diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/security')
14 files changed, 1352 insertions, 1691 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java index 22c939582..04f442a35 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; @@ -33,6 +34,7 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; + /** * CA signing certificate. * @@ -41,7 +43,8 @@ import com.netscape.certsrv.security.KeyCertData; */ public class CASigningCert extends CertificateInfo { - public static final String SUBJECT_NAME = "CN=Certificate Authority, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=Certificate Authority, O=Netscape Communications, C=US"; public CASigningCert(KeyCertData properties) { this(properties, null); @@ -49,11 +52,15 @@ public class CASigningCert extends CertificateInfo { public CASigningCert(KeyCertData properties, KeyPair pair) { super(properties, pair); - /* - * included in console UI try { if (mProperties.get(Constants.PR_AKI) == - * null) { mProperties.put(Constants.PR_AKI, Constants.FALSE); } } catch - * (Exception e) { mProperties.put(Constants.PR_AKI, Constants.FALSE); } - */ + /* included in console UI + try { + if (mProperties.get(Constants.PR_AKI) == null) { + mProperties.put(Constants.PR_AKI, Constants.FALSE); + } + } catch (Exception e) { + mProperties.put(Constants.PR_AKI, Constants.FALSE); + } + */ try { if (mProperties.get(Constants.PR_CERT_LEN) == null) { mProperties.put(Constants.PR_CERT_LEN, "-1"); @@ -70,11 +77,15 @@ public class CASigningCert extends CertificateInfo { // "null" mean no BasicConstriant mProperties.put(Constants.PR_IS_CA, "null"); } - /* - * included in console UI try { if (mProperties.get(Constants.PR_SKI) == - * null) { mProperties.put(Constants.PR_SKI, Constants.FALSE); } } catch - * (Exception e) { mProperties.put(Constants.PR_SKI, Constants.FALSE); } - */ + /* included in console UI + try { + if (mProperties.get(Constants.PR_SKI) == null) { + mProperties.put(Constants.PR_SKI, Constants.FALSE); + } + } catch (Exception e) { + mProperties.put(Constants.PR_SKI, Constants.FALSE); + } + */ } public String getSubjectName() { @@ -96,7 +107,7 @@ public class CASigningCert extends CertificateInfo { BigInteger P = new BigInteger(p); BigInteger Q = new BigInteger(q); BigInteger G = new BigInteger(g); - BigInteger pqgSeed = new BigInteger(seed); + BigInteger pqgSeed = new BigInteger(seed); BigInteger pqgH = new BigInteger(H); return new PQGParams(P, Q, G, pqgSeed, counter, pqgH); @@ -117,22 +128,20 @@ public class CASigningCert extends CertificateInfo { else if (keyType.equals("RSA")) alg = "SHA1withRSA"; else - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", keyType)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType)); cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else - cmsFileTmp.putString("ca.signing.cacertnickname", tokenname + ":" - + nickname); + cmsFileTmp.putString("ca.signing.cacertnickname", + tokenname + ":" + nickname); cmsFileTmp.commit(false); } public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties - .get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -153,3 +162,4 @@ public class CASigningCert extends CertificateInfo { return extension; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java index b093fba59..dc240dac2 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java +++ b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; @@ -59,6 +60,7 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; + /** * This base class provides methods to import CA signing cert or get certificate * request. @@ -86,12 +88,11 @@ public abstract class CertificateInfo { mConfig = (IConfigStore) (mProperties.get("cmsFile")); } - protected abstract KeyUsageExtension getKeyUsageExtension() - throws IOException; + protected abstract KeyUsageExtension getKeyUsageExtension() throws IOException; public abstract String getSubjectName(); - // public abstract SignatureAlgorithm getSigningAlgorithm(); + //public abstract SignatureAlgorithm getSigningAlgorithm(); public abstract String getKeyAlgorithm(); public abstract String getNickname(); @@ -101,12 +102,12 @@ public abstract class CertificateInfo { public CertificateValidity getCertificateValidity() throws EBaseException { /* - * String period = - * (String)mProperties.get(Constants.PR_VALIDITY_PERIOD); Date - * notBeforeDate = CMS.getCurrentDate(); Date notAfterDate = new - * Date(notBeforeDate.getYear(), notBeforeDate.getMonth(), - * notBeforeDate.getDate()+Integer.parseInt(period)); return new - * CertificateValidity(notBeforeDate, notAfterDate); + String period = (String)mProperties.get(Constants.PR_VALIDITY_PERIOD); + Date notBeforeDate = CMS.getCurrentDate(); + Date notAfterDate = new Date(notBeforeDate.getYear(), + notBeforeDate.getMonth(), + notBeforeDate.getDate()+Integer.parseInt(period)); + return new CertificateValidity(notBeforeDate, notAfterDate); */ Date notBeforeDate = null; Date notAfterDate = null; @@ -117,41 +118,52 @@ public abstract class CertificateInfo { notBeforeDate = new Date(Long.parseLong(notBeforeStr)); notAfterDate = new Date(Long.parseLong(notAfterStr)); } else { - int beginYear = Integer.parseInt(mProperties.getBeginYear()) - 1900; - int afterYear = Integer.parseInt(mProperties.getAfterYear()) - 1900; - int beginMonth = Integer.parseInt(mProperties.getBeginMonth()); - int afterMonth = Integer.parseInt(mProperties.getAfterMonth()); - int beginDate = Integer.parseInt(mProperties.getBeginDate()); - int afterDate = Integer.parseInt(mProperties.getAfterDate()); - int beginHour = Integer.parseInt(mProperties.getBeginHour()); - int afterHour = Integer.parseInt(mProperties.getAfterHour()); - int beginMin = Integer.parseInt(mProperties.getBeginMin()); - int afterMin = Integer.parseInt(mProperties.getAfterMin()); - int beginSec = Integer.parseInt(mProperties.getBeginSec()); - int afterSec = Integer.parseInt(mProperties.getAfterSec()); + int beginYear = + Integer.parseInt(mProperties.getBeginYear()) - 1900; + int afterYear = + Integer.parseInt(mProperties.getAfterYear()) - 1900; + int beginMonth = + Integer.parseInt(mProperties.getBeginMonth()); + int afterMonth = + Integer.parseInt(mProperties.getAfterMonth()); + int