.FALSE); }
+ */
try {
if (mProperties.get(Constants.PR_CERT_LEN) == null) {
mProperties.put(Constants.PR_CERT_LEN, "-1");
@@ -77,15 +70,11 @@ public class CASigningCert extends CertificateInfo {
// "null" mean no BasicConstriant
mProperties.put(Constants.PR_IS_CA, "null");
}
- /* included in console UI
- try {
- if (mProperties.get(Constants.PR_SKI) == null) {
- mProperties.put(Constants.PR_SKI, Constants.FALSE);
- }
- } catch (Exception e) {
- mProperties.put(Constants.PR_SKI, Constants.FALSE);
- }
- */
+ /*
+ * included in console UI try { if (mProperties.get(Constants.PR_SKI) ==
+ * null) { mProperties.put(Constants.PR_SKI, Constants.FALSE); } } catch
+ * (Exception e) { mProperties.put(Constants.PR_SKI, Constants.FALSE); }
+ */
}
public String getSubjectName() {
@@ -107,7 +96,7 @@ public class CASigningCert extends CertificateInfo {
BigInteger P = new BigInteger(p);
BigInteger Q = new BigInteger(q);
BigInteger G = new BigInteger(g);
- BigInteger pqgSeed = new BigInteger(seed);
+ BigInteger pqgSeed = new BigInteger(seed);
BigInteger pqgH = new BigInteger(H);
return new PQGParams(P, Q, G, pqgSeed, counter, pqgH);
@@ -128,20 +117,22 @@ public class CASigningCert extends CertificateInfo {
else if (keyType.equals("RSA"))
alg = "SHA1withRSA";
else
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", keyType));
cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
cmsFileTmp.putString("ca.signing.cacertnickname", nickname);
else
- cmsFileTmp.putString("ca.signing.cacertnickname",
- tokenname + ":" + nickname);
+ cmsFileTmp.putString("ca.signing.cacertnickname", tokenname + ":"
+ + nickname);
cmsFileTmp.commit(false);
}
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties
+ .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -162,4 +153,3 @@ public class CASigningCert extends CertificateInfo {
return extension;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
index dc240dac2..b093fba59 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
@@ -60,7 +59,6 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
-
/**
* This base class provides methods to import CA signing cert or get certificate
* request.
@@ -88,11 +86,12 @@ public abstract class CertificateInfo {
mConfig = (IConfigStore) (mProperties.get("cmsFile"));
}
- protected abstract KeyUsageExtension getKeyUsageExtension() throws IOException;
+ protected abstract KeyUsageExtension getKeyUsageExtension()
+ throws IOException;
public abstract String getSubjectName();
- //public abstract SignatureAlgorithm getSigningAlgorithm();
+ // public abstract SignatureAlgorithm getSigningAlgorithm();
public abstract String getKeyAlgorithm();
public abstract String getNickname();
@@ -102,12 +101,12 @@ public abstract class CertificateInfo {
public CertificateValidity getCertificateValidity() throws EBaseException {
/*
- String period = (String)mProperties.get(Constants.PR_VALIDITY_PERIOD);
- Date notBeforeDate = CMS.getCurrentDate();
- Date notAfterDate = new Date(notBeforeDate.getYear(),
- notBeforeDate.getMonth(),
- notBeforeDate.getDate()+Integer.parseInt(period));
- return new CertificateValidity(notBeforeDate, notAfterDate);
+ * String period =
+ * (String)mProperties.get(Constants.PR_VALIDITY_PERIOD); Date
+ * notBeforeDate = CMS.getCurrentDate(); Date notAfterDate = new
+ * Date(notBeforeDate.getYear(), notBeforeDate.getMonth(),
+ * notBeforeDate.getDate()+Integer.parseInt(period)); return new
+ * CertificateValidity(notBeforeDate, notAfterDate);
*/
Date notBeforeDate = null;
Date notAfterDate = null;
@@ -118,52 +117,41 @@ public abstract class CertificateInfo {
notBeforeDate = new Date(Long.parseLong(notBeforeStr));
notAfterDate = new Date(Long.parseLong(notAfterStr));
} else {
- int beginYear =
- Integer.parseInt(mProperties.getBeginYear()) - 1900;
- int afterYear =
- Integer.parseInt(mProperties.getAfterYear()) - 1900;
- int beginMonth =
- Integer.parseInt(mProperties.getBeginMonth());
- int afterMonth =
- Integer.parseInt(mProperties.getAfterMonth());
- int beginDate =
- Integer.parseInt(mProperties.getBeginDate());
- int afterDate =
- Integer.parseInt(mProperties.getAfterDate());
- int beginHour =
- Integer.parseInt(mProperties.getBeginHour());
- int afterHour =
- Integer.parseInt(mProperties.getAfterHour());
- int beginMin =
- Integer.parseInt(mProperties.getBeginMin());
- int afterMin =
- Integer.parseInt(mProperties.getAfterMin());
- int beginSec =
- Integer.parseInt(mProperties.getBeginSec());
- int afterSec =
- Integer.parseInt(mProperties.getAfterSec());
+ int beginYear = Integer.parseInt(mProperties.getBeginYear()) - 1900;
+ int afterYear = Integer.parseInt(mProperties.getAfterYear()) - 1900;
+ int beginMonth = Integer.parseInt(mProperties.getBeginMonth());
+ int afterMonth = Integer.parseInt(mProperties.getAfterMonth());
+ int beginDate = Integer.parseInt(mProperties.getBeginDate());
+ int afterDate = Integer.parseInt(mProperties.getAfterDate());
+ int beginHour = Integer.parseInt(mProperties.getBeginHour());
+ int afterHour = Integer.parseInt(mProperties.getAfterHour());
+ int beginMin = Integer.parseInt(mProperties.getBeginMin());
+ int afterMin = Integer.parseInt(mProperties.getAfterMin());
+ int beginSec = Integer.parseInt(mProperties.getBeginSec());
+ int afterSec = Integer.parseInt(mProperties.getAfterSec());
Calendar calendar = Calendar.getInstance();
- calendar.set(beginYear, beginMonth, beginDate,
- beginHour, beginMin, beginSec);
+ calendar.set(beginYear, beginMonth, beginDate, beginHour, beginMin,
+ beginSec);
notBeforeDate = calendar.getTime();
- calendar.set(afterYear, afterMonth, afterDate,
- afterHour, afterMin, afterSec);
+ calendar.set(afterYear, afterMonth, afterDate, afterHour, afterMin,
+ afterSec);
notAfterDate = calendar.getTime();
}
return new CertificateValidity(notBeforeDate, notAfterDate);
}
- public X509CertInfo getCertInfo() throws EBaseException, PQGParamGenException {
+ public X509CertInfo getCertInfo() throws EBaseException,
+ PQGParamGenException {
X509CertInfo certInfo = new X509CertInfo();
try {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
BigInteger serialNumber = mProperties.getSerialNumber();
certInfo.set(X509CertInfo.SERIAL_NUMBER,
- new CertificateSerialNumber(serialNumber));
+ new CertificateSerialNumber(serialNumber));
certInfo.set(X509CertInfo.EXTENSIONS, getExtensions());
certInfo.set(X509CertInfo.VALIDITY, getCertificateValidity());
String issuerName = mProperties.getIssuerName();
@@ -172,46 +160,51 @@ public abstract class CertificateInfo {
issuerName = getSubjectName();
}
- certInfo.set(X509CertInfo.ISSUER,
- new CertificateIssuerName(new X500Name(issuerName)));
- certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(new X500Name(getSubjectName())));
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(
+ new X500Name(issuerName)));
+ certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ new X500Name(getSubjectName())));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
PublicKey pubk = mKeyPair.getPublic();
X509Key xKey = KeyCertUtil.convertPublicKeyToX509Key(pubk);
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(xKey));
- //SignatureAlgorithm algm = getSigningAlgorithm();
- SignatureAlgorithm algm =
- (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+ // SignatureAlgorithm algm = getSigningAlgorithm();
+ SignatureAlgorithm algm = (SignatureAlgorithm) mProperties
+ .get(Constants.PR_SIGNATURE_ALGORITHM);
if (algm == null) {
- String hashtype = (String) mProperties.get(ConfigConstants.PR_HASH_TYPE);
+ String hashtype = (String) mProperties
+ .get(ConfigConstants.PR_HASH_TYPE);
- algm = KeyCertUtil.getSigningAlgorithm(getKeyAlgorithm(), hashtype);
+ algm = KeyCertUtil.getSigningAlgorithm(getKeyAlgorithm(),
+ hashtype);
mProperties.put(Constants.PR_SIGNATURE_ALGORITHM, algm);
}
AlgorithmId sigAlgId = getAlgorithmId();
if (sigAlgId == null) {
- byte[]encodedOID = ASN1Util.encode(algm.toOID());
+ byte[] encodedOID = ASN1Util.encode(algm.toOID());
sigAlgId = new AlgorithmId(new ObjectIdentifier(
- new DerInputStream(encodedOID)));
+ new DerInputStream(encodedOID)));
}
- certInfo.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(sigAlgId));
+ certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(
+ sigAlgId));
} catch (InvalidKeyException e) {
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY"));
- } catch (CertificateException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
+ } catch (CertificateException e) {
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_CERT", e.toString()));
} catch (IOException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_CERT", e.toString()));
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", ""));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", ""));
}
return certInfo;
@@ -225,7 +218,7 @@ public abstract class CertificateInfo {
KeyCertUtil.setDERExtension(exts, mProperties);
KeyCertUtil.setBasicConstraintsExtension(exts, mProperties);
KeyCertUtil.setSubjectKeyIdentifier(mKeyPair, exts, mProperties);
- //KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties);
+ // KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties);
KeyCertUtil.setAuthInfoAccess(mKeyPair, exts, mProperties);
KeyCertUtil.setOCSPNoCheck(mKeyPair, exts, mProperties);
KeyPair caKeyPair = (KeyPair) mProperties.get(Constants.PR_CA_KEYPAIR);
@@ -245,8 +238,7 @@ public abstract class CertificateInfo {
boolean isKeyUsageEnabled = mProperties.getKeyUsageExtension();
if (isKeyUsageEnabled) {
- KeyCertUtil.setKeyUsageExtension(
- exts, getKeyUsageExtension());
+ KeyCertUtil.setKeyUsageExtension(exts, getKeyUsageExtension());
}
return exts;
}
@@ -255,27 +247,27 @@ public abstract class CertificateInfo {
return (AlgorithmId) (mProperties.get(Constants.PR_ALGORITHM_ID));
}
- public void setAuthorityKeyIdExt(CertificateExtensions caexts, CertificateExtensions ext)
- throws IOException, CertificateException, CertificateEncodingException,
+ public void setAuthorityKeyIdExt(CertificateExtensions caexts,
+ CertificateExtensions ext) throws IOException,
+ CertificateException, CertificateEncodingException,
CertificateParsingException {
SubjectKeyIdentifierExtension subjKeyExt = null;
try {
- subjKeyExt =
- (SubjectKeyIdentifierExtension) caexts.get(SubjectKeyIdentifierExtension.NAME);
+ subjKeyExt = (SubjectKeyIdentifierExtension) caexts
+ .get(SubjectKeyIdentifierExtension.NAME);
} catch (IOException e) {
}
if (subjKeyExt == null)
return;
else {
- KeyIdentifier keyId = (KeyIdentifier) subjKeyExt.get(
- SubjectKeyIdentifierExtension.KEY_ID);
- AuthorityKeyIdentifierExtension authExt =
- new AuthorityKeyIdentifierExtension(false, keyId, null, null);
+ KeyIdentifier keyId = (KeyIdentifier) subjKeyExt
+ .get(SubjectKeyIdentifierExtension.KEY_ID);
+ AuthorityKeyIdentifierExtension authExt = new AuthorityKeyIdentifierExtension(
+ false, keyId, null, null);
ext.set(AuthorityKeyIdentifierExtension.NAME, authExt);
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
index d0df7d1a9..976b8e7ec 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
@@ -101,10 +100,10 @@ import com.netscape.cmscore.cert.CertUtils;
import com.netscape.cmscore.util.Debug;
import com.netscape.cmsutil.crypto.CryptoUtil;
-
/**
* Subsystem for initializing JSS>
* <P>
+ *
* @version $Revision$ $Date$
*/
public final class JssSubsystem implements ICryptoSubsystem {
@@ -131,13 +130,15 @@ public final class JssSubsystem implements ICryptoSubsystem {
private Hashtable mNicknameMapCertsTable = new Hashtable();
private Hashtable mNicknameMapUserCertsTable = new Hashtable();
- private FileInputStream devRandomInputStream=null;
+ private FileInputStream devRandomInputStream = null;
- // This date format is to format the date string of the certificate in such a way as
+ // This date format is to format the date string of the certificate in such
+ // a way as
// May 01, 1999 01:55:55.
- private static SimpleDateFormat mFormatter = new SimpleDateFormat("MMMMM dd, yyyy HH:mm:ss");
+ private static SimpleDateFormat mFormatter = new SimpleDateFormat(
+ "MMMMM dd, yyyy HH:mm:ss");
- // SSL related variables.
+ // SSL related variables.
private IConfigStore mSSLConfig = null;
@@ -147,20 +148,20 @@ public final class JssSubsystem implements ICryptoSubsystem {
private static Hashtable mCipherNames = new Hashtable();
- /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config.*/
- private static final String DEFAULT_CIPHERPREF =
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +
- "TLS_RSA_WITH_AES_128_CBC_SHA," +
- "TLS_RSA_WITH_AES_256_CBC_SHA," +
- "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +
- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +
-// "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
-// "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
-// "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
- "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +
- "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +
- "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +
- "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+ /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config. */
+ private static final String DEFAULT_CIPHERPREF = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,"
+ + "TLS_RSA_WITH_AES_128_CBC_SHA,"
+ + "TLS_RSA_WITH_AES_256_CBC_SHA,"
+ + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,"
+ + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,"
+ +
+ // "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
+ // "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
+ // "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
+ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA,"
+ + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA,"
+ + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA,"
+ + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
/* list of all ciphers JSS supports */
private static final int mJSSCipherSuites[] = {
@@ -178,50 +179,51 @@ public final class JssSubsystem implements ICryptoSubsystem {
SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,
SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
- };
+ SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, };
static {
/* set ssl cipher string names. */
- /* disallowing SSL2 ciphers to be turned on
- mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5,
- Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5));
- mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5,
- Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5));
- mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5,
- Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5));
- mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,
- Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5));
- mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5,
- Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5));
- mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5,
- Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5));
- */
+ /*
+ * disallowing SSL2 ciphers to be turned on
+ * mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5,
+ * Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5));
+ * mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5,
+ * Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5));
+ * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5,
+ * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5));
+ * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,
+ * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5));
+ * mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5,
+ * Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5));
+ * mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5,
+ * Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5));
+ */
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_RC4_128_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_DES_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
- mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
+ mCipherNames
+ .put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
+ Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,
- Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
+ Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
- Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
+ Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
+ Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
}
public static JssSubsystem getInstance() {
@@ -239,44 +241,43 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
public void setId(String id) throws EBaseException {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
-
- }
-
- // Add entropy to the 'default' RNG token
- public void addEntropy(int bits)
- throws org.mozilla.jss.util.NotImplementedException,
- IOException,
- TokenException
- {
- int read=0;
- int bytes = (7+bits)/8;
- byte[] b = new byte[bytes];
- if (devRandomInputStream == null) {
- throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
- }
- do {
- int c = devRandomInputStream.read(b,read,bytes-read);
- read += c;
- }
- while (read < bytes);
-
- CMS.debug("JssSubsystem adding "+bits+" bits ("+bytes+" bytes) of entropy to default RNG token");
- CMS.debug(b);
- PK11SecureRandom sr = new PK11SecureRandom();
- sr.setSeed(b);
- }
-
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
+
+ }
+
+ // Add entropy to the 'default' RNG token
+ public void addEntropy(int bits)
+ throws org.mozilla.jss.util.NotImplementedException, IOException,
+ TokenException {
+ int read = 0;
+ int bytes = (7 + bits) / 8;
+ byte[] b = new byte[bytes];
+ if (devRandomInputStream == null) {
+ throw new IOException(
+ CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
+ }
+ do {
+ int c = devRandomInputStream.read(b, read, bytes - read);
+ read += c;
+ } while (read < bytes);
+
+ CMS.debug("JssSubsystem adding " + bits + " bits (" + bytes
+ + " bytes) of entropy to default RNG token");
+ CMS.debug(b);
+ PK11SecureRandom sr = new PK11SecureRandom();
+ sr.setSeed(b);
+ }
+
/**
- * Initializes the Jss security subsystem.
+ * Initializes the Jss security subsystem.