beginDate = + Integer.parseInt(mProperties.getBeginDate()); + int afterDate = + Integer.parseInt(mProperties.getAfterDate()); + int beginHour = + Integer.parseInt(mProperties.getBeginHour()); + int afterHour = + Integer.parseInt(mProperties.getAfterHour()); + int beginMin = + Integer.parseInt(mProperties.getBeginMin()); + int afterMin = + Integer.parseInt(mProperties.getAfterMin()); + int beginSec = + Integer.parseInt(mProperties.getBeginSec()); + int afterSec = + Integer.parseInt(mProperties.getAfterSec()); Calendar calendar = Calendar.getInstance(); - calendar.set(beginYear, beginMonth, beginDate, beginHour, beginMin, - beginSec); + calendar.set(beginYear, beginMonth, beginDate, + beginHour, beginMin, beginSec); notBeforeDate = calendar.getTime(); - calendar.set(afterYear, afterMonth, afterDate, afterHour, afterMin, - afterSec); + calendar.set(afterYear, afterMonth, afterDate, + afterHour, afterMin, afterSec); notAfterDate = calendar.getTime(); } return new CertificateValidity(notBeforeDate, notAfterDate); } - public X509CertInfo getCertInfo() throws EBaseException, - PQGParamGenException { + public X509CertInfo getCertInfo() throws EBaseException, PQGParamGenException { X509CertInfo certInfo = new X509CertInfo(); try { - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); BigInteger serialNumber = mProperties.getSerialNumber(); certInfo.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(serialNumber)); + new CertificateSerialNumber(serialNumber)); certInfo.set(X509CertInfo.EXTENSIONS, getExtensions()); certInfo.set(X509CertInfo.VALIDITY, getCertificateValidity()); String issuerName = mProperties.getIssuerName(); @@ -160,51 +172,46 @@ public abstract class CertificateInfo { issuerName = getSubjectName(); } - certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName( - new X500Name(issuerName))); - certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - new X500Name(getSubjectName()))); - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.ISSUER, + new CertificateIssuerName(new X500Name(issuerName))); + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(new X500Name(getSubjectName()))); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); PublicKey pubk = mKeyPair.getPublic(); X509Key xKey = KeyCertUtil.convertPublicKeyToX509Key(pubk); certInfo.set(X509CertInfo.KEY, new CertificateX509Key(xKey)); - // SignatureAlgorithm algm = getSigningAlgorithm(); - SignatureAlgorithm algm = (SignatureAlgorithm) mProperties - .get(Constants.PR_SIGNATURE_ALGORITHM); + //SignatureAlgorithm algm = getSigningAlgorithm(); + SignatureAlgorithm algm = + (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); if (algm == null) { - String hashtype = (String) mProperties - .get(ConfigConstants.PR_HASH_TYPE); + String hashtype = (String) mProperties.get(ConfigConstants.PR_HASH_TYPE); - algm = KeyCertUtil.getSigningAlgorithm(getKeyAlgorithm(), - hashtype); + algm = KeyCertUtil.getSigningAlgorithm(getKeyAlgorithm(), hashtype); mProperties.put(Constants.PR_SIGNATURE_ALGORITHM, algm); } AlgorithmId sigAlgId = getAlgorithmId(); if (sigAlgId == null) { - byte[] encodedOID = ASN1Util.encode(algm.toOID()); + byte[]encodedOID = ASN1Util.encode(algm.toOID()); sigAlgId = new AlgorithmId(new ObjectIdentifier( - new DerInputStream(encodedOID))); + new DerInputStream(encodedOID))); } - certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( - sigAlgId)); + certInfo.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(sigAlgId)); } catch (InvalidKeyException e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY")); - } catch (CertificateException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_CERT", e.toString())); + } catch (CertificateException e) { + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString())); } catch (IOException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString())); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "")); } return certInfo; @@ -218,7 +225,7 @@ public abstract class CertificateInfo { KeyCertUtil.setDERExtension(exts, mProperties); KeyCertUtil.setBasicConstraintsExtension(exts, mProperties); KeyCertUtil.setSubjectKeyIdentifier(mKeyPair, exts, mProperties); - // KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties); + //KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties); KeyCertUtil.setAuthInfoAccess(mKeyPair, exts, mProperties); KeyCertUtil.setOCSPNoCheck(mKeyPair, exts, mProperties); KeyPair caKeyPair = (KeyPair) mProperties.get(Constants.PR_CA_KEYPAIR); @@ -238,7 +245,8 @@ public abstract class CertificateInfo { boolean isKeyUsageEnabled = mProperties.getKeyUsageExtension(); if (isKeyUsageEnabled) { - KeyCertUtil.setKeyUsageExtension(exts, getKeyUsageExtension()); + KeyCertUtil.setKeyUsageExtension( + exts, getKeyUsageExtension()); } return exts; } @@ -247,27 +255,27 @@ public abstract class CertificateInfo { return (AlgorithmId) (mProperties.get(Constants.PR_ALGORITHM_ID)); } - public void setAuthorityKeyIdExt(CertificateExtensions caexts, - CertificateExtensions ext) throws IOException, - CertificateException, CertificateEncodingException, + public void setAuthorityKeyIdExt(CertificateExtensions caexts, CertificateExtensions ext) + throws IOException, CertificateException, CertificateEncodingException, CertificateParsingException { SubjectKeyIdentifierExtension subjKeyExt = null; try { - subjKeyExt = (SubjectKeyIdentifierExtension) caexts - .get(SubjectKeyIdentifierExtension.NAME); + subjKeyExt = + (SubjectKeyIdentifierExtension) caexts.get(SubjectKeyIdentifierExtension.NAME); } catch (IOException e) { } if (subjKeyExt == null) return; else { - KeyIdentifier keyId = (KeyIdentifier) subjKeyExt - .get(SubjectKeyIdentifierExtension.KEY_ID); - AuthorityKeyIdentifierExtension authExt = new AuthorityKeyIdentifierExtension( - false, keyId, null, null); + KeyIdentifier keyId = (KeyIdentifier) subjKeyExt.get( + SubjectKeyIdentifierExtension.KEY_ID); + AuthorityKeyIdentifierExtension authExt = + new AuthorityKeyIdentifierExtension(false, keyId, null, null); ext.set(AuthorityKeyIdentifierExtension.NAME, authExt); } } } + diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java