* <P>
*/
- public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem owner, IConfigStore config)
+ throws EBaseException {
mLogger = CMS.getLogger();
-
- if (mInited)
- {
+
+ if (mInited) {
// This used to throw an exeception (e.g. - on Solaris).
// If JSS is already initialized simply return.
CMS.debug("JssSubsystem already inited.. returning.");
@@ -309,10 +310,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
String certDir;
certDir = config.getString(CONFIG_DIR, null);
-
- CryptoManager.InitializationValues vals =
- new CryptoManager.InitializationValues(certDir,
- "", "", "secmod.db");
+
+ CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
+ certDir, "", "", "secmod.db");
vals.removeSunProvider = false;
vals.installJSSProvider = true;
@@ -321,11 +321,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
} catch (AlreadyInitializedException e) {
// do nothing
} catch (Exception e) {
- String[] params = {mId, e.toString()};
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = { mId, e.toString() };
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
+ ex.toString()));
throw ex;
}
@@ -333,19 +335,21 @@ public final class JssSubsystem implements ICryptoSubsystem {
mCryptoManager = CryptoManager.getInstance();
initSSL();
} catch (CryptoManager.NotInitializedException e) {
- String[] params = {mId, e.toString()};
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = { mId, e.toString() };
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
+ ex.toString()));
throw ex;
}
-
+
mInited = true;
}
public String getCipherVersion() throws EBaseException {
- return "cipherdomestic";
+ return "cipherdomestic";
}
public String getCipherPreferences() throws EBaseException {
@@ -363,36 +367,36 @@ public final class JssSubsystem implements ICryptoSubsystem {
public String getECType(String certType) throws EBaseException {
if (mSSLConfig != null) {
// for SSL server, check the value of jss.ssl.sslserver.ectype
- return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE, "ECDHE");
+ return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE,
+ "ECDHE");
} else {
return "ECDHE";
}
}
public String isCipherFortezza() throws EBaseException {
- // we always display fortezza suites.
- // too much work to display tokens/certs corresponding to the
- // suites.
+ // we always display fortezza suites.
+ // too much work to display tokens/certs corresponding to the
+ // suites.
return "true";
}
void installProvider() {
int position = java.security.Security.insertProviderAt(
- new com.netscape.cmscore.security.Provider(),
- 1);
+ new com.netscape.cmscore.security.Provider(), 1);
if (position == -1) {
Debug.trace("Unable to install CMS provider");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
}
}
- public void setCipherPreferences(String cipherPrefs)
- throws EBaseException {
+ public void setCipherPreferences(String cipherPrefs) throws EBaseException {
if (mSSLConfig != null) {
if (cipherPrefs.equals(""))
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS"));
mSSLConfig.putString(Constants.PR_CIPHER_PREF, cipherPrefs);
}
}
@@ -402,7 +406,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
*
*/
private void initSSL() throws EBaseException {
- // JSS will AND what is set and what is allowed by export policy
+ // JSS will AND what is set and what is allowed by export policy
// so we can set what is requested.
try {
@@ -418,11 +422,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (Debug.ON)
Debug.trace("configured ssl cipher prefs is " + sslCiphers);
- // first, disable all ciphers, since JSS defaults to all-enabled
+ // first, disable all ciphers, since JSS defaults to all-enabled
for (int i = mJSSCipherSuites.length - 1; i >= 0; i--) {
try {
- SSLSocket.setCipherPreferenceDefault(mJSSCipherSuites[i],
- false);
+ SSLSocket
+ .setCipherPreferenceDefault(mJSSCipherSuites[i], false);
} catch (SocketException e) {
}
}
@@ -433,9 +437,10 @@ public final class JssSubsystem implements ICryptoSubsystem {
StringTokenizer ciphers = new StringTokenizer(sslCiphers, ",");
if (!ciphers.hasMoreTokens()) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF));
}
while (ciphers.hasMoreTokens()) {
String cipher = ciphers.nextToken();
@@ -444,13 +449,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (sslcipher != null) {
String msg = "setting ssl cipher " + cipher;
- CMS.debug("JSSSubsystem: initSSL(): "+msg);
+ CMS.debug("JSSSubsystem: initSSL(): " + msg);
log(ILogger.LL_INFO, msg);
if (Debug.ON)
Debug.trace(msg);
try {
SSLSocket.setCipherPreferenceDefault(
- sslcipher.intValue(), true);
+ sslcipher.intValue(), true);
} catch (SocketException e) {
}
}
@@ -458,7 +463,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
-
+
/**
* Retrieves a configuration store of this subsystem.
* <P>
@@ -472,26 +477,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
*/
public void startup() throws EBaseException {
}
-
+
/**
* Shutdowns this subsystem.
* <P>
*/
public void shutdown() {
try {
- // After talking to NSS teamm, we should not call close databases
- // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
- boolean isClosing = mConfig.getBoolean("closeDatabases", false);
- if (isClosing) {
- JSSDatabaseCloser closer = new JSSDatabaseCloser();
- closer.closeDatabases();
- }
+ // After talking to NSS teamm, we should not call close databases
+ // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
+ boolean isClosing = mConfig.getBoolean("closeDatabases", false);
+ if (isClosing) {
+ JSSDatabaseCloser closer = new JSSDatabaseCloser();
+ closer.closeDatabases();
+ }
} catch (Exception e) {
}
}
public void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg);
}
public PasswordCallback getPWCB() {
@@ -505,11 +510,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
try {
name = c.getName();
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = { mId, e.toString() };
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
+ ex.toString()));
throw ex;
}
@@ -526,26 +533,29 @@ public final class JssSubsystem implements ICryptoSubsystem {
CryptoToken c = (CryptoToken) tokens.nextElement();
// skip builtin object token
- if (c.getName() != null && c.getName().equals("Builtin Object Token")) {
+ if (c.getName() != null
+ && c.getName().equals("Builtin Object Token")) {
continue;
}
if (num++ == 0)
- tokenList = tokenList + c.getName();
- else
+ tokenList = tokenList + c.getName();
+ else
tokenList = tokenList + "," + c.getName();
}
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = { mId, e.toString() };
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
+ ex.toString()));
throw ex;
}
- if (tokenList.equals(""))
- return Constants.PR_INTERNAL_TOKEN;
+ if (tokenList.equals(""))
+ return Constants.PR_INTERNAL_TOKEN;
else
return (tokenList + "," + Constants.PR_INTERNAL_TOKEN);
}
@@ -558,48 +568,74 @@ public final class JssSubsystem implements ICryptoSubsystem {
return ctoken.isLoggedIn();
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
+ e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
}
}
- public void loggedInToken(String tokenName, String pwd) throws EBaseException {
+ public void loggedInToken(String tokenName, String pwd)
+ throws EBaseException {
try {
CryptoToken ctoken = mCryptoManager.getTokenByName(tokenName);
Password clk = new Password(pwd.toCharArray());
ctoken.login(clk);
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
+ e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (IncorrectPasswordException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_LOGIN_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_LOGIN_FAILED"));
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
}
}
- public String getCertSubjectName(String tokenname, String nickname)
- throws EBaseException {
+ public String getCertSubjectName(String tokenname, String nickname)
+ throws EBaseException {
try {
return KeyCertUtil.getCertSubjectName(tokenname, nickname);
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ ""));
}
}
@@ -624,18 +660,21 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = { mId, e.toString() };
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
+ ex.toString()));
throw ex;
}
return certNames;
}
- public String getCertListWithoutTokenName(String name) throws EBaseException {
+ public String getCertListWithoutTokenName(String name)
+ throws EBaseException {
CryptoToken c = null;
String certNames = "";
@@ -653,7 +692,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (list == null)
return "";
-
+
for (int i = 0; i < list.length; i++) {
String nickname = list[i].getNickname();
int index = nickname.indexOf(":");
@@ -670,18 +709,22 @@ public final class JssSubsystem implements ICryptoSubsystem {
return "";
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = { mId, e.toString() };
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
+ ex.toString()));
throw ex;
} catch (NoSuchTokenException e) {
- String[] params = {mId, e.toString()};
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = { mId, e.toString() };
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
+ ex.toString()));
throw ex;
}
}
@@ -704,7 +747,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (list == null)
return "";
-
+
for (int i = 0; i < list.length; i++) {
String nickname = list[i].getNickname();
@@ -718,24 +761,28 @@ public final class JssSubsystem implements ICryptoSubsystem {
return "";
} catch (TokenException e) {
- String[] params = {mId, e.toString()};
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = { mId, e.toString() };
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
+ ex.toString()));
throw ex;
} catch (NoSuchTokenException e) {
- String[] params = {mId, e.toString()};
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = { mId, e.toString() };
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
+ ex.toString()));
throw ex;
}
}
- public AlgorithmId getAlgorithmId(String algname, IConfigStore store)
- throws EBaseException {
+ public AlgorithmId getAlgorithmId(String algname, IConfigStore store)
+ throws EBaseException {
try {
if (algname.equals("DSA")) {
byte[] p = store.getByteArray("ca.dsaP", null);
@@ -752,60 +799,72 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
return AlgorithmId.getAlgorithmId(algname);
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", ""));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", ""));
}
}
public String getSignatureAlgorithm(String nickname) throws EBaseException {
try {
- X509Certificate cert =
- CryptoManager.getInstance().findCertByNickname(nickname);
+ X509Certificate cert = CryptoManager.getInstance()
+ .findCertByNickname(nickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
return impl.getSigAlgName();
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
- }
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ ""));
+ }
}
public KeyPair getKeyPair(String nickname) throws EBaseException {
try {
- X509Certificate cert =
- CryptoManager.getInstance().findCertByNickname(nickname);
- PrivateKey priKey =
- CryptoManager.getInstance().findPrivKeyByCert(cert);
+ X509Certificate cert = CryptoManager.getInstance()
+ .findCertByNickname(nickname);
+ PrivateKey priKey = CryptoManager.getInstance().findPrivKeyByCert(
+ cert);
PublicKey publicKey = cert.getPublicKey();
return new KeyPair(publicKey, priKey);
} catch (NotInitializedException e) {
log(ILogger.LL_FAILURE, "Key Pair Error " + e);
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (ObjectNotFoundException e) {
log(ILogger.LL_FAILURE, "Key Pair Error " + e);
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (TokenException e) {
log(ILogger.LL_FAILURE, "Key Pair Error " + e);
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
}
}
- public KeyPair getKeyPair(String tokenName, String alg,
- int keySize) throws EBaseException {
+ public KeyPair getKeyPair(String tokenName, String alg, int keySize)
+ throws EBaseException {
return getKeyPair(tokenName, alg, keySize, null);
}
- public KeyPair getKeyPair(String tokenName, String alg,
- int keySize, PQGParams pqg) throws EBaseException {
+ public KeyPair getKeyPair(String tokenName, String alg, int keySize,
+ PQGParams pqg) throws EBaseException {
String t = tokenName;
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN))
@@ -813,12 +872,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
CryptoToken token = null;
try {
- token = mCryptoManager.getTokenByName(t);
+ token = mCryptoManager.getTokenByName(t);
} catch (NoSuchTokenException e) {
log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e);
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", tokenName));
}
-
+
KeyPairAlgorithm kpAlg = null;
if (alg.equals("RSA"))
@@ -828,26 +888,35 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
try {
- KeyPair kp = KeyCertUtil.generateKeyPair(token, kpAlg, keySize, pqg);
+ KeyPair kp = KeyCertUtil
+ .generateKeyPair(token, kpAlg, keySize, pqg);
return kp;
} catch (InvalidParameterException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEYSIZE_PARAMS",
- "" + keySize));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_KEYSIZE_PARAMS", "" + keySize));
} catch (PQGParamGenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED",
- kpAlg.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", kpAlg.toString()));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED"));
} catch (InvalidAlgorithmParameterException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "DSA"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", "DSA"));
}
}
@@ -855,69 +924,108 @@ public final class JssSubsystem implements ICryptoSubsystem {
try {
X500Name name = new X500Name(dn);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_X500_NAME", dn));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_X500_NAME", dn));
}
}
- public String getCertRequest(String subjectName, KeyPair kp)
- throws EBaseException {
+ public String getCertRequest(String subjectName, KeyPair kp)
+ throws EBaseException {
try {
- netscape.security.pkcs.PKCS10 pkcs =
- KeyCertUtil.getCertRequest(subjectName, kp);
+ netscape.security.pkcs.PKCS10 pkcs = KeyCertUtil.getCertRequest(
+ subjectName, kp);
ByteArrayOutputStream bs = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(bs);
pkcs.print(ps);
return bs.toString();
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", ""));
} catch (NoSuchProviderException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED"));
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
+ e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_CERT", e.toString()));
} catch (SignatureException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE"));
}
}
- public void importCert(String b64E, String nickname, String certType)
- throws EBaseException {
+ public void importCert(String b64E, String nickname, String certType)
+ throws EBaseException {
try {
KeyCertUtil.importCert(b64E, nickname, certType);
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
String eString = e.toString();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- if (eString.contains("Failed to find certificate that was just imported")) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ if (eString
+ .contains("Failed to find certificate that was just imported")) {
throw new EBaseException(eString);
} else {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
}
} catch (UserCertConflictException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT"));
} catch (NicknameConflictException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT"));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
}
}
@@ -928,8 +1036,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) &&
- (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
tokenname = tmp;
tmp = (String) properties.get(Constants.PR_KEY_TYPE);
if (tmp != null)
@@ -951,9 +1058,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
KeyPair pair = null;
String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
- if (tmp != null)
+ if (tmp != null)
token = tmp;
-
+
tmp = (String) properties.get(Constants.PR_KEY_CURVENAME);
if (tmp != null)
keyCurve = tmp;
@@ -964,77 +1071,110 @@ public final class JssSubsystem implements ICryptoSubsystem {
return pair;
}
-
- public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException {
+
+ public KeyPair getECCKeyPair(String token, String keyCurve, String certType)
+ throws EBaseException {
KeyPair pair = null;
if ((token == null) || (token.equals("")))
token = Constants.PR_INTERNAL_TOKEN_NAME;
if ((keyCurve == null) || (keyCurve.equals("")))
- keyCurve = "nistp512";
+ keyCurve = "nistp512";
String ectype = getECType(certType);
// ECDHE needs "SIGN" but no "DERIVE"
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
- };
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE };
// ECDH needs "DERIVE" but no any kind of "SIGN"
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
- };
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, };
try {
- if (ectype.equals("ECDHE"))
- pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask);
+ if (ectype.equals("ECDHE"))
+ pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null,
+ usages_mask);
else
- pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask);
+ pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null,
+ ECDH_usages_mask);
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_NO_SUCH_ALGORITHM", e.toString()));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
}
return pair;
- }
+ }
public void importCert(X509CertImpl signedCert, String nickname,
- String certType) throws EBaseException {
+ String certType) throws EBaseException {
try {
KeyCertUtil.importCert(signedCert, nickname, certType);
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED"));
} catch (UserCertConflictException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT"));
} catch (NicknameConflictException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT"));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED"));
}
}
@@ -1044,70 +1184,94 @@ public final class JssSubsystem implements ICryptoSubsystem {
X509CertImpl impl = new X509CertImpl(b);
NameValuePairs results = new NameValuePairs();
- results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN().getName());
+ results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN()
+ .getName());
results.add(Constants.PR_ISSUER_NAME, impl.getIssuerDN().getName());
- results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber().toString());
- results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore().toString());
- results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter().toString());
+ results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber()
+ .toString());
+ results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore()
+ .toString());
+ results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter()
+ .toString());
// fingerprint is using MD5 hash
return results;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
}
}
- public void deleteUserCert(String nickname, String serialno, String issuername)
- throws EBaseException {
+ public void deleteUserCert(String nickname, String serialno,
+ String issuername) throws EBaseException {
try {
- X509Certificate cert = getCertificate(nickname, serialno, issuername);
+ X509Certificate cert = getCertificate(nickname, serialno,
+ issuername);
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
CryptoStore store = tcert.getOwningToken().getCryptoStore();
-CMS.debug("*** deleting this token cert");
+ CMS.debug("*** deleting this token cert");
tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
-CMS.debug("*** finish deleting this token cert");
+ CMS.debug("*** finish deleting this token cert");
} else {
- CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
- CryptoStore store = token.getCryptoStore();
+ CryptoToken token = CryptoManager.getInstance()
+ .getInternalKeyStorageToken();
+ CryptoStore store = token.getCryptoStore();
-CMS.debug("*** deleting this interna cert");
- store.deleteCert(cert);
-CMS.debug("*** removing this interna cert");
+ CMS.debug("*** deleting this interna cert");
+ store.deleteCert(cert);
+ CMS.debug("*** removing this interna cert");
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
}
}
- public void deleteRootCert(String nickname, String serialno,
- String issuername) throws EBaseException {
+ public void deleteRootCert(String nickname, String serialno,
+ String issuername) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
if (mNicknameMapCertsTable != null) {
- X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
+ X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable
+ .get(nickname);
if (certs == null) {
- EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString()));
throw e;
} else {
for (int i = 0; i < certs.length; i++) {
@@ -1115,24 +1279,27 @@ CMS.debug("*** removing this interna cert");
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
String num = impl.getSerialNumber().toString();
String issuer = impl.getIssuerDN().toString();
-CMS.debug("*** num "+num);
-CMS.debug("*** issuer "+issuer);
+ CMS.debug("*** num " + num);
+ CMS.debug("*** issuer " + issuer);
if (num.equals(serialno) && issuername.equals(issuer)) {
-CMS.debug("*** removing root cert");
+ CMS.debug("*** removing root cert");
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
- CryptoStore store = tcert.getOwningToken().getCryptoStore();
-
-CMS.debug("*** deleting this token cert");
- tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
-CMS.debug("*** finish deleting this token cert");
+ CryptoStore store = tcert.getOwningToken()
+ .getCryptoStore();
+
+ CMS.debug("*** deleting this token cert");
+ tcert.getOwningToken().getCryptoStore()
+ .deleteCert(tcert);
+ CMS.debug("*** finish deleting this token cert");
} else {
- CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
+ CryptoToken token = CryptoManager.getInstance()
+ .getInternalKeyStorageToken();
CryptoStore store = token.getCryptoStore();
-
-CMS.debug("*** deleting this interna cert");
+
+ CMS.debug("*** deleting this interna cert");
store.deleteCert(cert);
-CMS.debug("*** removing this interna cert");
+ CMS.debug("*** removing this interna cert");
}
mNicknameMapCertsTable.remove(nickname);
break;
@@ -1142,17 +1309,29 @@ CMS.debug("*** removing this interna cert");
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
}
@@ -1175,14 +1354,15 @@ CMS.debug("*** removing this interna cert");
for (int i = 0; i < list.length; i++) {
try {
- PrivateKey key =
- CryptoManager.getInstance().findPrivKeyByCert(list[i]);
+ PrivateKey key = CryptoManager.getInstance()
+ .findPrivKeyByCert(list[i]);
Debug.trace("JssSubsystem getRootCerts: find private key "
- +list[i].getNickname());
+ + list[i].getNickname());
} catch (ObjectNotFoundException e) {
String nickname = list[i].getNickname();
- if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
+ if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
+ nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":"
+ + nickname;
}
X509CertImpl impl = null;
@@ -1203,14 +1383,15 @@ CMS.debug("*** removing this interna cert");
}
String serialno = impl.getSerialNumber().toString();
String issuer = impl.getIssuerDN().toString();
- nvps.add(nickname+","+serialno, issuer);
- Debug.trace("getRootCerts: nickname="+nickname+", serialno="+
- serialno+", issuer="+issuer);
+ nvps.add(nickname + "," + serialno, issuer);
+ Debug.trace("getRootCerts: nickname=" + nickname
+ + ", serialno=" + serialno + ", issuer="
+ + issuer);
continue;
} catch (CryptoManager.NotInitializedException e) {
continue;
}
- }
+ }
// convert hashtable of vectors to hashtable of arrays
Enumeration elms = vecTable.keys();
@@ -1224,8 +1405,11 @@ CMS.debug("*** removing this interna cert");
}
}
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ ""));
}
return nvps;
@@ -1246,16 +1430,18 @@ CMS.debug("*** removing this interna cert");
for (int i = 0; i < list.length; i++) {
try {
- PrivateKey key =
- CryptoManager.getInstance().findPrivKeyByCert(list[i]);
+ PrivateKey key = CryptoManager.getInstance()
+ .findPrivKeyByCert(list[i]);
String nickname = list[i].getNickname();
- if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) ||
- tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
- nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
+ if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)
+ || tokenName
+ .equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
+ nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":"
+ + nickname;
}
X509CertImpl impl = null;
- try {
+ try {
impl = new X509CertImpl(list[i].getEncoded());
} catch (CertificateException e) {
// skip bad certificate
@@ -1264,21 +1450,25 @@ CMS.debug("*** removing this interna cert");
}
String serialno = impl.getSerialNumber().toString();
String issuer = impl.getIssuerDN().toString();
- nvps.add(nickname+","+serialno, issuer);
- Debug.trace("getUserCerts: nickname="+nickname+", serialno="+
- serialno+", issuer="+issuer);
+ nvps.add(nickname + "," + serialno, issuer);
+ Debug.trace("getUserCerts: nickname=" + nickname
+ + ", serialno=" + serialno + ", issuer="
+ + issuer);
} catch (ObjectNotFoundException e) {
Debug.trace("JssSubsystem getUserCerts: cant find private key "
- +list[i].getNickname());
+ + list[i].getNickname());
continue;
} catch (CryptoManager.NotInitializedException e) {
continue;
}
- }
+ }
}
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ ""));
}
return nvps;
@@ -1291,8 +1481,8 @@ CMS.debug("*** removing this interna cert");
public NameValuePairs getAllCertsManage() throws EBaseException {
/*
- * first get all CA certs (internal only),
- * then all user certs (both internal and external)
+ * first get all CA certs (internal only), then all user certs (both
+ * internal and external)
*/
NameValuePairs pairs = getCACerts();
@@ -1312,14 +1502,14 @@ CMS.debug("*** removing this interna cert");
for (int i = 0; i < list.length; i++) {
String nickname = list[i].getNickname();
- X509Certificate[] certificates =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ X509Certificate[] certificates = CryptoManager
+ .getInstance().findCertsByNickname(nickname);
mNicknameMapUserCertsTable.put(nickname, certificates);
X509CertImpl impl = null;
- try {
+ try {
impl = new X509CertImpl(list[i].getEncoded());
} catch (CertificateException e) {
// skip bad certificate
@@ -1330,7 +1520,7 @@ CMS.debug("*** removing this interna cert");
String dateStr = mFormatter.format(date);
NameValuePair pair = pairs.getPair(nickname);
- /* always user cert here*/
+ /* always user cert here */
String certValue = dateStr + "," + "u";
if (pair == null)
@@ -1341,19 +1531,27 @@ CMS.debug("*** removing this interna cert");
if (vvalue.endsWith(",u")) {
pair.setValue(vvalue + ";" + certValue);
}
- }
+ }
}
} /* while */
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
// } catch (CertificateException e) {
- // log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
- // throw new EBaseException(BaseResources.CERT_ERROR);
+ // log(ILogger.LL_FAILURE,
+ // CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
+ // e.toString()));
+ // throw new EBaseException(BaseResources.CERT_ERROR);
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ ""));
}
return pairs;
@@ -1362,26 +1560,28 @@ CMS.debug("*** removing this interna cert");
public NameValuePairs getCACerts() throws EBaseException {
NameValuePairs pairs = new NameValuePairs();
- //InternalCertificate[] certs;
+ // InternalCertificate[] certs;
X509Certificate[] certs;
try {
- certs =
- CryptoManager.getInstance().getCACerts();
+ certs = CryptoManager.getInstance().getCACerts();
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
}
- if( mNicknameMapCertsTable == null ) {
- CMS.debug( "JssSubsystem::getCACerts() - "
- + "mNicknameMapCertsTable is null!" );
- throw new EBaseException( "mNicknameMapCertsTable is null" );
+ if (mNicknameMapCertsTable == null) {
+ CMS.debug("JssSubsystem::getCACerts() - "
+ + "mNicknameMapCertsTable is null!");
+ throw new EBaseException("mNicknameMapCertsTable is null");
} else {
mNicknameMapCertsTable.clear();
}
- // a temp hashtable with vectors
+ // a temp hashtable with vectors
Hashtable vecTable = new Hashtable();
for (int i = 0; i < certs.length; i++) {
@@ -1411,12 +1611,13 @@ CMS.debug("*** removing this interna cert");
mNicknameMapCertsTable.put(key, a);
}
- Enumeration keys = mNicknameMapCertsTable.keys();
+ Enumeration keys = mNicknameMapCertsTable.keys();
while (keys.hasMoreElements()) {
String nickname = (String) keys.nextElement();
- X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
-
+ X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable
+ .get(nickname);
+
for (int i = 0; i < value.length; i++) {
InternalCertificate icert = null;
@@ -1426,14 +1627,13 @@ CMS.debug("*** removing this interna cert");
Debug.trace("cert is not an InternalCertificate");
Debug.trace("nickname: " + nickname + " index " + i);
Debug.trace("cert: " + value[i]);
- continue;
+ continue;
}
-
+
int flag = icert.getSSLTrust();
String trust = "U";
- if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) ==
- InternalCertificate.TRUSTED_CLIENT_CA)
+ if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
trust = "T";
X509CertImpl impl = null;
@@ -1450,96 +1650,122 @@ CMS.debug("*** removing this interna cert");
String vvalue = pair.getValue();
pair.setValue(vvalue + ";" + certValue);
- }
+ }
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname,
+ e.toString()));
// allow it to continue with other certs even if one blows
// up
- // throw new EBaseException(BaseResources.CERT_ERROR);
+ // throw new EBaseException(BaseResources.CERT_ERROR);
}
}
}
return pairs;
}
- public void trustCert(String nickname, String date, String trust) throws
- EBaseException {
+ public void trustCert(String nickname, String date, String trust)
+ throws EBaseException {
try {
if (mNicknameMapCertsTable != null) {
- X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
+ X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable
+ .get(nickname);
if (certs == null) {
- EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT",
+ e.toString()));
throw e;
} else {
for (int i = 0; i < certs.length; i++) {
X509Certificate cert = certs[i];
- X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
+ X509CertImpl certImpl = new X509CertImpl(
+ cert.getEncoded());
Date notAfter = certImpl.getNotAfter();
Date qualifier = mFormatter.parse(date);
if (notAfter.equals(qualifier)) {
if (cert instanceof InternalCertificate) {
if (trust.equals("Trust")) {
- int trustflag = InternalCertificate.TRUSTED_CA |
- InternalCertificate.TRUSTED_CLIENT_CA |
- InternalCertificate.VALID_CA;
+ int trustflag = InternalCertificate.TRUSTED_CA
+ | InternalCertificate.TRUSTED_CLIENT_CA
+ | InternalCertificate.VALID_CA;
- ((InternalCertificate) cert).setSSLTrust(trustflag);
+ ((InternalCertificate) cert)
+ .setSSLTrust(trustflag);
} else
- ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA);
+ ((InternalCertificate) cert)
+ .setSSLTrust(InternalCertificate.VALID_CA);
break;
} else {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_CERT_ERROR", ""));
}
}
}
}
}
- } catch (ParseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ } catch (ParseException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
}
/**
* Delete the CA certificate from the perm database.
+ *
* @param nickname The nickname of the CA certificate.
- * @param notAfterTime The notAfter of the certificate. It is possible to get multiple
- * certificates under the same nickname. If one of the certificates match the notAfterTime,
- * then the certificate will get deleted. The format of the notAfterTime has to be
- * in "MMMMM dd, yyyy HH:mm:ss" format.
- */
- public void deleteCACert(String nickname, String notAfterTime) throws EBaseException {
+ * @param notAfterTime The notAfter of the certificate. It is possible to
+ * get multiple certificates under the same nickname. If one of
+ * the certificates match the notAfterTime, then the certificate
+ * will get deleted. The format of the notAfterTime has to be in
+ * "MMMMM dd, yyyy HH:mm:ss" format.
+ */
+ public void deleteCACert(String nickname, String notAfterTime)
+ throws EBaseException {
try {
if (mNicknameMapCertsTable != null) {
- X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
+ X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable
+ .get(nickname);
if (certs == null) {
- EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString()));
throw e;
} else {
for (int i = 0; i < certs.length; i++) {
X509Certificate cert = certs[i];
- X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
+ X509CertImpl certImpl = new X509CertImpl(
+ cert.getEncoded());
Date notAfter = certImpl.getNotAfter();
Date qualifier = mFormatter.parse(notAfterTime);
if (notAfter.equals(qualifier)) {
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
- CryptoStore store = tcert.getOwningToken().getCryptoStore();
+ CryptoStore store = tcert.getOwningToken()
+ .getCryptoStore();
- tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
+ tcert.getOwningToken().getCryptoStore()
+ .deleteCert(tcert);
} else {
- CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
+ CryptoToken token = CryptoManager.getInstance()
+ .getInternalKeyStorageToken();
CryptoStore store = token.getCryptoStore();
store.deleteCert(cert);
@@ -1551,45 +1777,64 @@ CMS.debug("*** removing this interna cert");
}
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (ParseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
}
/**
* Delete any certificate from the any token.
+ *
* @param nickname The nickname of the certificate.
- * @param notAfterTime The notAfter of the certificate. It is possible to get multiple
- * certificates under the same nickname. If one of the certificates match the notAfterTime,
- * then the certificate will get deleted. The format of the notAfterTime has to be
- * in "MMMMM dd, yyyy HH:mm:ss" format.
- */
- public void deleteCert(String nickname, String notAfterTime) throws EBaseException {
+ * @param notAfterTime The notAfter of the certificate. It is possible to
+ * get multiple certificates under the same nickname. If one of
+ * the certificates match the notAfterTime, then the certificate
+ * will get deleted. The format of the notAfterTime has to be in
+ * "MMMMM dd, yyyy HH:mm:ss" format.
+ */
+ public void deleteCert(String nickname, String notAfterTime)
+ throws EBaseException {
boolean isUserCert = false;
- X509Certificate[] certs = null;;
+ X509Certificate[] certs = null;
+ ;
try {
if (mNicknameMapCertsTable != null) {
- certs =
- (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
+ certs = (X509Certificate[]) mNicknameMapCertsTable
+ .get(nickname);
}
if (certs == null) {
if (mNicknameMapUserCertsTable != null) {
- certs =
- (X509Certificate[]) mNicknameMapUserCertsTable.get(nickname);
+ certs = (X509Certificate[]) mNicknameMapUserCertsTable
+ .get(nickname);
if (certs != null) {
CMS.debug("in mNicknameMapUserCertsTable, isUserCert is true");
isUserCert = true;
@@ -1600,9 +1845,12 @@ CMS.debug("*** removing this interna cert");
}
if (certs == null) {
- EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
throw e;
} else {
@@ -1615,11 +1863,14 @@ CMS.debug("*** removing this interna cert");
if (notAfter.equals(qualifier)) {
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
- CryptoStore store = tcert.getOwningToken().getCryptoStore();
+ CryptoStore store = tcert.getOwningToken()
+ .getCryptoStore();
- tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
+ tcert.getOwningToken().getCryptoStore()
+ .deleteCert(tcert);
} else {
- CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
+ CryptoToken token = CryptoManager.getInstance()
+ .getInternalKeyStorageToken();
CryptoStore store = token.getCryptoStore();
store.deleteCert(cert);
@@ -1635,33 +1886,51 @@ CMS.debug("*** removing this interna cert");
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (ParseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
}
- public void deleteTokenCertificate(String nickname, String pathname) throws EBaseException {
+ public void deleteTokenCertificate(String nickname, String pathname)
+ throws EBaseException {
try {
- X509Certificate cert = CryptoManager.getInstance().findCertByNickname(nickname);
+ X509Certificate cert = CryptoManager.getInstance()
+ .findCertByNickname(nickname);
String issuerName = cert.getSubjectDN().getName();
Principal principal = cert.getSubjectDN();
DN dn = new DN(principal.getName());
BigInteger serialno = cert.getSerialNumber();
String suffix = "." + System.currentTimeMillis();
String b64E = com.netscape.osutil.OSUtil.BtoA(cert.getEncoded());
- PrintStream stream = new PrintStream(new FileOutputStream(pathname + suffix));
+ PrintStream stream = new PrintStream(new FileOutputStream(pathname
+ + suffix));
stream.println("-----BEGIN CERTIFICATE-----");
stream.print(b64E);
@@ -1672,212 +1941,279 @@ CMS.debug("*** removing this interna cert");
CryptoStore store = tcert.getOwningToken().getCryptoStore();
tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
- } else
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT"));
+ } else
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT"));
int index = nickname.indexOf(":");
-
- // the deleted certificate is on the hardware token. We should delete the same one from
+
+ // the deleted certificate is on the hardware token. We should
+ // delete the same one from
// the internal token.