index 976b8e7ec..d0df7d1a9 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.ByteArrayOutputStream; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -100,10 +101,10 @@ import com.netscape.cmscore.cert.CertUtils; import com.netscape.cmscore.util.Debug; import com.netscape.cmsutil.crypto.CryptoUtil; + /** * Subsystem for initializing JSS> * <P> - * * @version $Revision$ $Date$ */ public final class JssSubsystem implements ICryptoSubsystem { @@ -130,15 +131,13 @@ public final class JssSubsystem implements ICryptoSubsystem { private Hashtable mNicknameMapCertsTable = new Hashtable(); private Hashtable mNicknameMapUserCertsTable = new Hashtable(); - private FileInputStream devRandomInputStream = null; + private FileInputStream devRandomInputStream=null; - // This date format is to format the date string of the certificate in such - // a way as + // This date format is to format the date string of the certificate in such a way as // May 01, 1999 01:55:55. - private static SimpleDateFormat mFormatter = new SimpleDateFormat( - "MMMMM dd, yyyy HH:mm:ss"); + private static SimpleDateFormat mFormatter = new SimpleDateFormat("MMMMM dd, yyyy HH:mm:ss"); - // SSL related variables. + // SSL related variables. private IConfigStore mSSLConfig = null; @@ -148,20 +147,20 @@ public final class JssSubsystem implements ICryptoSubsystem { private static Hashtable mCipherNames = new Hashtable(); - /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config. */ - private static final String DEFAULT_CIPHERPREF = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," - + "TLS_RSA_WITH_AES_128_CBC_SHA," - + "TLS_RSA_WITH_AES_256_CBC_SHA," - + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," - + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," - + - // "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + - // "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + - // "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," - + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," - + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," - + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; + /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config.*/ + private static final String DEFAULT_CIPHERPREF = + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + + "TLS_RSA_WITH_AES_128_CBC_SHA," + + "TLS_RSA_WITH_AES_256_CBC_SHA," + + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + +// "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + +// "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + +// "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; /* list of all ciphers JSS supports */ private static final int mJSSCipherSuites[] = { @@ -179,51 +178,50 @@ public final class JssSubsystem implements ICryptoSubsystem { SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA, SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, }; + SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, + }; static { /* set ssl cipher string names. */ - /* - * disallowing SSL2 ciphers to be turned on - * mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5)); - * mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5, - * Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5)); - */ + /* disallowing SSL2 ciphers to be turned on + mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5)); + mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5, + Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5)); + */ mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_RC4_128_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5)); + Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA)); mCipherNames.put(Constants.PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA)); - mCipherNames - .put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, - Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA)); + mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, + Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)); mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA, - Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA)); + Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA)); mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)); mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA)); mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA)); + Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA)); mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA)); + Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA)); } public static JssSubsystem getInstance() { @@ -241,43 +239,44 @@ public final class JssSubsystem implements ICryptoSubsystem { } public void setId(String id) throws EBaseException { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); - - } - - // Add entropy to the 'default' RNG token - public void addEntropy(int bits) - throws org.mozilla.jss.util.NotImplementedException, IOException, - TokenException { - int read = 0; - int bytes = (7 + bits) / 8; - byte[] b = new byte[bytes]; - if (devRandomInputStream == null) { - throw new IOException( - CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM")); - } - do { - int c = devRandomInputStream.read(b, read, bytes - read); - read += c; - } while (read < bytes); - - CMS.debug("JssSubsystem adding " + bits + " bits (" + bytes - + " bytes) of entropy to default RNG token"); - CMS.debug(b); - PK11SecureRandom sr = new PK11SecureRandom(); - sr.setSeed(b); - } - + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + + } + + // Add entropy to the 'default' RNG token + public void addEntropy(int bits) + throws org.mozilla.jss.util.NotImplementedException, + IOException, + TokenException + { + int read=0; + int bytes = (7+bits)/8; + byte[] b = new byte[bytes]; + if (devRandomInputStream == null) { + throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM")); + } + do { + int c = devRandomInputStream.read(b,read,bytes-read); + read += c; + } + while (read < bytes); + + CMS.debug("JssSubsystem adding "+bits+" bits ("+bytes+" bytes) of entropy to default RNG token"); + CMS.debug(b); + PK11SecureRandom sr = new PK11SecureRandom(); + sr.setSeed(b); + } + /** - * Initializes