if (index > 0) {
- CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken();
+ CryptoToken cToken = CryptoManager.getInstance()
+ .getInternalKeyStorageToken();
CryptoStore store = cToken.getCryptoStore();
- X509Certificate[] allcerts = CryptoManager.getInstance().getCACerts();
+ X509Certificate[] allcerts = CryptoManager.getInstance()
+ .getCACerts();
for (int i = 0; i < allcerts.length; i++) {
try {
- X509CertImpl certImpl = new X509CertImpl(allcerts[i].getEncoded());
- String certIssuerName = certImpl.getSubjectDN().getName();
+ X509CertImpl certImpl = new X509CertImpl(
+ allcerts[i].getEncoded());
+ String certIssuerName = certImpl.getSubjectDN()
+ .getName();
Principal certPrincipal = certImpl.getSubjectDN();
DN certdn = new DN(certPrincipal.getName());
BigInteger certSerialNo = certImpl.getSerialNumber();
- if (dn.equals(certdn) && certSerialNo.compareTo(serialno) == 0) {
+ if (dn.equals(certdn)
+ && certSerialNo.compareTo(serialno) == 0) {
store.deleteCert(allcerts[i]);
break;
}
} catch (Exception ee) {
- Debug.trace("JssSubsystem:deleteTokenCertificate: " + ee.toString());
+ Debug.trace("JssSubsystem:deleteTokenCertificate: "
+ + ee.toString());
}
}
}
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
- } catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
+ } catch (IOException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
}
public String getSubjectDN(String nickname) throws EBaseException {
try {
- X509Certificate cert =
- CryptoManager.getInstance().findCertByNickname(nickname);
+ X509Certificate cert = CryptoManager.getInstance()
+ .findCertByNickname(nickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
return impl.getSubjectDN().getName();
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
}
public void setRootCertTrust(String nickname, String serialno,
- String issuerName, String trust) throws EBaseException {
-
+ String issuerName, String trust) throws EBaseException {
+
X509Certificate cert = getCertificate(nickname, serialno, issuerName);
if (cert instanceof InternalCertificate) {
if (trust.equals("trust")) {
- int trustflag = InternalCertificate.TRUSTED_CA |
- InternalCertificate.TRUSTED_CLIENT_CA |
- InternalCertificate.VALID_CA;
+ int trustflag = InternalCertificate.TRUSTED_CA
+ | InternalCertificate.TRUSTED_CLIENT_CA
+ | InternalCertificate.VALID_CA;
((InternalCertificate) cert).setSSLTrust(trustflag);
} else {
- ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA);
+ ((InternalCertificate) cert)
+ .setSSLTrust(InternalCertificate.VALID_CA);
}
}
}
public X509Certificate getCertificate(String nickname, String serialno,
- String issuerName) throws EBaseException {
+ String issuerName) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
- X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ X509Certificate[] certs = CryptoManager.getInstance()
+ .findCertsByNickname(nickname);
X509CertImpl impl = null;
- int i=0;
+ int i = 0;
if (certs != null && certs.length > 0) {
for (; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
- if (impl.getIssuerDN().toString().equals(issuerName) &&
- impl.getSerialNumber().toString().equals(serialno))
+ if (impl.getIssuerDN().toString().equals(issuerName)
+ && impl.getSerialNumber().toString()
+ .equals(serialno))
return certs[i];
}
} else {
- EBaseException e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
throw e;
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ } catch (CertificateException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
-
+
return null;
}
public String getRootCertTrustBit(String nickname, String serialno,
- String issuerName) throws EBaseException {
+ String issuerName) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
- X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ X509Certificate[] certs = CryptoManager.getInstance()
+ .findCertsByNickname(nickname);
X509CertImpl impl = null;
- int i=0;
+ int i = 0;
if (certs != null && certs.length > 0) {
for (; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
- if (impl.getIssuerDN().toString().equals(issuerName) &&
- impl.getSerialNumber().toString().equals(serialno))
+ if (impl.getIssuerDN().toString().equals(issuerName)
+ && impl.getSerialNumber().toString()
+ .equals(serialno))
break;
}
} else {
- EBaseException e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
throw e;
}
String trust = "U";
if (certs[i] instanceof InternalCertificate) {
- InternalCertificate icert = (InternalCertificate)certs[i];
+ InternalCertificate icert = (InternalCertificate) certs[i];
int flag = icert.getSSLTrust();
- if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) ==
- InternalCertificate.TRUSTED_CLIENT_CA)
+ if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
trust = "T";
- } else
+ } else
trust = "N/A";
return trust;
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ } catch (CertificateException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
}
public String getCertPrettyPrint(String nickname, String serialno,
- String issuerName, Locale locale) throws EBaseException {
+ String issuerName, Locale locale) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
- X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ X509Certificate[] certs = CryptoManager.getInstance()
+ .findCertsByNickname(nickname);
X509CertImpl impl = null;
if (certs != null && certs.length > 0) {
for (int i = 0; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
- if (impl.getIssuerDN().toString().equals(issuerName) &&
- impl.getSerialNumber().toString().equals(serialno))
+ if (impl.getIssuerDN().toString().equals(issuerName)
+ && impl.getSerialNumber().toString()
+ .equals(serialno))
break;
}
} else {
- EBaseException e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ EBaseException e = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
throw e;
}
CertPrettyPrint print = null;
@@ -1890,86 +2226,114 @@ CMS.debug("*** removing this interna cert");
else
return null;
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
}
- public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno,
- String issuerName, Locale locale) throws EBaseException {
+ public String getCertPrettyPrintAndFingerPrint(String nickname,
+ String serialno, String issuerName, Locale locale)
+ throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index+1);
+ nickname = nickname.substring(index + 1);
}
try {
- X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ X509Certificate[] certs = CryptoManager.getInstance()
+ .findCertsByNickname(nickname);
X509CertImpl impl = null;
if (certs != null && certs.length > 0) {
for (int i = 0; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
- if (impl.getIssuerDN().toString().equals(issuerName) &&
- impl.getSerialNumber().toString().equals(serialno))
+ if (impl.getIssuerDN().toString().equals(issuerName)
+ && impl.getSerialNumber().toString()
+ .equals(serialno))
break;
}
} else {
- EBaseException e =
- new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ EBaseException e = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
throw e;
}
CertPrettyPrint print = null;
- String fingerPrint = "";
+ String fingerPrint = "";
if (impl != null) {
print = new CertPrettyPrint(impl);
- fingerPrint = CMS.getFingerPrints(impl.getEncoded());
- }
+ fingerPrint = CMS.getFingerPrints(impl.getEncoded());
+ }
if ((print != null) && (fingerPrint != "")) {
- String pp = print.toString(locale) + "\n" +
- "Certificate Fingerprints:"+ '\n' + fingerPrint;
+ String pp = print.toString(locale) + "\n"
+ + "Certificate Fingerprints:" + '\n' + fingerPrint;
return pp;
} else
return null;
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_NO_SUCH_ALGORITHM", e.toString()));
}
}
- public String getCertPrettyPrint(String nickname, String date,
- Locale locale) throws EBaseException {
+ public String getCertPrettyPrint(String nickname, String date, Locale locale)
+ throws EBaseException {
try {
- X509Certificate[] certs =
- CryptoManager.getInstance().findCertsByNickname(nickname);
+ X509Certificate[] certs = CryptoManager.getInstance()
+ .findCertsByNickname(nickname);
- if ((certs == null || certs.length == 0) &&
- mNicknameMapCertsTable != null) {
- certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
+ if ((certs == null || certs.length == 0)
+ && mNicknameMapCertsTable != null) {
+ certs = (X509Certificate[]) mNicknameMapCertsTable
+ .get(nickname);
}
if (certs == null) {
- EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
throw e;
}
X509CertImpl impl = null;
@@ -1993,22 +2357,35 @@ CMS.debug("*** removing this interna cert");
else
return null;
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
} catch (ParseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
}
- public String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException {
- try {
+ public String getCertPrettyPrint(String b64E, Locale locale)
+ throws EBaseException {
+ try {
try {
byte[] b = KeyCertUtil.convertB64EToByteArray(b64E);
X509CertImpl impl = new X509CertImpl(b);
@@ -2023,8 +2400,8 @@ CMS.debug("*** removing this interna cert");
String normalized = CertUtils.normalizeCertStr(noHeader);
byte data[] = com.netscape.osutil.OSUtil.AtoB(normalized);
- ContentInfo ci = (ContentInfo)
- ASN1Util.decode(ContentInfo.getTemplate(), data);
+ ContentInfo ci = (ContentInfo) ASN1Util.decode(
+ ContentInfo.getTemplate(), data);
if (!ci.getContentType().equals(ContentInfo.SIGNED_DATA)) {
throw new CertificateException(
@@ -2050,20 +2427,28 @@ CMS.debug("*** removing this interna cert");
return content;
}
} catch (InvalidBERException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- "Failed to decode"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ "Failed to decode"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.getMessage()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ ""));
}
}
- public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey)
- throws EBaseException {
+ public X509CertImpl getSignedCert(KeyCertData data, String certType,
+ java.security.PrivateKey priKey) throws EBaseException {
CertificateInfo cert = null;
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
@@ -2077,7 +2462,8 @@ CMS.debug("*** removing this interna cert");
}
if (cert == null) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ ""));
}
X509CertInfo certInfo = null;
@@ -2085,19 +2471,28 @@ CMS.debug("*** removing this interna cert");
try {
certInfo = cert.getCertInfo();
- SignatureAlgorithm sigAlg =
- (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM);
+ SignatureAlgorithm sigAlg = (SignatureAlgorithm) data
+ .get(Constants.PR_SIGNATURE_ALGORITHM);
signedCert = KeyCertUtil.signCert(priKey, certInfo, sigAlg);
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (PQGParamGenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
}
return signedCert;
@@ -2105,28 +2500,30 @@ CMS.debug("*** removing this interna cert");
public boolean isCACert(String fullNickname) throws EBaseException {
try {
- X509Certificate cert = mCryptoManager.findCertByNickname(fullNickname);
+ X509Certificate cert = mCryptoManager
+ .findCertByNickname(fullNickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
- X509CertInfo certinfo = (X509CertInfo) impl.get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ X509CertInfo certinfo = (X509CertInfo) impl.get(X509CertImpl.NAME
+ + "." + X509CertImpl.INFO);
if (certinfo == null)
return false;
else {
- CertificateExtensions exts =
- (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions exts = (CertificateExtensions) certinfo
+ .get(X509CertInfo.EXTENSIONS);
if (exts == null)
return false;
else {
try {
- BasicConstraintsExtension ext = (BasicConstraintsExtension)
- exts.get(BasicConstraintsExtension.NAME);
+ BasicConstraintsExtension ext = (BasicConstraintsExtension) exts
+ .get(BasicConstraintsExtension.NAME);
if (ext == null)
return false;
else {
- Boolean bool = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
+ Boolean bool = (Boolean) ext
+ .get(BasicConstraintsExtension.IS_CA);
return bool.booleanValue();
}
@@ -2136,42 +2533,69 @@ CMS.debug("*** removing this interna cert");
}
}
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
+ e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
+ e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ ""));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
}
}
- public CertificateExtensions getExtensions(String tokenname, String nickname)
- throws EBaseException {
+ public CertificateExtensions getExtensions(String tokenname, String nickname)
+ throws EBaseException {
try {
return KeyCertUtil.getExtensions(tokenname, nickname);
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
+ e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
+ e.toString()));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ ""));
}
}
@@ -2179,8 +2603,10 @@ CMS.debug("*** removing this interna cert");
KeyCertUtil.checkCertificateExt(ext);
}
- public void checkKeyLength(String keyType, int keyLength, String certType, int minRSAKeyLen) throws EBaseException {
- // KeyCertUtil.checkKeyLength(keyType, keyLength, certType, minRSAKeyLen);
+ public void checkKeyLength(String keyType, int keyLength, String certType,
+ int minRSAKeyLen) throws EBaseException {
+ // KeyCertUtil.checkKeyLength(keyType, keyLength, certType,
+ // minRSAKeyLen);
}
public PQGParams getPQG(int keysize) {
@@ -2188,25 +2614,25 @@ CMS.debug("*** removing this interna cert");
}
public PQGParams getCAPQG(int keysize, IConfigStore store)
- throws EBaseException {
+ throws EBaseException {
return KeyCertUtil.getCAPQG(keysize, store);
}
- public CertificateExtensions getCertExtensions(String tokenname, String nickname)
- throws NotInitializedException, TokenException, ObjectNotFoundException,
+ public CertificateExtensions getCertExtensions(String tokenname,
+ String nickname) throws NotInitializedException, TokenException,
+ ObjectNotFoundException,
IOException, CertificateException {
return KeyCertUtil.getExtensions(tokenname, nickname);
}
}
-class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser
-{
+class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser {
public JSSDatabaseCloser() throws Exception {
- super();
+ super();
}
public void closeDatabases() {
- super.closeDatabases();
+ super.closeDatabases();
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
index 35b7cdf2b..7dadc7afa 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.IOException;
import java.security.KeyPair;
@@ -29,16 +28,14 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
-
/**
- * KRA transport certificate
+ * KRA transport certificate
*
* @author Christine Ho
* @version $Revision$, $Date$
*/
public class KRATransportCert extends CertificateInfo {
- public static final String SUBJECT_NAME =
- "CN=Data Recovery Manager, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME = "CN=Data Recovery Manager, O=Netscape Communications, C=US";
private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
public KRATransportCert(KeyCertData properties) {
@@ -49,8 +46,7 @@ public class KRATransportCert extends CertificateInfo {
super(properties, pair);
String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) &&
- (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
mTokenname = tmp;
mProperties.put(Constants.PR_AKI, Constants.TRUE);
}
@@ -62,7 +58,8 @@ public class KRATransportCert extends CertificateInfo {
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
cmsFileTmp.putString("kra.transportUnit.nickName", nickname);
else
- cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":" + nickname);
+ cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":"
+ + nickname);
cmsFileTmp.commit(false);
}
@@ -72,8 +69,8 @@ public class KRATransportCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName =
- (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties
+ .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -81,19 +78,14 @@ public class KRATransportCert extends CertificateInfo {
}
/*
- public SignatureAlgorithm getSigningAlgorithm() {
- SignatureAlgorithm sAlg =
- (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
- if (sAlg != null) {
- return sAlg;
- }
- String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
-
- if (alg.equals("RSA"))
- return SignatureAlgorithm.RSASignatureWithMD5Digest;
- else
- return SignatureAlgorithm.DSASignatureWithSHA1Digest;
- }
+ * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
+ * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+ * if (sAlg != null) { return sAlg; } String alg =
+ * (String)mProperties.get(Constants.PR_KEY_TYPE);
+ *
+ * if (alg.equals("RSA")) return
+ * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
+ * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
*/
public String getKeyAlgorithm() {
@@ -107,4 +99,3 @@ public class KRATransportCert extends CertificateInfo {
return extension;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
index 589d5a68c..95772307e 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FilterOutputStream;
@@ -116,7 +115,6 @@ import com.netscape.cmscore.dbs.DateMapper;
import com.netscape.cmscore.dbs.X509CertImplMapper;
import com.netscape.cmsutil.crypto.CryptoUtil;
-
/**
* This class provides all the base methods to generate the key for different
* kinds of certificates.
@@ -149,14 +147,15 @@ public class KeyCertUtil {
try {
Extension de = new Extension(new DerValue(b));
} catch (IOException ex) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT_EXTENSION"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_CERT_EXTENSION"));
}
}
}
}
- public static String getTokenNames(CryptoManager manager)
- throws TokenException {
+ public static String getTokenNames(CryptoManager manager)
+ throws TokenException {
String tokenList = "";
Enumeration tokens = manager.getExternalTokens();
int num = 0;
@@ -180,11 +179,8 @@ public class KeyCertUtil {
// All this streaming is lame, but Base64OutputStream needs a
// PrintStream
ByteArrayOutputStream output = new ByteArrayOutputStream();
- Base64OutputStream b64 = new Base64OutputStream(new
- PrintStream(new
- FilterOutputStream(output)
- )
- );
+ Base64OutputStream b64 = new Base64OutputStream(new PrintStream(
+ new FilterOutputStream(output)));
b64.write(bytes);
b64.flush();
@@ -195,7 +191,7 @@ public class KeyCertUtil {
}
public static byte[] makeDSSParms(BigInteger P, BigInteger Q, BigInteger G)
- throws IOException {
+ throws IOException {
// Write P, Q, G to a DER stream
DerOutputStream contents = new DerOutputStream();
@@ -212,42 +208,43 @@ public class KeyCertUtil {
return sequence.toByteArray();
}
- public static PrivateKey getPrivateKey(String tokenname, String nickname)
- throws TokenException, EBaseException,
- NoSuchTokenException, NotInitializedException, CertificateException,
- CertificateEncodingException, EBaseException, ObjectNotFoundException {
+ public static PrivateKey getPrivateKey(String tokenname, String nickname)
+ throws TokenException, EBaseException, NoSuchTokenException,
+ NotInitializedException, CertificateException,
+ CertificateEncodingException, EBaseException,
+ ObjectNotFoundException {
/*
- String caNickname = store.getString("ca.signing.tokenname");
- String tokenName = store.getString("ca.signing.cacertnickname");
+ * String caNickname = store.getString("ca.signing.tokenname"); String
+ * tokenName = store.getString("ca.signing.cacertnickname");
*/
X509Certificate cert = getCertificate(tokenname, nickname);
-
+
return CryptoManager.getInstance().findPrivKeyByCert(cert);
}
- public static String getCertSubjectName(String tokenname, String nickname)
- throws TokenException, EBaseException, NoSuchTokenException,
+ public static String getCertSubjectName(String tokenname, String nickname)
+ throws TokenException, EBaseException, NoSuchTokenException,
NotInitializedException, CertificateException,
CertificateEncodingException, EBaseException {
-
+
X509Certificate cert = getCertificate(tokenname, nickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
return impl.getSubjectDN().getName();
}
- public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo,
- SignatureAlgorithm sigAlg)
- throws NoSuchTokenException, EBaseException, NotInitializedException {
+ public static X509CertImpl signCert(PrivateKey privateKey,
+ X509CertInfo certInfo, SignatureAlgorithm sigAlg)
+ throws NoSuchTokenException, EBaseException,
+ NotInitializedException {
try {
- CertificateAlgorithmId sId = (CertificateAlgorithmId)
- certInfo.get(X509CertInfo.ALGORITHM_ID);
- AlgorithmId sigAlgId =
- (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM);
+ CertificateAlgorithmId sId = (CertificateAlgorithmId) certInfo
+ .get(X509CertInfo.ALGORITHM_ID);
+ AlgorithmId sigAlgId = (AlgorithmId) sId
+ .get(CertificateAlgorithmId.ALGORITHM);
- org.mozilla.jss.crypto.PrivateKey priKey =
- (org.mozilla.jss.crypto.PrivateKey) privateKey;
+ org.mozilla.jss.crypto.PrivateKey priKey = (org.mozilla.jss.crypto.PrivateKey) privateKey;
CryptoToken token = priKey.getOwningToken();
DerOutputStream tmp = new DerOutputStream();
@@ -270,19 +267,25 @@ public class KeyCertUtil {
return signedCert;
} catch (IOException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_SIGNED_FAILED", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_SIGNED_FAILED", e.toString()));
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", e.toString()));
} catch (TokenException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR_1", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_ERROR_1", e.toString()));
} catch (SignatureException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_SIGNED_FAILED", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_SIGNED_FAILED", e.toString()));
} catch (InvalidKeyException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_KEY_1", e.toString()));
} catch (CertificateException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ e.toString()));
}
- }
+ }
public static SignatureAlgorithm getSigningAlgorithm(String keyType) {
SignatureAlgorithm sAlg = null;
@@ -295,7 +298,8 @@ public class KeyCertUtil {
return sAlg;
}
- public static SignatureAlgorithm getSigningAlgorithm(String keyType, String hashtype) {
+ public static SignatureAlgorithm getSigningAlgorithm(String keyType,
+ String hashtype) {
SignatureAlgorithm sAlg = null;
if (keyType.equals("RSA")) {
@@ -317,9 +321,9 @@ public class KeyCertUtil {
}
public static AlgorithmId getAlgorithmId(String algname, IConfigStore store)
- throws EBaseException {
+ throws EBaseException {
try {
-
+
if (algname.equals("DSA")) {
byte[] p = store.getByteArray("ca.dsaP", null);
byte[] q = store.getByteArray("ca.dsaQ", null);
@@ -335,15 +339,16 @@ public class KeyCertUtil {
}
return AlgorithmId.getAlgorithmId(algname);
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED"));
}
}
public static X509Certificate getCertificate(String tokenname,
- String nickname) throws NotInitializedException, NoSuchTokenException,
- EBaseException, TokenException {
+ String nickname) throws NotInitializedException,
+ NoSuchTokenException, EBaseException, TokenException {
CryptoManager manager = CryptoManager.getInstance();
- CryptoToken token = null;
+ CryptoToken token = null;
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
token = manager.getInternalKeyStorageToken();
@@ -360,16 +365,16 @@ public class KeyCertUtil {
try {
return manager.findCertByNickname(certname.toString());
} catch (ObjectNotFoundException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CA_SIGNINGCERT_NOT_FOUND"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CA_SIGNINGCERT_NOT_FOUND"));
}
}
- public static KeyPair getKeyPair(String tokenname, String nickname)
- throws NotInitializedException, NoSuchTokenException, TokenException,
- ObjectNotFoundException, EBaseException {
+ public static KeyPair getKeyPair(String tokenname, String nickname)
+ throws NotInitializedException, NoSuchTokenException,
+ TokenException, ObjectNotFoundException, EBaseException {
X509Certificate cert = getCertificate(tokenname, nickname);
- PrivateKey priKey =
- CryptoManager.getInstance().findPrivKeyByCert(cert);
+ PrivateKey priKey = CryptoManager.getInstance().findPrivKeyByCert(cert);
PublicKey publicKey = cert.getPublicKey();
return new KeyPair(publicKey, priKey);
@@ -383,8 +388,8 @@ public class KeyCertUtil {
}
}
- public static PQGParams getCAPQG(int keysize, IConfigStore store)
- throws EBaseException {
+ public static PQGParams getCAPQG(int keysize, IConfigStore store)
+ throws EBaseException {
if (store != null) {
try {
int pqgKeySize = store.getInteger("ca.dsaPQG.keyLength", 0);
@@ -410,40 +415,44 @@ public class KeyCertUtil {
PQGParams pqg = PQGParams.generate(keysize);
store.putInteger("ca.dsaPQG.keyLength", keysize);
- store.putString("ca.dsaP", KeyCertUtil.base64Encode(
- pqg.getP().toByteArray()));
- store.putString("ca.dsaQ", KeyCertUtil.base64Encode(
- pqg.getQ().toByteArray()));
- store.putString("ca.dsaG", KeyCertUtil.base64Encode(
- pqg.getG().toByteArray()));
- store.putString("ca.dsaSeed", KeyCertUtil.base64Encode(
- pqg.getSeed().toByteArray()));
+ store.putString("ca.dsaP",
+ KeyCertUtil.base64Encode(pqg.getP().toByteArray()));
+ store.putString("ca.dsaQ",
+ KeyCertUtil.base64Encode(pqg.getQ().toByteArray()));
+ store.putString("ca.dsaG",
+ KeyCertUtil.base64Encode(pqg.getG().toByteArray()));
+ store.putString("ca.dsaSeed",
+ KeyCertUtil.base64Encode(pqg.getSeed().toByteArray()));
store.putInteger("ca.dsaCounter", pqg.getCounter());
- store.putString("ca.dsaH", KeyCertUtil.base64Encode(
- pqg.getH().toByteArray()));
- store.putString("ca.DSSParms",
- KeyCertUtil.base64Encode(
- KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG())));
+ store.putString("ca.dsaH",
+ KeyCertUtil.base64Encode(pqg.getH().toByteArray()));
+ store.putString(
+ "ca.DSSParms",
+ KeyCertUtil.base64Encode(KeyCertUtil.makeDSSParms(
+ pqg.getP(), pqg.getQ(), pqg.getG())));
store.commit(false);
return pqg;
} catch (IOException ee) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
} catch (EBaseException ee) {
throw ee;
} catch (PQGParamGenException ee) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
}
}
return null;
}
public static KeyPair generateKeyPair(CryptoToken token,
- KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg)
- throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException,
- InvalidParameterException, PQGParamGenException {
+ KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg)
+ throws NoSuchAlgorithmException, TokenException,
+ InvalidAlgorithmParameterException, InvalidParameterException,
+ PQGParamGenException {
KeyPairGenerator kpGen = token.getKeyPairGenerator(kpAlg);
-
+
if (kpAlg == KeyPairAlgorithm.DSA) {
if (pqg == null) {
kpGen.initialize(keySize);
@@ -463,18 +472,16 @@ public class KeyCertUtil {
do {
// 602548 NSS bug - to overcome it, we use isBadDSAKeyPair
kp = kpGen.genKeyPair();
- }
- while (isBadDSAKeyPair(kp));
+ } while (isBadDSAKeyPair(kp));
return kp;
}
}
/**
- * Test for a DSA key pair that will trigger a bug in NSS.
- * The problem occurs when the first byte of the key is 0. This
- * happens when the value otherwise would have been negative, and a
- * zero byte is prepended to force it to be positive.
- * This is blackflag bug 602548.
+ * Test for a DSA key pair that will trigger a bug in NSS. The problem
+ * occurs when the first byte of the key is 0. This happens when the value
+ * otherwise would have been negative, and a zero byte is prepended to force
+ * it to be positive. This is blackflag bug 602548.
*/
public static boolean isBadDSAKeyPair(KeyPair pair) {
try {
@@ -487,9 +494,10 @@ public class KeyCertUtil {
BIT_STRING bs = (BIT_STRING) seq.elementAt(1);
byte[] bits = bs.getBits();
- ByteArrayInputStream bitstream = new ByteArrayInputStream(bs.getBits());
+ ByteArrayInputStream bitstream = new ByteArrayInputStream(
+ bs.getBits());
ASN1Header wrapper = new ASN1Header(bitstream);
- byte[] valBytes = new byte[ (int) wrapper.getContentLength() ];
+ byte[] valBytes = new byte[(int) wrapper.getContentLength()];
ASN1Util.readFully(valBytes, bitstream);
@@ -503,7 +511,7 @@ public class KeyCertUtil {
}
public static KeyPair generateKeyPair(String tokenName, String alg,
- int keySize, PQGParams pqg) throws EBaseException {
+ int keySize, PQGParams pqg) throws EBaseException {
CryptoToken token = null;
@@ -512,14 +520,17 @@ public class KeyCertUtil {
try {
if (tokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN)) {
- token = CryptoManager.getInstance().getInternalKeyStorageToken();
+ token = CryptoManager.getInstance()
+ .getInternalKeyStorageToken();
} else {
token = CryptoManager.getInstance().getTokenByName(tokenName);
}
} catch (NoSuchTokenException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_NOT_FOUND", tokenName));
} catch (NotInitializedException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
}
KeyPairAlgorithm kpAlg = null;
@@ -534,22 +545,25 @@ public class KeyCertUtil {
return kp;
} catch (InvalidParameterException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEYSIZE_PARAMS",
- "" + keySize));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_KEYSIZE_PARAMS", "" + keySize));
} catch (PQGParamGenException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED",
- kpAlg.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", kpAlg.toString()));
} catch (TokenException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR_1", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_TOKEN_ERROR_1", e.toString()));
} catch (InvalidAlgorithmParameterException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "DSA"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", "DSA"));
}
}
- public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair)
- throws NoSuchAlgorithmException, NoSuchProviderException,
+ public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException, IOException, CertificateException,
SignatureException {
PublicKey pubk = keyPair.getPublic();
@@ -563,8 +577,8 @@ public class KeyCertUtil {
} else {
alg = "DSA";
}
- java.security.Signature sig =
- java.security.Signature.getInstance(alg, "Mozilla-JSS");
+ java.security.Signature sig = java.security.Signature.getInstance(alg,
+ "Mozilla-JSS");
sig.initSign(keyPair.getPrivate());
@@ -578,12 +592,10 @@ public class KeyCertUtil {
return pkcs10;
}
- public static PKCS10 getCertRequest(String subjectName, KeyPair
- keyPair, Extensions
- exts)
- throws NoSuchAlgorithmException, NoSuchProviderException,
- InvalidKeyException, IOException, CertificateException,
- SignatureException {
+ public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair,
+ Extensions exts) throws NoSuchAlgorithmException,
+ NoSuchProviderException, InvalidKeyException, IOException,
+ CertificateException, SignatureException {
PublicKey pubk = keyPair.getPublic();
X509Key key = convertPublicKeyToX509Key(pubk);
String alg;
@@ -595,17 +607,16 @@ public class KeyCertUtil {
} else {
alg = "DSA";
}
- java.security.Signature sig =
- java.security.Signature.getInstance(alg, "Mozilla-JSS");
+ java.security.Signature sig = java.security.Signature.getInstance(alg,
+ "Mozilla-JSS");
sig.initSign(keyPair.getPrivate());
PKCS10 pkcs10 = null;
if (exts != null) {
- PKCS10Attribute attr = new
- PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID,
- (CertAttrSet) exts);
+ PKCS10Attribute attr = new PKCS10Attribute(
+ PKCS9Attribute.EXTENSION_REQUEST_OID, (CertAttrSet) exts);
PKCS10Attributes attrs = new PKCS10Attributes();
attrs.setAttribute(attr.getAttributeValue().getName(), attr);
@@ -623,8 +634,8 @@ public class KeyCertUtil {
return pkcs10;
}
- public static X509Key convertPublicKeyToX509Key(PublicKey pubk)
- throws InvalidKeyException {
+ public static X509Key convertPublicKeyToX509Key(PublicKey pubk)
+ throws InvalidKeyException {
X509Key xKey;
@@ -632,9 +643,9 @@ public class KeyCertUtil {
RSAPublicKey rsaKey = (RSAPublicKey) pubk;
// REMOVED constructors from parameters by MLH on 1/9/99
- xKey = new netscape.security.provider.RSAPublicKey(
- new BigInt(rsaKey.getModulus()),
- new BigInt(rsaKey.getPublicExponent()));
+ xKey = new netscape.security.provider.RSAPublicKey(new BigInt(
+ rsaKey.getModulus()),
+ new BigInt(rsaKey.getPublicExponent()));
} else if (pubk instanceof PK11ECPublicKey) {
byte encoded[] = pubk.getEncoded();
xKey = CryptoUtil.getPublicX509ECCKey(encoded);
@@ -643,44 +654,41 @@ public class KeyCertUtil {
DSAPublicKey dsaKey = (DSAPublicKey) pubk;
DSAParams params = dsaKey.getParams();
- xKey = new netscape.security.provider.DSAPublicKey(
- dsaKey.getY(),
- params.getP(),
- params.getQ(),
- params.getG());
+ xKey = new netscape.security.provider.DSAPublicKey(dsaKey.getY(),
+ params.getP(), params.getQ(), params.getG());
}
return xKey;
}
- public static X509Certificate
- importCert(X509CertImpl signedCert, String nickname,
- String certType) throws NotInitializedException, TokenException,
- CertificateEncodingException, UserCertConflictException,
- NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
-
+ public static X509Certificate importCert(X509CertImpl signedCert,
+ String nickname, String certType) throws NotInitializedException,
+ TokenException, CertificateEncodingException,
+ UserCertConflictException, NicknameConflictException,
+ NoSuchItemOnTokenException, CertificateException {
+
return importCert(signedCert.getEncoded(), nickname, certType);
}
- public static X509Certificate
- importCert(String b64E, String nickname, String certType)
- throws NotInitializedException, TokenException,
+ public static X509Certificate importCert(String b64E, String nickname,
+ String certType) throws NotInitializedException, TokenException,
CertificateEncodingException, UserCertConflictException,
- NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
-
+ NicknameConflictException, NoSuchItemOnTokenException,
+ CertificateException {
+
byte b[] = b64E.getBytes();
X509Certificate cert = getInternalCertificate(b, nickname, certType);
-
+
if (cert instanceof InternalCertificate) {
setTrust(certType, (InternalCertificate) cert);
}
return cert;
}
- public static X509Certificate
- importCert(byte[] b, String nickname, String certType)
- throws NotInitializedException, TokenException,
- CertificateEncodingException, UserCertConflictException,
- NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+ public static X509Certificate importCert(byte[] b, String nickname,
+ String certType) throws NotInitializedException, TokenException,
+ CertificateEncodingException, UserCertConflictException,
+ NicknameConflictException, NoSuchItemOnTokenException,
+ CertificateException {
X509Certificate cert = getInternalCertificate(b, nickname, certType);
@@ -690,43 +698,43 @@ public class KeyCertUtil {
return cert;
}
- public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType)
- throws NotInitializedException, TokenException, CertificateEncodingException,
- UserCertConflictException, NicknameConflictException, NoSuchItemOnTokenException,
- CertificateException {
+ public static X509Certificate getInternalCertificate(byte[] b,
+ String nickname, String certType) throws NotInitializedException,
+ TokenException, CertificateEncodingException,
+ UserCertConflictException, NicknameConflictException,
+ NoSuchItemOnTokenException, CertificateException {
X509Certificate cert = null;
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
cert = CryptoManager.getInstance().importUserCACertPackage(b,
- nickname);
- } else if (certType.equals(Constants.PR_RA_SIGNING_CERT) ||
- certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
- certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
- certType.equals(Constants.PR_SERVER_CERT) ||
- certType.equals(Constants.PR_SERVER_CERT_RADM) ||
- certType.equals(Constants.PR_OTHER_CERT) ||
- certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
- cert = CryptoManager.getInstance().importCertPackage(b,
- nickname);
+ nickname);
+ } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)
+ || certType.equals(Constants.PR_KRA_TRANSPORT_CERT)
+ || certType.equals(Constants.PR_OCSP_SIGNING_CERT)
+ || certType.equals(Constants.PR_SERVER_CERT)
+ || certType.equals(Constants.PR_SERVER_CERT_RADM)
+ || certType.equals(Constants.PR_OTHER_CERT)
+ || certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+ cert = CryptoManager.getInstance().importCertPackage(b, nickname);
} else if (certType.equals(Constants.PR_SERVER_CERT_CHAIN)) {
cert = CryptoManager.getInstance().importCACertPackage(b);
} else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) {
cert = CryptoManager.getInstance().importCACertPackage(b);
- X509Certificate[] certchain = CryptoManager.getInstance().buildCertificateChain(cert);
+ X509Certificate[] certchain = CryptoManager.getInstance()
+ .buildCertificateChain(cert);
if (certchain != null) {
cert = certchain[certchain.length - 1];
}
}
- return cert;
+ return cert;
}
public static void setTrust(String certType, InternalCertificate inCert) {
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
- int flag = InternalCertificate.VALID_CA |
- InternalCertificate.TRUSTED_CA |
- InternalCertificate.USER |
- InternalCertificate.TRUSTED_CLIENT_CA;
+ int flag = InternalCertificate.VALID_CA
+ | InternalCertificate.TRUSTED_CA | InternalCertificate.USER
+ | InternalCertificate.TRUSTED_CLIENT_CA;
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
@@ -736,72 +744,61 @@ public class KeyCertUtil {
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
- inCert.setEmailTrust(flag);
+ inCert.setEmailTrust(flag);
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
- inCert.setEmailTrust(flag);
- } else if (certType.equals(Constants.PR_SERVER_CERT) ||
- certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+ inCert.setEmailTrust(flag);
+ } else if (certType.equals(Constants.PR_SERVER_CERT)
+ || certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
- inCert.setEmailTrust(flag);
+ inCert.setEmailTrust(flag);
} else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) {
- inCert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA |
- InternalCertificate.VALID_CA);
- //inCert.setEmailTrust(InternalCertificate.TRUSTED_CA);
-
- // cannot set this bit. If set, then the cert will not appear when you called getCACerts().