the Jss security subsystem. + * Initializes the Jss security subsystem. * <P> */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mLogger = CMS.getLogger(); - - if (mInited) { + + if (mInited) + { // This used to throw an exeception (e.g. - on Solaris). // If JSS is already initialized simply return. CMS.debug("JssSubsystem already inited.. returning."); @@ -310,9 +309,10 @@ public final class JssSubsystem implements ICryptoSubsystem { String certDir; certDir = config.getString(CONFIG_DIR, null); - - CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues( - certDir, "", "", "secmod.db"); + + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(certDir, + "", "", "secmod.db"); vals.removeSunProvider = false; vals.installJSSProvider = true; @@ -321,13 +321,11 @@ public final class JssSubsystem implements ICryptoSubsystem { } catch (AlreadyInitializedException e) { // do nothing } catch (Exception e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } @@ -335,21 +333,19 @@ public final class JssSubsystem implements ICryptoSubsystem { mCryptoManager = CryptoManager.getInstance(); initSSL(); } catch (CryptoManager.NotInitializedException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } - + mInited = true; } public String getCipherVersion() throws EBaseException { - return "cipherdomestic"; + return "cipherdomestic"; } public String getCipherPreferences() throws EBaseException { @@ -367,36 +363,36 @@ public final class JssSubsystem implements ICryptoSubsystem { public String getECType(String certType) throws EBaseException { if (mSSLConfig != null) { // for SSL server, check the value of jss.ssl.sslserver.ectype - return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE, - "ECDHE"); + return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE, "ECDHE"); } else { return "ECDHE"; } } public String isCipherFortezza() throws EBaseException { - // we always display fortezza suites. - // too much work to display tokens/certs corresponding to the - // suites. + // we always display fortezza suites. + // too much work to display tokens/certs corresponding to the + // suites. return "true"; } void installProvider() { int position = java.security.Security.insertProviderAt( - new com.netscape.cmscore.security.Provider(), 1); + new com.netscape.cmscore.security.Provider(), + 1); if (position == -1) { Debug.trace("Unable to install CMS provider"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER")); } } - public void setCipherPreferences(String cipherPrefs) throws EBaseException { + public void setCipherPreferences(String cipherPrefs) + throws EBaseException { if (mSSLConfig != null) { if (cipherPrefs.equals("")) - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS")); mSSLConfig.putString(Constants.PR_CIPHER_PREF, cipherPrefs); } } @@ -406,7 +402,7 @@ public final class JssSubsystem implements ICryptoSubsystem { * */ private void initSSL() throws EBaseException { - // JSS will AND what is set and what is allowed by export policy + // JSS will AND what is set and what is allowed by export policy // so we can set what is requested. try { @@ -422,11 +418,11 @@ public final class JssSubsystem implements ICryptoSubsystem { if (Debug.ON) Debug.trace("configured ssl cipher prefs is " + sslCiphers); - // first, disable all ciphers, since JSS defaults to all-enabled + // first, disable all ciphers, since JSS defaults to all-enabled for (int i = mJSSCipherSuites.length - 1; i >= 0; i--) { try { - SSLSocket - .setCipherPreferenceDefault(mJSSCipherSuites[i], false); + SSLSocket.setCipherPreferenceDefault(mJSSCipherSuites[i], + false); } catch (SocketException e) { } } @@ -437,10 +433,9 @@ public final class JssSubsystem implements ICryptoSubsystem { StringTokenizer ciphers = new StringTokenizer(sslCiphers, ","); if (!ciphers.hasMoreTokens()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers)); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF)); } while (ciphers.hasMoreTokens()) { String cipher = ciphers.nextToken(); @@ -449,13 +444,13 @@ public final class JssSubsystem implements ICryptoSubsystem { if (sslcipher != null) { String msg = "setting ssl cipher " + cipher; - CMS.debug("JSSSubsystem: initSSL(): " + msg); + CMS.debug("JSSSubsystem: initSSL(): "+msg); log(ILogger.LL_INFO, msg); if (Debug.ON) Debug.trace(msg); try { SSLSocket.setCipherPreferenceDefault( - sslcipher.intValue(), true); + sslcipher.intValue(), true); } catch (SocketException e) { } } @@ -463,7 +458,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } } - + /** * Retrieves a configuration store of this subsystem. * <P> @@ -477,26 +472,26 @@ public final class JssSubsystem implements ICryptoSubsystem { */ public void startup() throws EBaseException { } - + /** * Shutdowns this subsystem. * <P> */ public void shutdown() { try { - // After talking to NSS teamm, we should not call close databases - // which will call NSS_Shutdown. Web Server will call NSS_Shutdown - boolean isClosing = mConfig.getBoolean("closeDatabases", false); - if (isClosing) { - JSSDatabaseCloser closer = new JSSDatabaseCloser(); - closer.closeDatabases(); - } + // After talking to NSS teamm, we should not call close databases + // which will call NSS_Shutdown. Web Server will call NSS_Shutdown + boolean isClosing = mConfig.getBoolean("closeDatabases", false); + if (isClosing) { + JSSDatabaseCloser closer = new JSSDatabaseCloser(); + closer.closeDatabases(); + } } catch (Exception e) { } } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); } public PasswordCallback getPWCB() { @@ -510,13 +505,11 @@ public final class JssSubsystem implements ICryptoSubsystem { try { name = c.getName(); } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } @@ -533,29 +526,26 @@ public final class JssSubsystem implements ICryptoSubsystem { CryptoToken c = (CryptoToken) tokens.nextElement(); // skip builtin object token - if (c.getName() != null - && c.getName().equals("Builtin Object Token")) { + if (c.getName() != null && c.getName().equals("Builtin Object Token")) { continue; } if (num++ == 0) - tokenList = tokenList + c.getName(); - else + tokenList = tokenList + c.getName(); + else tokenList = tokenList + "," + c.getName(); } } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } - if (tokenList.equals("")) - return Constants.PR_INTERNAL_TOKEN; + if (tokenList.equals("")) + return Constants.PR_INTERNAL_TOKEN; else return (tokenList + "," + Constants.PR_INTERNAL_TOKEN); } @@ -568,74 +558,48 @@ public final class JssSubsystem implements ICryptoSubsystem { return ctoken.isLoggedIn(); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } } - public void loggedInToken(String tokenName, String pwd) - throws EBaseException { + public void loggedInToken(String tokenName, String pwd) throws EBaseException { try { CryptoToken ctoken = mCryptoManager.getTokenByName(tokenName); Password clk = new Password(pwd.toCharArray()); ctoken.login(clk); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (IncorrectPasswordException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_LOGIN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_LOGIN_FAILED")); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } } - public String getCertSubjectName(String tokenname, String nickname) - throws EBaseException { + public String getCertSubjectName(String tokenname, String nickname) + throws EBaseException { try { return KeyCertUtil.getCertSubjectName(tokenname, nickname); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } } @@ -660,21 +624,18 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } return certNames; } - public String getCertListWithoutTokenName(String name) - throws EBaseException { + public String getCertListWithoutTokenName(String name) throws EBaseException { CryptoToken c = null; String certNames = ""; @@ -692,7 +653,7 @@ public final class JssSubsystem implements ICryptoSubsystem { if (list == null) return ""; - + for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); int index = nickname.indexOf(":"); @@ -709,22 +670,18 @@ public final class JssSubsystem implements ICryptoSubsystem { return ""; } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } catch (NoSuchTokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } } @@ -747,7 +704,7 @@ public final class JssSubsystem implements ICryptoSubsystem { if (list == null) return ""; - + for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); @@ -761,28 +718,24 @@ public final class JssSubsystem implements ICryptoSubsystem { return ""; } catch (TokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } catch (NoSuchTokenException e) { - String[] params = { mId, e.toString() }; - EBaseException ex = new EBaseException(CMS.getUserMessage( - "CMS_BASE_CREATE_SERVICE_FAILED", params)); + String[] params = {mId, e.toString()}; + EBaseException ex = new EBaseException( + CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params)); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString())); throw ex; } } - public AlgorithmId getAlgorithmId(String algname, IConfigStore store) - throws EBaseException { + public AlgorithmId getAlgorithmId(String algname, IConfigStore store) + throws EBaseException { try { if (algname.equals("DSA")) { byte[] p = store.getByteArray("ca.dsaP", null); @@ -799,72 +752,60 @@ public final class JssSubsystem implements ICryptoSubsystem { } return AlgorithmId.getAlgorithmId(algname); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "")); } } public String getSignatureAlgorithm(String nickname) throws EBaseException { try { - X509Certificate cert = CryptoManager.getInstance() - .findCertByNickname(nickname); + X509Certificate cert = + CryptoManager.getInstance().findCertByNickname(nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSigAlgName(); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); - } + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); + } } public KeyPair getKeyPair(String nickname) throws EBaseException { try { - X509Certificate cert = CryptoManager.getInstance() - .findCertByNickname(nickname); - PrivateKey priKey = CryptoManager.getInstance().findPrivKeyByCert( - cert); + X509Certificate cert = + CryptoManager.getInstance().findCertByNickname(nickname); + PrivateKey priKey = + CryptoManager.getInstance().findPrivKeyByCert(cert); PublicKey publicKey = cert.getPublicKey(); return new KeyPair(publicKey, priKey); } catch (NotInitializedException e) { log(ILogger.LL_FAILURE, "Key Pair Error " + e); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (ObjectNotFoundException e) { log(ILogger.LL_FAILURE, "Key Pair Error " + e); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (TokenException e) { log(ILogger.LL_FAILURE, "Key Pair Error " + e); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } } - public KeyPair getKeyPair(String tokenName, String alg, int keySize) - throws EBaseException { + public KeyPair getKeyPair(String tokenName, String alg, + int keySize) throws EBaseException { return getKeyPair(tokenName, alg, keySize, null); } - public KeyPair getKeyPair(String tokenName, String alg, int keySize, - PQGParams pqg) throws EBaseException { + public KeyPair getKeyPair(String tokenName, String alg, + int keySize, PQGParams pqg) throws EBaseException { String t = tokenName; if (tokenName.equals(Constants.PR_INTERNAL_TOKEN)) @@ -872,13 +813,12 @@ public final class JssSubsystem implements ICryptoSubsystem { CryptoToken token = null; try { - token = mCryptoManager.getTokenByName(t); + token = mCryptoManager.getTokenByName(t); } catch (NoSuchTokenException e) { log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", tokenName)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName)); } - + KeyPairAlgorithm kpAlg = null; if (alg.equals("RSA")) @@ -888,35 +828,26 @@ public final class JssSubsystem implements ICryptoSubsystem { } try { - KeyPair kp = KeyCertUtil - .generateKeyPair(token, kpAlg, keySize, pqg); + KeyPair kp = KeyCertUtil.generateKeyPair(token, kpAlg, keySize, pqg); return kp; } catch (InvalidParameterException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_KEYSIZE_PARAMS", "" + keySize)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEYSIZE_PARAMS", + "" + keySize)); } catch (PQGParamGenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", kpAlg.