- //inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA);
+ inCert.setSSLTrust(InternalCertificate.TRUSTED_CA
+ | InternalCertificate.TRUSTED_CLIENT_CA
+ | InternalCertificate.VALID_CA);
+ // inCert.setEmailTrust(InternalCertificate.TRUSTED_CA);
+
+ // cannot set this bit. If set, then the cert will not appear when
+ // you called getCACerts().
+ // inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA);
}
}
public static byte[] convertB64EToByteArray(String b64E)
- throws CertificateException, IOException {
+ throws CertificateException, IOException {
String str = CertUtils.stripCertBrackets(b64E);
byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(str));
/*
- java.security.cert.X509Certificate cert =
- java.security.cert.X509Certificate.getInstance(bCert);
- return cert;
+ * java.security.cert.X509Certificate cert =
+ * java.security.cert.X509Certificate.getInstance(bCert); return cert;
*/
return bCert;
}
/**
- * ASN.1 structure:
- * 0 30 142: SEQUENCE {
- * 3 30 69: SEQUENCE {
- * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
- * 10 04 62: OCTET STRING
- * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
- * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
- * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
- * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
- * : }
- * 74 30 69: SEQUENCE {
- * 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
- * 81 04 62: OCTET STRING
- * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
- * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
- * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
- * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
- * : }
- * : }
- * Uses the following to test with configuration wizard:
+ * ASN.1 structure: 0 30 142: SEQUENCE { 3 30 69: SEQUENCE { 5 06 3: OBJECT
+ * IDENTIFIER issuerAltName (2 5 29 18) 10 04 62: OCTET STRING : 30 3C 82 01
+ * 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04
+ * 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61
+ * 70 65 2E 63 6F 6D 88 03 29 01 01 : } 74 30 69: SEQUENCE { 76 06 3: OBJECT
+ * IDENTIFIER subjectAltName (2 5 29 17) 81 04 62: OCTET STRING : 30 3C 82
+ * 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87
+ * 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63
+ * 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } : } Uses the following to test
+ * with configuration wizard:
* MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB
* FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x
- * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB
- * AQ==
+ * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB AQ==
*/
- public static void setDERExtension(
- CertificateExtensions ext, KeyCertData properties)
- throws IOException {
+ public static void setDERExtension(CertificateExtensions ext,
+ KeyCertData properties) throws IOException {
String b64E = properties.getDerExtension();
@@ -825,9 +822,8 @@ public class KeyCertUtil {
}
}
- public static void setBasicConstraintsExtension(
- CertificateExtensions ext, KeyCertData properties)
- throws IOException {
+ public static void setBasicConstraintsExtension(CertificateExtensions ext,
+ KeyCertData properties) throws IOException {
String isCA = properties.isCA();
String certLen = properties.getCertLen();
@@ -843,30 +839,29 @@ public class KeyCertUtil {
else
len = Integer.parseInt(certLen);
- if ((isCA == null) || (isCA.equals("")) ||
- (isCA.equals(Constants.FALSE)))
+ if ((isCA == null) || (isCA.equals(""))
+ || (isCA.equals(Constants.FALSE)))
bool = false;
else
bool = true;
-
- BasicConstraintsExtension basic = new BasicConstraintsExtension(
- bool, len);
+
+ BasicConstraintsExtension basic = new BasicConstraintsExtension(bool,
+ len);
ext.set(BasicConstraintsExtension.NAME, basic);
}
- public static void setExtendedKeyUsageExtension(
- CertificateExtensions ext, KeyCertData properties) throws IOException,
- CertificateException {
+ public static void setExtendedKeyUsageExtension(CertificateExtensions ext,
+ KeyCertData properties) throws IOException, CertificateException {
ExtendedKeyUsageExtension ns = new ExtendedKeyUsageExtension();
boolean anyExt = false;
-
+
String sslClient = properties.getSSLClientBit();
-
+
if ((sslClient != null) && (sslClient.equals(Constants.TRUE))) {
ns.addOID(new ObjectIdentifier("1.3.6.1.5.5.7.3.2"));
anyExt = true;
- }
+ }
String sslServer = properties.getSSLServerBit();
@@ -907,8 +902,8 @@ public class KeyCertUtil {
}
public static void setNetscapeCertificateExtension(
- CertificateExtensions ext, KeyCertData properties) throws IOException,
- CertificateException {
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException, CertificateException {
NSCertTypeExtension ns = new NSCertTypeExtension();
boolean anyExt = false;
@@ -957,7 +952,8 @@ public class KeyCertUtil {
String objectSigningCA = properties.getObjectSigningCABit();
- if ((objectSigningCA != null) && (objectSigningCA.equals(Constants.TRUE))) {
+ if ((objectSigningCA != null)
+ && (objectSigningCA.equals(Constants.TRUE))) {
ns.set(NSCertTypeExtension.OBJECT_SIGNING_CA, new Boolean(true));
anyExt = true;
}
@@ -965,38 +961,36 @@ public class KeyCertUtil {
ext.set(NSCertTypeExtension.NAME, ns);
}
- public static void setOCSPNoCheck(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties) throws IOException,
- NoSuchAlgorithmException, InvalidKeyException {
+ public static void setOCSPNoCheck(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException, NoSuchAlgorithmException, InvalidKeyException {
String noCheck = properties.getOCSPNoCheck();
if ((noCheck != null) && (noCheck.equals(Constants.TRUE))) {
- OCSPNoCheckExtension noCheckExt =
- new OCSPNoCheckExtension();
+ OCSPNoCheckExtension noCheckExt = new OCSPNoCheckExtension();
ext.set(OCSPNoCheckExtension.NAME, noCheckExt);
}
}
- public static void setOCSPSigning(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties) throws IOException,
- NoSuchAlgorithmException, InvalidKeyException {
+ public static void setOCSPSigning(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException, NoSuchAlgorithmException, InvalidKeyException {
String signing = properties.getOCSPSigning();
- if ((signing != null) && (signing.equals(Constants.TRUE))) {
- Vector oidSet = new Vector();
- oidSet.addElement(
- ObjectIdentifier.getObjectIdentifier(
- ExtendedKeyUsageExtension.OID_OCSPSigning));
- ExtendedKeyUsageExtension ocspExt =
- new ExtendedKeyUsageExtension(false, oidSet);
+ if ((signing != null) && (signing.equals(Constants.TRUE))) {
+ Vector oidSet = new Vector();
+ oidSet.addElement(ObjectIdentifier
+ .getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning));
+ ExtendedKeyUsageExtension ocspExt = new ExtendedKeyUsageExtension(
+ false, oidSet);
ext.set(ExtendedKeyUsageExtension.NAME, ocspExt);
}
}
- public static void setAuthInfoAccess(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties) throws IOException,
- NoSuchAlgorithmException, InvalidKeyException {
+ public static void setAuthInfoAccess(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException, NoSuchAlgorithmException, InvalidKeyException {
String aia = properties.getAIA();
if ((aia != null) && (aia.equals(Constants.TRUE))) {
@@ -1004,137 +998,131 @@ public class KeyCertUtil {
String port = CMS.getEENonSSLPort();
AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(false);
if (hostname != null && port != null) {
- String location = "http://"+hostname+":"+port+"/ca/ocsp";
+ String location = "http://" + hostname + ":" + port
+ + "/ca/ocsp";
GeneralName ocspName = new GeneralName(new URIName(location));
- aiaExt.addAccessDescription(AuthInfoAccessExtension.METHOD_OCSP, ocspName);
+ aiaExt.addAccessDescription(
+ AuthInfoAccessExtension.METHOD_OCSP, ocspName);
}
ext.set(AuthInfoAccessExtension.NAME, aiaExt);
}
}
- public static void setAuthorityKeyIdentifier(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties) throws IOException,
- NoSuchAlgorithmException, InvalidKeyException {
+ public static void setAuthorityKeyIdentifier(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException, NoSuchAlgorithmException, InvalidKeyException {
String aki = properties.getAKI();
if ((aki != null) && (aki.equals(Constants.TRUE))) {
KeyIdentifier id = createKeyIdentifier(keypair);
- AuthorityKeyIdentifierExtension akiExt =
- new AuthorityKeyIdentifierExtension(id, null, null);
+ AuthorityKeyIdentifierExtension akiExt = new AuthorityKeyIdentifierExtension(
+ id, null, null);
ext.set(AuthorityKeyIdentifierExtension.NAME, akiExt);
}
}
- public static void setSubjectKeyIdentifier(KeyPair keypair,
- CertificateExtensions ext,
- KeyCertData properties) throws IOException, NoSuchAlgorithmException,
- InvalidKeyException {
+ public static void setSubjectKeyIdentifier(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException, NoSuchAlgorithmException, InvalidKeyException {
String ski = properties.getSKI();
if ((ski != null) && (ski.equals(Constants.TRUE))) {
KeyIdentifier id = createKeyIdentifier(keypair);
- SubjectKeyIdentifierExtension skiExt =
- new SubjectKeyIdentifierExtension(id.getIdentifier());
+ SubjectKeyIdentifierExtension skiExt = new SubjectKeyIdentifierExtension(
+ id.getIdentifier());
ext.set(SubjectKeyIdentifierExtension.NAME, skiExt);
}
}
public static void setKeyUsageExtension(CertificateExtensions ext,
- KeyUsageExtension keyUsage) throws IOException {
+ KeyUsageExtension keyUsage) throws IOException {
ext.set(KeyUsageExtension.NAME, keyUsage);
}
- public static KeyIdentifier createKeyIdentifier(KeyPair keypair)
- throws NoSuchAlgorithmException, InvalidKeyException {
+ public static KeyIdentifier createKeyIdentifier(KeyPair keypair)
+ throws NoSuchAlgorithmException, InvalidKeyException {
MessageDigest md = MessageDigest.getInstance("SHA-1");
- X509Key subjectKeyInfo = convertPublicKeyToX509Key(
- keypair.getPublic());
+ X509Key subjectKeyInfo = convertPublicKeyToX509Key(keypair.getPublic());
- //md.update(subjectKeyInfo.getEncoded());
+ // md.update(subjectKeyInfo.getEncoded());
md.update(subjectKeyInfo.getKey());
return new KeyIdentifier(md.digest());
}
- public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN)
- throws LDAPException {
+ public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN)
+ throws LDAPException {
String dn = "ou=certificateRepository,ou=ca," + baseDN;
BigInteger serialno = null;
LDAPEntry entry = conn.read(dn);
- String serialnoStr = (String) entry.getAttribute(
- "serialno").getStringValues().nextElement();
+ String serialnoStr = (String) entry.getAttribute("serialno")
+ .getStringValues().nextElement();
serialno = BigIntegerMapper.BigIntegerFromDB(serialnoStr);
LDAPAttribute attr = new LDAPAttribute("serialno");
- attr.addValue(BigIntegerMapper.BigIntegerToDB(
- serialno.add(new BigInteger("1"))));
- LDAPModification mod = new LDAPModification(
- LDAPModification.REPLACE, attr);
+ attr.addValue(BigIntegerMapper.BigIntegerToDB(serialno
+ .add(new BigInteger("1"))));
+ LDAPModification mod = new LDAPModification(LDAPModification.REPLACE,
+ attr);
conn.modify(dn, mod);
return serialno;
}
- public static void setSerialNumber(LDAPConnection conn,
- String baseDN, BigInteger serial)
- throws LDAPException {
+ public static void setSerialNumber(LDAPConnection conn, String baseDN,
+ BigInteger serial) throws LDAPException {
String dn = "ou=certificateRepository,ou=ca," + baseDN;
LDAPAttribute attr = new LDAPAttribute("serialno");
// the serial number should already be set
- attr.addValue(BigIntegerMapper.BigIntegerToDB(
- serial));
- LDAPModification mod = new LDAPModification(
- LDAPModification.REPLACE, attr);
+ attr.addValue(BigIntegerMapper.BigIntegerToDB(serial));
+ LDAPModification mod = new LDAPModification(LDAPModification.REPLACE,
+ attr);
conn.modify(dn, mod);
}
- public static void addCertToDB(LDAPConnection conn, String dn, X509CertImpl cert)
- throws LDAPException, EBaseException {
+ public static void addCertToDB(LDAPConnection conn, String dn,
+ X509CertImpl cert) throws LDAPException, EBaseException {
BigInteger serialno = cert.getSerialNumber();
X509CertImplMapper mapper = new X509CertImplMapper();
LDAPAttributeSet attrs = new LDAPAttributeSet();
- mapper.mapObjectToLDAPAttributeSet(null, null,
- cert, attrs);
+ mapper.mapObjectToLDAPAttributeSet(null, null, cert, attrs);
attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass",
- "certificateRecord"));
- attrs.add(new LDAPAttribute("serialno",
- BigIntegerMapper.BigIntegerToDB(
- serialno)));
- attrs.add(new LDAPAttribute("dateOfCreate",
- DateMapper.dateToDB((CMS.getCurrentDate()))));
- attrs.add(new LDAPAttribute("dateOfModify",
- DateMapper.dateToDB((CMS.getCurrentDate()))));
- attrs.add(new LDAPAttribute("certStatus",
- "VALID"));
- attrs.add(new LDAPAttribute("autoRenew",
- "ENABLED"));
- attrs.add(new LDAPAttribute("issuedBy",
- "installation"));
- LDAPEntry entry = new LDAPEntry("cn=" + serialno.toString() + "," + dn, attrs);
+ attrs.add(new LDAPAttribute("objectclass", "certificateRecord"));
+ attrs.add(new LDAPAttribute("serialno", BigIntegerMapper
+ .BigIntegerToDB(serialno)));
+ attrs.add(new LDAPAttribute("dateOfCreate", DateMapper.dateToDB((CMS
+ .getCurrentDate()))));
+ attrs.add(new LDAPAttribute("dateOfModify", DateMapper.dateToDB((CMS
+ .getCurrentDate()))));
+ attrs.add(new LDAPAttribute("certStatus", "VALID"));
+ attrs.add(new LDAPAttribute("autoRenew", "ENABLED"));
+ attrs.add(new LDAPAttribute("issuedBy", "installation"));
+ LDAPEntry entry = new LDAPEntry("cn=" + serialno.toString() + "," + dn,
+ attrs);
conn.add(entry);
}
- public static CertificateExtensions getExtensions(String tokenname, String nickname)
- throws NotInitializedException, TokenException, ObjectNotFoundException,
- IOException, CertificateException {
+ public static CertificateExtensions getExtensions(String tokenname,
+ String nickname) throws NotInitializedException, TokenException,
+ ObjectNotFoundException, IOException, CertificateException {
String fullnickname = nickname;
- if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
+ if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
fullnickname = tokenname + ":" + nickname;
CryptoManager manager = CryptoManager.getInstance();
X509Certificate cert = manager.findCertByNickname(fullnickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
- X509CertInfo info = (X509CertInfo) impl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ X509CertInfo info = (X509CertInfo) impl.get(X509CertImpl.NAME + "."
+ + X509CertImpl.INFO);
return (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
}
diff --git a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
index efeade921..c04bc19f9 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
@@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
-
/**
* OCSP signing certificate.
*
@@ -42,8 +40,7 @@ import com.netscape.certsrv.security.KeyCertData;
* @version $Revision$, $Date$
*/
public class OCSPSigningCert extends CertificateInfo {
- public static final String SUBJECT_NAME =
- "CN=Certificate Authority, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME = "CN=Certificate Authority, O=Netscape Communications, C=US";
public OCSPSigningCert(KeyCertData properties) {
this(properties, null);
@@ -51,19 +48,16 @@ public class OCSPSigningCert extends CertificateInfo {
public OCSPSigningCert(KeyCertData properties, KeyPair pair) {
super(properties, pair);
- /* included in console UI
- try {
- if (mProperties.get(Constants.PR_OCSP_SIGNING) == null) {
- mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE);
- }
- if (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) {
- mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE);
- }
- } catch (Exception e) {
- mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE);
- mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE);
- }
- */
+ /*
+ * included in console UI try { if
+ * (mProperties.get(Constants.PR_OCSP_SIGNING) == null) {
+ * mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE); } if
+ * (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) {
+ * mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE); } } catch
+ * (Exception e) { mProperties.put(Constants.PR_OCSP_SIGNING,
+ * Constants.TRUE); mProperties.put(Constants.PR_OCSP_NOCHECK,
+ * Constants.TRUE); }
+ */
}
public String getSubjectName() {
@@ -85,7 +79,7 @@ public class OCSPSigningCert extends CertificateInfo {
BigInteger P = new BigInteger(p);
BigInteger Q = new BigInteger(q);
BigInteger G = new BigInteger(g);
- BigInteger pqgSeed = new BigInteger(seed);
+ BigInteger pqgSeed = new BigInteger(seed);
BigInteger pqgH = new BigInteger(H);
return new PQGParams(P, Q, G, pqgSeed, counter, pqgH);
@@ -106,20 +100,22 @@ public class OCSPSigningCert extends CertificateInfo {
else if (keyType.equals("DSA"))
alg = "SHA1withDSA";
else
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ALG_NOT_SUPPORTED", keyType));
cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
cmsFileTmp.putString("ca.signing.cacertnickname", nickname);
else
- cmsFileTmp.putString("ca.signing.cacertnickname",
- tokenname + ":" + nickname);
+ cmsFileTmp.putString("ca.signing.cacertnickname", tokenname + ":"
+ + nickname);
cmsFileTmp.commit(false);
}
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties
+ .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -140,4 +136,3 @@ public class OCSPSigningCert extends CertificateInfo {
return extension;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
index 48b19f62b..3e94d601d 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.File;
import java.io.InputStream;
import java.io.OutputStream;
@@ -30,7 +29,6 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmscore.base.JDialogPasswordCallback;
-
/*
* A class to retrieve passwords from the SDR password cache
*
@@ -41,7 +39,7 @@ import com.netscape.cmscore.base.JDialogPasswordCallback;
public class PWCBsdr implements PasswordCallback {
InputStream in = null;
OutputStream out = null;
- String mprompt = "";
+ String mprompt = "";
boolean firsttime = true;
private PasswordCallback mCB = null;
private String mPWcachedb = null;
@@ -50,38 +48,38 @@ public class PWCBsdr implements PasswordCallback {
public PWCBsdr() {
this(null);
}
-
+
public PWCBsdr(String prompt) {
in = System.in;
out = System.out;
mprompt = prompt;
- /* to get the test program work
- System.out.println("before CMS.getLogger");
- try {
+ /*
+ * to get the test program work
+ * System.out.println("before CMS.getLogger"); try {
*/
mLogger = CMS.getLogger();
/*
- } catch (NullPointerException e) {
- System.out.println("after CMS.getLoggergot NullPointerException ... testing ok");
- }
- System.out.println("after CMS.getLogger");
+ * } catch (NullPointerException e) { System.out.println(
+ * "after CMS.getLoggergot NullPointerException ... testing ok"); }
+ * System.out.println("after CMS.getLogger");
*/
// get path to password cache
try {
mPWcachedb = CMS.getConfigStore().getString("pwCache");
- CMS.debug("got pwCache from configstore: " +
- mPWcachedb);
+ CMS.debug("got pwCache from configstore: " + mPWcachedb);
} catch (NullPointerException e) {
- System.out.println("after CMS.getConfigStore got NullPointerException ... testing ok");
+ System.out
+ .println("after CMS.getConfigStore got NullPointerException ... testing ok");
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG"));
// let it fall through
}
- // System.out.println("after CMS.getConfigStore");
- if (File.separator.equals("/")) {
+ // System.out.println("after CMS.getConfigStore");
+ if (File.separator.equals("/")) {
// Unix
mCB = new PWsdrConsolePasswordCallback(prompt);
} else {
@@ -90,33 +88,27 @@ public class PWCBsdr implements PasswordCallback {
}
// System.out.println( "Created PWCBsdr with prompt of "
- // + mprompt );
+ // + mprompt );
}
- /* We are now assuming that PasswordCallbackInfo.getname() returns
- * the tag we are hoping to match in the cache.
+ /*
+ * We are now assuming that PasswordCallbackInfo.getname() returns the tag
+ * we are hoping to match in the cache.
*/
public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
- throws PasswordCallback.GiveUpException {
+ throws PasswordCallback.GiveUpException {
CMS.debug("in getPasswordFirstAttempt");
- /* debugging code to see if token is logged in
- try {
- CryptoManager cm = CryptoManager.getInstance();
- CryptoToken token =
- cm.getInternalKeyStorageToken();
- if (token.isLoggedIn() == false) {
- // missed it.
- CMS.debug("token not yet logged in!!");
- } else {
- CMS.debug("token logged in.");
- }
- } catch (Exception e) {
- CMS.debug("crypto manager error:"+e.toString());
- }
- CMS.debug("still in getPasswordFirstAttempt");
+ /*
+ * debugging code to see if token is logged in try { CryptoManager cm =
+ * CryptoManager.getInstance(); CryptoToken token =
+ * cm.getInternalKeyStorageToken(); if (token.isLoggedIn() == false) {
+ * // missed it. CMS.debug("token not yet logged in!!"); } else {
+ * CMS.debug("token logged in."); } } catch (Exception e) {
+ * CMS.debug("crypto manager error:"+e.toString()); }
+ * CMS.debug("still in getPasswordFirstAttempt");
*/
Password pw = null;
String tmpPrompt = info.getName();
@@ -144,7 +136,7 @@ public class PWCBsdr implements PasswordCallback {
if (tmpPrompt == null) { /* no name, fail */
System.out.println("Shouldn't get here");
throw new PasswordCallback.GiveUpException();
- } else { /* get password from password cache */
+ } else { /* get password from password cache */
CMS.debug("getting tag = " + tmpPrompt);
PWsdrCache pwc = new PWsdrCache(mPWcachedb, mLogger);
@@ -157,8 +149,9 @@ public class PWCBsdr implements PasswordCallback {
return (pw);
} else { /* password not found */
- // we don't want caller to do getPasswordAgain, for now
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_THROW_CALLBACK"));
+ // we don't want caller to do getPasswordAgain, for now
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_THROW_CALLBACK"));
throw new PasswordCallback.GiveUpException();
}
}
@@ -169,12 +162,13 @@ public class PWCBsdr implements PasswordCallback {
}
}
- /* The password cache has failed to return a password (or a usable password.
- * Now we will try and get the password from the user and hopefully add
- * the password to the cache pw cache
+ /*
+ * The password cache has failed to return a password (or a usable password.
+ * Now we will try and get the password from the user and hopefully add the
+ * password to the cache pw cache
*/
public Password getPasswordAgain(PasswordCallbackInfo info)
- throws PasswordCallback.GiveUpException {
+ throws PasswordCallback.GiveUpException {
CMS.debug("in getPasswordAgain");
try {
@@ -198,7 +192,7 @@ public class PWCBsdr implements PasswordCallback {
}
} catch (Throwable e) {
// System.out.println( "BUG HERE!! in the password again!!"
- // + "!!!!!!!!!!!" );
+ // + "!!!!!!!!!!!" );
// e.printStackTrace();
throw new PasswordCallback.GiveUpException();
}
@@ -208,12 +202,12 @@ public class PWCBsdr implements PasswordCallback {
if (mLogger == null) {
System.out.println(msg);
} else {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr "
+ + msg);
}
}
}
-
class PWsdrConsolePasswordCallback implements PasswordCallback {
private String mPrompt = null;
@@ -226,7 +220,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
}
public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
- throws PasswordCallback.GiveUpException {
+ throws PasswordCallback.GiveUpException {
if (mPrompt == null) {
System.out.println("Get password " + info.getName());
} else {
@@ -239,7 +233,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
}
public Password getPasswordAgain(PasswordCallbackInfo info)
- throws PasswordCallback.GiveUpException {
+ throws PasswordCallback.GiveUpException {
System.out.println("Password Incorrect.");
if (mPrompt == null) {
System.out.println("Get password " + info.getName());
@@ -253,7 +247,6 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
}
}
-
class PWsdrDialogPasswordCallback extends JDialogPasswordCallback {
private String mPrompt = null;
@@ -270,4 +263,3 @@ class PWsdrDialogPasswordCallback extends JDialogPasswordCallback {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
index 3be636912..908ac1db7 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
@@ -17,23 +17,19 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.BufferedReader;
import java.io.InputStreamReader;
import org.mozilla.jss.util.Password;
import org.mozilla.jss.util.PasswordCallback;
-
-public class
-PWUtil {
- public static Password
- readPasswordFromStream()
- throws PasswordCallback.GiveUpException {
+public class PWUtil {
+ public static Password readPasswordFromStream()
+ throws PasswordCallback.GiveUpException {
BufferedReader in;
in = new BufferedReader(new InputStreamReader(System.in));
-
+
StringBuffer buf = new StringBuffer();
String passwordString = new String();
int c;
@@ -49,7 +45,7 @@ PWUtil {
if (ch != '\r') {
if (ch != '\n') {
buf.append(ch);
- } else {
+ } else {
passwordString = buf.toString();
buf.setLength(0);
break;
@@ -61,10 +57,10 @@ PWUtil {
}
// memory problem?
- // String passwordString = in.readLine();
- // System.out.println( "done read" );
- // System.out.println( " password recieved is ["
- // + passwordString + "]" );
+ // String passwordString = in.readLine();
+ // System.out.println( "done read" );
+ // System.out.println( " password recieved is ["
+ // + passwordString + "]" );
if (passwordString == null) {
throw new PasswordCallback.GiveUpException();
}
@@ -80,4 +76,3 @@ PWUtil {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
index 12412f59c..51c1a3b77 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -46,7 +45,6 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmsutil.util.Utils;
-
/*
* A class for managing passwords in the SDR password cache
*
@@ -73,7 +71,8 @@ public class PWsdrCache {
mPWcachedb = CMS.getConfigStore().getString("pwCache");
CMS.debug("got pwCache file path from configstore");
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG"));
// let it fall through
}
initToken();
@@ -85,14 +84,18 @@ public class PWsdrCache {
CryptoManager cm = null;
try {
cm = CryptoManager.getInstance();
- mTokenName = CMS.getConfigStore().getString(PROP_PWC_TOKEN_NAME);
- log (ILogger.LL_DEBUG, "pwcTokenname specified. Use token for SDR key. tokenname= "+mTokenName);
+ mTokenName = CMS.getConfigStore()
+ .getString(PROP_PWC_TOKEN_NAME);
+ log(ILogger.LL_DEBUG,
+ "pwcTokenname specified. Use token for SDR key. tokenname= "
+ + mTokenName);
mToken = cm.getTokenByName(mTokenName);
} catch (NotInitializedException e) {
- log (ILogger.LL_FAILURE, e.toString());
+ log(ILogger.LL_FAILURE, e.toString());
throw new EBaseException(e.toString());
} catch (Exception e) {
- log (ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key");
+ log(ILogger.LL_DEBUG,
+ "no pwcTokenname specified, use internal token for SDR key");
mToken = cm.getInternalKeyStorageToken();
}
}
@@ -103,11 +106,11 @@ public class PWsdrCache {
if (mKeyID == null) {
try {
String keyID = CMS.getConfigStore().getString(PROP_PWC_KEY_ID);
- log (ILogger.LL_DEBUG, "retrieved PWC SDR key");
+ log(ILogger.LL_DEBUG, "retrieved PWC SDR key");
mKeyID = base64Decode(keyID);
-
+
} catch (Exception e) {
- log (ILogger.LL_DEBUG, "no pwcSDRKey specified");
+ log(ILogger.LL_DEBUG, "no pwcSDRKey specified");
throw new EBaseException(e.toString());
}
}
@@ -118,7 +121,7 @@ public class PWsdrCache {
// Do not use for PWCBsdr, since we don't want to mistakenly
// generate SDR keys in case of configuration errors
public PWsdrCache(String pwCache, String pwcTokenname, byte[] keyId,
- boolean isTool) throws Exception {
+ boolean isTool) throws Exception {
mPWcachedb = pwCache;
mIsTool = isTool;
mTokenName = pwcTokenname;
@@ -131,10 +134,10 @@ public class PWsdrCache {
cm = CryptoManager.getInstance();
if (mTokenName != null) {
mToken = cm.getTokenByName(mTokenName);
- mToken = cm.getInternalKeyStorageToken();
- debug("PWsdrCache: mToken = "+mTokenName);
+ mToken = cm.getInternalKeyStorageToken();
+ debug("PWsdrCache: mToken = " + mTokenName);
} else {
- mToken = cm.getInternalKeyStorageToken();
+ mToken = cm.getInternalKeyStorageToken();
debug("PWsdrCache: mToken = internal");
}
}
@@ -147,61 +150,54 @@ public class PWsdrCache {
return mTokenName;
}
- public void deleteUniqueNamedKey( String nickName )
- throws Exception
- {
- KeyManager km = new KeyManager( mToken );
- km.deleteUniqueNamedKey( nickName );
+ public void deleteUniqueNamedKey(String nickName) throws Exception {
+ KeyManager km = new KeyManager(mToken);
+ km.deleteUniqueNamedKey(nickName);
}
- public byte[] generateSDRKey () throws Exception {
- return generateSDRKeyWithNickName(PROP_PWC_NICKNAME);
+ public byte[] generateSDRKey() throws Exception {
+ return generateSDRKeyWithNickName(PROP_PWC_NICKNAME);
}
- public byte[] generateSDRKeyWithNickName (String nickName)
- throws Exception
- {
+ public byte[] generateSDRKeyWithNickName(String nickName) throws Exception {
try {
if (mIsTool != true) {
// generate SDR key
KeyManager km = new KeyManager(mToken);
try {
- // Bugscape Bug #54838: Due to the CMS cloning feature,
- // we must check for the presence of
- // a uniquely named symmetric key
- // prior to making an attempt to
- // generate it!
+ // Bugscape Bug #54838: Due to the CMS cloning feature,
+ // we must check for the presence of
+ // a uniquely named symmetric key
+ // prior to making an attempt to
+ // generate it!
//
- if( !( km.uniqueNamedKeyExists( nickName ) ) ) {
- mKeyID = km.generateUniqueNamedKey( nickName );
+ if (!(km.uniqueNamedKeyExists(nickName))) {
+ mKeyID = km.generateUniqueNamedKey(nickName);
}
} catch (TokenException e) {
- log (0, "generateSDRKey() failed on "+e.toString());
+ log(0, "generateSDRKey() failed on " + e.toString());
throw e;
}
}
} catch (Exception e) {
- log (ILogger.LL_FAILURE, e.toString());
+ log(ILogger.LL_FAILURE, e.toString());
throw e;
}
return mKeyID;
}
public byte[] base64Decode(String s) throws IOException {
- byte[] d = com.netscape.osutil.OSUtil.AtoB(s);
- return d;
+ byte[] d = com.netscape.osutil.OSUtil.AtoB(s);
+ return d;
}
public static String base64Encode(byte[] bytes) throws IOException {
// All this streaming is lame, but Base64OutputStream needs a
// PrintStream
ByteArrayOutputStream output = new ByteArrayOutputStream();
- Base64OutputStream b64 = new Base64OutputStream(new
- PrintStream(new
- FilterOutputStream(output)
- )
- );
+ Base64OutputStream b64 = new Base64OutputStream(new PrintStream(
+ new FilterOutputStream(output)));
b64.write(bytes);
b64.flush();
@@ -211,10 +207,8 @@ public class PWsdrCache {
return output.toString("8859_1");
}
-
// for PWCBsdr
- public PWsdrCache(String pwCache, ILogger logger) throws
- EBaseException {
+ public PWsdrCache(String pwCache, ILogger logger) throws EBaseException {
mLogger = logger;
mPWcachedb = pwCache;
initToken();
@@ -235,8 +229,9 @@ public class PWsdrCache {
/*
* add passwd in pwcache.
*/
- public void addEntry(String tag, String pwd, Hashtable tagPwds) throws EBaseException {
-
+ public void addEntry(String tag, String pwd, Hashtable tagPwds)
+ throws EBaseException {
+
String stringToAdd = null;
String bufs = null;
@@ -249,7 +244,7 @@ public class PWsdrCache {
tag = (String) enum1.nextElement();
pwd = (String) tagPwds.get(tag);
debug("password tag: " + tag + " stored in " + mPWcachedb);
-
+
if (stringToAdd == null) {
stringToAdd = tag + ":" + pwd + "\n";
} else {
@@ -262,7 +257,7 @@ public class PWsdrCache {
if (dcrypts != null) {
// converts to Hashtable, replace if tag exists, add
- // if tag doesn't exist
+ // if tag doesn't exist
Hashtable ht = string2Hashtable(dcrypts);
if (ht.containsKey(tag) == false) {
@@ -277,7 +272,7 @@ public class PWsdrCache {
debug("adding new tag: " + tag);
bufs = stringToAdd;
}
-
+
// write update to cache
writePWcache(bufs);
}
@@ -292,7 +287,7 @@ public class PWsdrCache {
if (dcrypts != null) {
// converts to Hashtable, replace if tag exists, add
- // if tag doesn't exist
+ // if tag doesn't exist
Hashtable ht = string2Hashtable(dcrypts);
if (ht.containsKey(tag) == false) {
@@ -307,7 +302,7 @@ public class PWsdrCache {
debug("password cache contains no tags");
return;
}
-
+
// write update to cache
writePWcache(bufs);
}
@@ -337,10 +332,14 @@ public class PWsdrCache {
}
inputs.close();
} catch (FileNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
+ e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
+ e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
}
@@ -351,7 +350,9 @@ public class PWsdrCache {
dcrypts = new String(dcryptb, "UTF-8");
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_DECRYPT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_DECRYPT",
+ e.toString()));
e.printStackTrace();
throw new EBaseException("password cache decrypt failed");
}
@@ -366,7 +367,7 @@ public class PWsdrCache {
public void writePWcache(String bufs) throws EBaseException {
try {
Encryptor sdr = new Encryptor(mToken, mKeyID,
- Encryptor.DEFAULT_ENCRYPTION_ALG);
+ Encryptor.DEFAULT_ENCRYPTION_ALG);
byte[] writebuf = null;
@@ -374,7 +375,9 @@ public class PWsdrCache {
// now encrypt it again
writebuf = sdr.encrypt(bufs.getBytes("UTF-8"));
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_ENCRYPT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_ENCRYPT",
+ e.toString()));
e.printStackTrace();
throw new EBaseException("password cache encrypt failed");
}
@@ -386,7 +389,8 @@ public class PWsdrCache {
tmpPWcache.delete();
tmpPWcache = new File(mPWcachedb + ".tmp");
}
- FileOutputStream outstream = new FileOutputStream(mPWcachedb + ".tmp");
+ FileOutputStream outstream = new FileOutputStream(mPWcachedb
+ + ".tmp");
outstream.write(writebuf);
outstream.close();
@@ -394,48 +398,54 @@ public class PWsdrCache {
File origFile = new File(mPWcachedb);
try {
- if( Utils.isNT() ) {
+ if (Utils.isNT()) {
// NT is very picky on the path
- Utils.exec( "copy " +
- tmpPWcache.getAbsolutePath().replace( '/',
- '\\' ) +
- " " +
- origFile.getAbsolutePath().replace( '/',
- '\\' ) );
+ Utils.exec("copy "
+ + tmpPWcache.getAbsolutePath().replace('/', '\\')
+ + " "
+ + origFile.getAbsolutePath().replace('/', '\\'));
} else {
// Create a copy of the original file which
// preserves the original file permissions.
- Utils.exec( "cp -p " + tmpPWcache.getAbsolutePath() + " " +
- origFile.getAbsolutePath() );
+ Utils.exec("cp -p " + tmpPWcache.getAbsolutePath() + " "
+ + origFile.getAbsolutePath());
}
// Remove the original file if and only if
// the backup copy was successful.
- if( origFile.exists() ) {
- if( !Utils.isNT() ) {
+ if (origFile.exists()) {
+ if (!Utils.isNT()) {
try {
- Utils.exec( "chmod 00660 " +
- origFile.getCanonicalPath() );
- } catch( IOException e ) {
- CMS.debug( "Unable to change file permissions on "
- + origFile.toString() );
+ Utils.exec("chmod 00660 "
+ + origFile.getCanonicalPath());
+ } catch (IOException e) {
+ CMS.debug("Unable to change file permissions on "
+ + origFile.toString());
}
}
tmpPWcache.delete();
- debug( "operation completed for " + mPWcachedb );
+ debug("operation completed for " + mPWcachedb);
}
} catch (Exception exx) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", exx.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE",
+ exx.toString()));
throw new EBaseException(exx.toString() + ": " + mPWcachedb);
}
} catch (FileNotFoundException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
+ e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
+ e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
+ e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
}
}
@@ -447,7 +457,7 @@ public class PWsdrCache {
while (enum1.hasMoreElements()) {
String tag = (String) enum1.nextElement();
String pwd = (String) ht.get(tag);
-
+
if (returnString == null) {
returnString = tag + ":" + pwd + "\n";
} else {
@@ -470,19 +480,18 @@ public class PWsdrCache {
if (colonIdx != -1) {
String tag = line.substring(0, colonIdx);
- String passwd = line.substring(colonIdx + 1,
- line.length());
+ String passwd = line.substring(colonIdx + 1, line.length());
ht.put(tag.trim(), passwd.trim());
} else {
- //invalid format...log or throw...later
+ // invalid format...log or throw...later
}
}
return ht;
}
/*
- * get password from cache. This one supplies cache file name
+ * get password from cache. This one supplies cache file name
*/
public Password getEntry(String fileName, String tag) {
mPWcachedb = fileName;
@@ -490,8 +499,8 @@ public class PWsdrCache {
}
/*
- * if tag found with pwd, return it
- * if tag not found, return null, which will cause it to give up
+ * if tag found with pwd, return it if tag not found, return null, which
+ * will cause it to give up
*/
public Password getEntry(String tag) {
Hashtable pwTable = null;
@@ -509,7 +518,8 @@ public class PWsdrCache {
try {
dcrypts = readPWcache();
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString()));
return null;
}
@@ -527,12 +537,13 @@ public class PWsdrCache {
debug("getEntry gotten password for " + tag);
return new Password(pw.toCharArray());
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_TAG", tag));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_TAG", tag));
return null;
}
}
- //copied from IOUtil.java
+ // copied from IOUtil.java
/**
* Checks if this is NT.
*/
@@ -566,22 +577,17 @@ public class PWsdrCache {
if (process.exitValue() == 0) {
/**
- pOut = new BufferedReader(
- new InputStreamReader(process.getInputStream()));
- while ((l = pOut.readLine()) != null) {
- System.out.println(l);
- }
+ * pOut = new BufferedReader( new
+ * InputStreamReader(process.getInputStream())); while ((l =
+ * pOut.readLine()) != null) { System.out.println(l); }
**/
return true;
} else {
/**
- pOut = new BufferedReader(
- new InputStreamReader(process.getErrorStream()));
- l = null;
- while ((l = pOut.readLine()) != null) {
- System.out.println(l);
- }
+ * pOut = new BufferedReader( new
+ * InputStreamReader(process.getErrorStream())); l = null; while
+ * ((l = pOut.readLine()) != null) { System.out.println(l); }
**/
return false;
}
@@ -599,7 +605,7 @@ public class PWsdrCache {
public void log(int level, String msg) {
if (mLogger != null) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
- "PWsdrCache " + msg);
+ "PWsdrCache " + msg);
} else if (mIsTool) {
System.out.println(msg);
} // else it's most likely the installation wizard...no logging
@@ -615,7 +621,8 @@ public class PWsdrCache {
try {
dcrypts = readPWcache();
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString()));
return false;
}
@@ -632,13 +639,11 @@ public class PWsdrCache {
if (colonIdx != -1) {
String tag = line.substring(0, colonIdx);
- String passwd = line.substring(colonIdx + 1,
- line.length());
+ String passwd = line.substring(colonIdx + 1, line.length());
- debug(tag.trim() +
- " : " + passwd.trim());
+ debug(tag.trim() + " : " + passwd.trim());
} else {
- //invalid format...log or throw...later
+ // invalid format...log or throw...later
debug("invalid format");
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/security/Provider.java b/pki/base/common/src/com/netscape/cmscore/security/Provider.java
index 0e7f8e2e8..f4d8c03c2 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/Provider.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/Provider.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
public class Provider extends java.security.Provider {
/**
@@ -26,12 +25,11 @@ public class Provider extends java.security.Provider {
private static final long serialVersionUID = -8050884788034389693L;
public Provider() {
- super("CMS", 1.4,
- "Provides Signature and Message Digesting");
+ super("CMS", 1.4, "Provides Signature and Message Digesting");
- /////////////////////////////////////////////////////////////
+ // ///////////////////////////////////////////////////////////
// Signature
- /////////////////////////////////////////////////////////////
+ // ///////////////////////////////////////////////////////////
put("Signature.SHA1withDSA", "org.mozilla.jss.provider.DSASignature");
@@ -45,14 +43,13 @@ public class Provider extends java.security.Provider {
put("Signature.MD5/RSA", "org.mozilla.jss.provider.MD5RSASignature");
put("Signature.MD2/RSA", "org.mozilla.jss.provider.MD2RSASignature");
- put("Signature.SHA-1/RSA",
- "org.mozilla.jss.provider.SHA1RSASignature");
+ put("Signature.SHA-1/RSA", "org.mozilla.jss.provider.SHA1RSASignature");
put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA");
- /////////////////////////////////////////////////////////////
+ // ///////////////////////////////////////////////////////////
// Message Digesting
- /////////////////////////////////////////////////////////////
+ // ///////////////////////////////////////////////////////////
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
index 1ac8f0ea7..5302c5e70 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.IOException;
import java.security.KeyPair;
@@ -29,16 +28,14 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
-
/**
- * RA signing certificate
+ * RA signing certificate
*
* @author Christine Ho
* @version $Revision$, $Date$
*/
public class RASigningCert extends CertificateInfo {
- public static final String SUBJECT_NAME =
- "CN=Registration Authority, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME = "CN=Registration Authority, O=Netscape Communications, C=US";
private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
public RASigningCert(KeyCertData properties) {
@@ -49,8 +46,7 @@ public class RASigningCert extends CertificateInfo {
super(properties, pair);
String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) &&
- (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
mTokenname = tmp;
try {
if (mProperties.get(Constants.PR_AKI) == null) {
@@ -78,8 +74,8 @@ public class RASigningCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName =
- (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties
+ .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -87,19 +83,14 @@ public class RASigningCert extends CertificateInfo {
}
/*
- public SignatureAlgorithm getSigningAlgorithm() {
- SignatureAlgorithm sAlg =
- (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
- if (sAlg != null) {
- return sAlg;
- }
- String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
-
- if (alg.equals("RSA"))
- return SignatureAlgorithm.RSASignatureWithMD5Digest;
- else
- return SignatureAlgorithm.DSASignatureWithSHA1Digest;
- }
+ * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
+ * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+ * if (sAlg != null) { return sAlg; } String alg =
+ * (String)mProperties.get(Constants.PR_KEY_TYPE);
+ *
+ * if (alg.equals("RSA")) return
+ * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
+ * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
*/
public String getKeyAlgorithm() {
@@ -113,4 +104,3 @@ public class RASigningCert extends CertificateInfo {
return extension;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
index eab48bdf5..b886ec36a 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.IOException;
import java.security.KeyPair;
@@ -29,16 +28,14 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
-
/**
- * SSL server certificate
+ * SSL server certificate
*
* @author Christine Ho
* @version $Revision$, $Date$
*/
public class SSLCert extends CertificateInfo {
- public static final String SUBJECT_NAME =
- "CN=SSL, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME = "CN=SSL, O=Netscape Communications, C=US";
private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
public SSLCert(KeyCertData properties) {
@@ -49,8 +46,7 @@ public class SSLCert extends CertificateInfo {
super(properties, pair);
String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) &&
- (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
mTokenname = tmp;
try {
if (mProperties.get(Constants.PR_AKI) == null) {
@@ -62,7 +58,7 @@ public class SSLCert extends CertificateInfo {
// 020598: The server bit has to be turned on. Otherwise, it might
// crash jss.
- //mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE);
+ // mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE);
}
public void updateConfig(IConfigStore cmsFileTmp) throws EBaseException {
@@ -87,8 +83,8 @@ public class SSLCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName =
- (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties
+ .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -96,19 +92,14 @@ public class SSLCert extends CertificateInfo {
}
/*
- public SignatureAlgorithm getSigningAlgorithm() {
- SignatureAlgorithm sAlg =
- (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
- if (sAlg != null) {
- return sAlg;
- }
- String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
-
- if (alg.equals("RSA"))
- return SignatureAlgorithm.RSASignatureWithMD5Digest;
- else
- return SignatureAlgorithm.DSASignatureWithSHA1Digest;
- }
+ * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
+ * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+ * if (sAlg != null) { return sAlg; } String alg =
+ * (String)mProperties.get(Constants.PR_KEY_TYPE);
+ *
+ * if (alg.equals("RSA")) return
+ * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
+ * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
*/
public String getKeyAlgorithm() {
@@ -125,4 +116,3 @@ public class SSLCert extends CertificateInfo {
return extension;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
index ac7eb2ad9..b210ce7a2 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.IOException;
import java.security.KeyPair;
@@ -29,16 +28,14 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
-
/**
- * SSL server certificate
+ * SSL server certificate
*
* @author Christine Ho
* @version $Revision$, $Date$
*/
public class SSLSelfSignedCert extends CertificateInfo {
- public static final String SUBJECT_NAME =
- "CN=SSL, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME = "CN=SSL, O=Netscape Communications, C=US";
private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
public SSLSelfSignedCert(KeyCertData properties) {
@@ -49,8 +46,7 @@ public class SSLSelfSignedCert extends CertificateInfo {
super(properties, pair);
String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) &&
- (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
mTokenname = tmp;
mProperties.remove(Constants.PR_AKI);
@@ -79,8 +75,8 @@ public class SSLSelfSignedCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName =
- (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties
+ .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -88,19 +84,14 @@ public class SSLSelfSignedCert extends CertificateInfo {
}
/*
- public SignatureAlgorithm getSigningAlgorithm() {
- SignatureAlgorithm sAlg =
- (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
- if (sAlg != null) {
- return sAlg;
- }
- String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
-
- if (alg.equals("RSA"))
- return SignatureAlgorithm.RSASignatureWithMD5Digest;
- else
- return SignatureAlgorithm.DSASignatureWithSHA1Digest;
- }
+ * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
+ * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+ * if (sAlg != null) { return sAlg; } String alg =
+ * (String)mProperties.get(Constants.PR_KEY_TYPE);
+ *
+ * if (alg.equals("RSA")) return
+ * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
+ * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
*/
public String getKeyAlgorithm() {
@@ -114,9 +105,8 @@ public class SSLSelfSignedCert extends CertificateInfo {
KeyUsageExtension extension = new KeyUsageExtension();
extension.set(KeyUsageExtension.DIGITAL_SIGNATURE, new Boolean(true));
- //extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true));
+ // extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true));
extension.set(KeyUsageExtension.KEY_ENCIPHERMENT, new Boolean(true));
return extension;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
index bd630de84..e5a036d1d 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
-
import java.io.IOException;
import java.security.KeyPair;
@@ -29,7 +28,6 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
-
/**
* Subsystem certificate.
*
@@ -61,7 +59,8 @@ public class SubsystemCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties
+ .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -81,4 +80,3 @@ public class SubsystemCert extends CertificateInfo {
return extension;
}
}
-
generated by cgit (git 2.34.1) at 2024-06-01 19:11:06 +0000