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", + kpAlg.toString())); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED")); } catch (InvalidAlgorithmParameterException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_KEY_PAIR", e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); } } @@ -924,108 +855,69 @@ public final class JssSubsystem implements ICryptoSubsystem { try { X500Name name = new X500Name(dn); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_X500_NAME", dn)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_X500_NAME", dn)); } } - public String getCertRequest(String subjectName, KeyPair kp) - throws EBaseException { + public String getCertRequest(String subjectName, KeyPair kp) + throws EBaseException { try { - netscape.security.pkcs.PKCS10 pkcs = KeyCertUtil.getCertRequest( - subjectName, kp); + netscape.security.pkcs.PKCS10 pkcs = + KeyCertUtil.getCertRequest(subjectName, kp); ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); pkcs.print(ps); return bs.toString(); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "")); } catch (NoSuchProviderException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_CERT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString())); } catch (SignatureException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE")); } } - public void importCert(String b64E, String nickname, String certType) - throws EBaseException { + public void importCert(String b64E, String nickname, String certType) + throws EBaseException { try { KeyCertUtil.importCert(b64E, nickname, certType); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { String eString = e.toString(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - if (eString - .contains("Failed to find certificate that was just imported")) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + if (eString.contains("Failed to find certificate that was just imported")) { throw new EBaseException(eString); } else { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } } catch (UserCertConflictException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); } catch (NicknameConflictException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } } @@ -1036,7 +928,8 @@ public final class JssSubsystem implements ICryptoSubsystem { String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) tokenname = tmp; tmp = (String) properties.get(Constants.PR_KEY_TYPE); if (tmp != null) @@ -1058,9 +951,9 @@ public final class JssSubsystem implements ICryptoSubsystem { KeyPair pair = null; String tmp = (String) properties.get(Constants.PR_TOKEN_NAME); - if (tmp != null) + if (tmp != null) token = tmp; - + tmp = (String) properties.get(Constants.PR_KEY_CURVENAME); if (tmp != null) keyCurve = tmp; @@ -1071,110 +964,77 @@ public final class JssSubsystem implements ICryptoSubsystem { return pair; } - - public KeyPair getECCKeyPair(String token, String keyCurve, String certType) - throws EBaseException { + + public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException { KeyPair pair = null; if ((token == null) || (token.equals(""))) token = Constants.PR_INTERNAL_TOKEN_NAME; if ((keyCurve == null) || (keyCurve.equals(""))) - keyCurve = "nistp512"; + keyCurve = "nistp512"; String ectype = getECType(certType); // ECDHE needs "SIGN" but no "DERIVE" - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE + }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, + }; try { - if (ectype.equals("ECDHE")) - pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, - usages_mask); + if (ectype.equals("ECDHE")) + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask); else - pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, - ECDH_usages_mask); + pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } return pair; - } + } public void importCert(X509CertImpl signedCert, String nickname, - String certType) throws EBaseException { + String certType) throws EBaseException { try { KeyCertUtil.importCert(signedCert, nickname, certType); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); } catch (UserCertConflictException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT")); } catch (NicknameConflictException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED")); } } @@ -1184,94 +1044,70 @@ public final class JssSubsystem implements ICryptoSubsystem { X509CertImpl impl = new X509CertImpl(b); NameValuePairs results = new NameValuePairs(); - results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN() - .getName()); + results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN().getName()); results.add(Constants.PR_ISSUER_NAME, impl.getIssuerDN().getName()); - results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber() - .toString()); - results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore() - .toString()); - results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter() - .toString()); + results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber().toString()); + results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore().toString()); + results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter().toString()); // fingerprint is using MD5 hash return results; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } } - public void deleteUserCert(String nickname, String serialno, - String issuername) throws EBaseException { + public void deleteUserCert(String nickname, String serialno, String issuername) + throws EBaseException { try { - X509Certificate cert = getCertificate(nickname, serialno, - issuername); + X509Certificate cert = getCertificate(nickname, serialno, issuername); if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; CryptoStore store = tcert.getOwningToken().getCryptoStore(); - CMS.debug("*** deleting this token cert"); +CMS.debug("*** deleting this token cert"); tcert.getOwningToken().getCryptoStore().deleteCert(tcert); - CMS.debug("*** finish deleting this token cert"); +CMS.debug("*** finish deleting this token cert"); } else { - CryptoToken token = CryptoManager.getInstance() - .getInternalKeyStorageToken(); - CryptoStore store = token.getCryptoStore(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); + CryptoStore store = token.getCryptoStore(); - CMS.debug("*** deleting this interna cert"); - store.deleteCert(cert); - CMS.debug("*** removing this interna cert"); +CMS.debug("*** deleting this interna cert"); + store.deleteCert(cert); +CMS.debug("*** removing this interna cert"); } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } } - public void deleteRootCert(String nickname, String serialno, - String issuername) throws EBaseException { + public void deleteRootCert(String nickname, String serialno, + String issuername) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { if (mNicknameMapCertsTable != null) { - X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); throw e; } else { for (int i = 0; i < certs.length; i++) { @@ -1279,27 +1115,24 @@ public final class JssSubsystem implements ICryptoSubsystem { X509CertImpl impl = new X509CertImpl(cert.getEncoded()); String num = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - CMS.debug("*** num " + num); - CMS.debug("*** issuer " + issuer); +CMS.debug("*** num "+num); +CMS.debug("*** issuer "+issuer); if (num.equals(serialno) && issuername.equals(issuer)) { - CMS.debug("*** removing root cert"); +CMS.debug("*** removing root cert"); if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; - CryptoStore store = tcert.getOwningToken() - .getCryptoStore(); - - CMS.debug("*** deleting this token cert"); - tcert.getOwningToken().getCryptoStore() - .deleteCert(tcert); - CMS.debug("*** finish deleting this token cert"); + CryptoStore store = tcert.getOwningToken().getCryptoStore(); + +CMS.debug("*** deleting this token cert"); + tcert.getOwningToken().getCryptoStore().deleteCert(tcert); +CMS.debug("*** finish deleting this token cert"); } else { - CryptoToken token = CryptoManager.getInstance() - .getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); - - CMS.debug("*** deleting this interna cert"); + +CMS.debug("*** deleting this interna cert"); store.deleteCert(cert); - CMS.debug("*** removing this interna cert"); +CMS.debug("*** removing this interna cert"); } mNicknameMapCertsTable.remove(nickname); break; @@ -1309,29 +1142,17 @@ public final class JssSubsystem implements ICryptoSubsystem { } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } @@ -1354,15 +1175,14 @@ public final class JssSubsystem implements ICryptoSubsystem { for (int i = 0; i < list.length; i++) { try { - PrivateKey key = CryptoManager.getInstance() - .findPrivKeyByCert(list[i]); + PrivateKey key = + CryptoManager.getInstance().findPrivKeyByCert(list[i]); Debug.trace("JssSubsystem getRootCerts: find private key " - + list[i].getNickname()); + +list[i].getNickname()); } catch (ObjectNotFoundException e) { String nickname = list[i].getNickname(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" - + nickname; + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { + nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname; } X509CertImpl impl = null; @@ -1383,15 +1203,14 @@ public final class JssSubsystem implements ICryptoSubsystem { } String serialno = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - nvps.add(nickname + "," + serialno, issuer); - Debug.trace("getRootCerts: nickname=" + nickname - + ", serialno=" + serialno + ", issuer=" - + issuer); + nvps.add(nickname+","+serialno, issuer); + Debug.trace("getRootCerts: nickname="+nickname+", serialno="+ + serialno+", issuer="+issuer); continue; } catch (CryptoManager.NotInitializedException e) { continue; } - } + } // convert hashtable of vectors to hashtable of arrays Enumeration elms = vecTable.keys(); @@ -1405,11 +1224,8 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } return nvps; @@ -1430,18 +1246,16 @@ public final class JssSubsystem implements ICryptoSubsystem { for (int i = 0; i < list.length; i++) { try { - PrivateKey key = CryptoManager.getInstance() - .findPrivKeyByCert(list[i]); + PrivateKey key = + CryptoManager.getInstance().findPrivKeyByCert(list[i]); String nickname = list[i].getNickname(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) - || tokenName - .equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) { - nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" - + nickname; + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) || + tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) { + nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname; } X509CertImpl impl = null; - try { + try { impl = new X509CertImpl(list[i].getEncoded()); } catch (CertificateException e) { // skip bad certificate @@ -1450,25 +1264,21 @@ public final class JssSubsystem implements ICryptoSubsystem { } String serialno = impl.getSerialNumber().toString(); String issuer = impl.getIssuerDN().toString(); - nvps.add(nickname + "," + serialno, issuer); - Debug.trace("getUserCerts: nickname=" + nickname - + ", serialno=" + serialno + ", issuer=" - + issuer); + nvps.add(nickname+","+serialno, issuer); + Debug.trace("getUserCerts: nickname="+nickname+", serialno="+ + serialno+", issuer="+issuer); } catch (ObjectNotFoundException e) { Debug.trace("JssSubsystem getUserCerts: cant find private key " - + list[i].getNickname()); + +list[i].getNickname()); continue; } catch (CryptoManager.NotInitializedException e) { continue; } - } + } } } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } return nvps; @@ -1481,8 +1291,8 @@ public final class JssSubsystem implements ICryptoSubsystem { public NameValuePairs getAllCertsManage() throws EBaseException { /* - * first get all CA certs (internal only), then all user certs (both - * internal and external) + * first get all CA certs (internal only), + * then all user certs (both internal and external) */ NameValuePairs pairs = getCACerts(); @@ -1502,14 +1312,14 @@ public final class JssSubsystem implements ICryptoSubsystem { for (int i = 0; i < list.length; i++) { String nickname = list[i].getNickname(); - X509Certificate[] certificates = CryptoManager - .getInstance().findCertsByNickname(nickname); + X509Certificate[] certificates = + CryptoManager.getInstance().findCertsByNickname(nickname); mNicknameMapUserCertsTable.put(nickname, certificates); X509CertImpl impl = null; - try { + try { impl = new X509CertImpl(list[i].getEncoded()); } catch (CertificateException e) { // skip bad certificate @@ -1520,7 +1330,7 @@ public final class JssSubsystem implements ICryptoSubsystem { String dateStr = mFormatter.format(date); NameValuePair pair = pairs.getPair(nickname); - /* always user cert here */ + /* always user cert here*/ String certValue = dateStr + "," + "u"; if (pair == null) @@ -1531,27 +1341,19 @@ public final class JssSubsystem implements ICryptoSubsystem { if (vvalue.endsWith(",u")) { pair.setValue(vvalue + ";" + certValue); } - } + } } } /* while */ } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); // } catch (CertificateException e) { - // log(ILogger.LL_FAILURE, - // CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - // e.toString())); - // throw new EBaseException(BaseResources.CERT_ERROR); + // log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + // throw new EBaseException(BaseResources.CERT_ERROR); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } return pairs; @@ -1560,28 +1362,26 @@ public final class JssSubsystem implements ICryptoSubsystem { public NameValuePairs getCACerts() throws EBaseException { NameValuePairs pairs = new NameValuePairs(); - // InternalCertificate[] certs; + //InternalCertificate[] certs; X509Certificate[] certs; try { - certs = CryptoManager.getInstance().getCACerts(); + certs = + CryptoManager.getInstance().getCACerts(); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } - if (mNicknameMapCertsTable == null) { - CMS.debug("JssSubsystem::getCACerts() - " - + "mNicknameMapCertsTable is null!"); - throw new EBaseException("mNicknameMapCertsTable is null"); + if( mNicknameMapCertsTable == null ) { + CMS.debug( "JssSubsystem::getCACerts() - " + + "mNicknameMapCertsTable is null!" ); + throw new EBaseException( "mNicknameMapCertsTable is null" ); } else { mNicknameMapCertsTable.clear(); } - // a temp hashtable with vectors + // a temp hashtable with vectors Hashtable vecTable = new Hashtable(); for (int i = 0; i < certs.length; i++) { @@ -1611,13 +1411,12 @@ public final class JssSubsystem implements ICryptoSubsystem { mNicknameMapCertsTable.put(key, a); } - Enumeration keys = mNicknameMapCertsTable.keys(); + Enumeration keys = mNicknameMapCertsTable.keys(); while (keys.hasMoreElements()) { String nickname = (String) keys.nextElement(); - X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); - + X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); + for (int i = 0; i < value.length; i++) { InternalCertificate icert = null; @@ -1627,13 +1426,14 @@ public final class JssSubsystem implements ICryptoSubsystem { Debug.trace("cert is not an InternalCertificate"); Debug.trace("nickname: " + nickname + " index " + i); Debug.trace("cert: " + value[i]); - continue; + continue; } - + int flag = icert.getSSLTrust(); String trust = "U"; - if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA) + if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == + InternalCertificate.TRUSTED_CLIENT_CA) trust = "T"; X509CertImpl impl = null; @@ -1650,122 +1450,96 @@ public final class JssSubsystem implements ICryptoSubsystem { String vvalue = pair.getValue(); pair.setValue(vvalue + ";" + certValue); - } + } } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString())); // allow it to continue with other certs even if one blows // up - // throw new EBaseException(BaseResources.CERT_ERROR); + // throw new EBaseException(BaseResources.CERT_ERROR); } } } return pairs; } - public void trustCert(String nickname, String date, String trust) - throws EBaseException { + public void trustCert(String nickname, String date, String trust) throws + EBaseException { try { if (mNicknameMapCertsTable != null) { - X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); throw e; } else { for (int i = 0; i < certs.length; i++) { X509Certificate cert = certs[i]; - X509CertImpl certImpl = new X509CertImpl( - cert.getEncoded()); + X509CertImpl certImpl = new X509CertImpl(cert.getEncoded()); Date notAfter = certImpl.getNotAfter(); Date qualifier = mFormatter.parse(date); if (notAfter.equals(qualifier)) { if (cert instanceof InternalCertificate) { if (trust.equals("Trust")) { - int trustflag = InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA; + int trustflag = InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA | + InternalCertificate.VALID_CA; - ((InternalCertificate) cert) - .setSSLTrust(trustflag); + ((InternalCertificate) cert).setSSLTrust(trustflag); } else - ((InternalCertificate) cert) - .setSSLTrust(InternalCertificate.VALID_CA); + ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA); break; } else { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_CERT_ERROR", "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } } } } } - } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + } catch (ParseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } /** * Delete the CA certificate from the perm database. - * * @param nickname The nickname of the CA certificate. - * @param notAfterTime The notAfter of the certificate. It is possible to - * get multiple certificates under the same nickname. If one of - * the certificates match the notAfterTime, then the certificate - * will get deleted. The format of the notAfterTime has to be in - * "MMMMM dd, yyyy HH:mm:ss" format. - */ - public void deleteCACert(String nickname, String notAfterTime) - throws EBaseException { + * @param notAfterTime The notAfter of the certificate. It is possible to get multiple + * certificates under the same nickname. If one of the certificates match the notAfterTime, + * then the certificate will get deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. + */ + public void deleteCACert(String nickname, String notAfterTime) throws EBaseException { try { if (mNicknameMapCertsTable != null) { - X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString())); throw e; } else { for (int i = 0; i < certs.length; i++) { X509Certificate cert = certs[i]; - X509CertImpl certImpl = new X509CertImpl( - cert.getEncoded()); + X509CertImpl certImpl = new X509CertImpl(cert.getEncoded()); Date notAfter = certImpl.getNotAfter(); Date qualifier = mFormatter.parse(notAfterTime); if (notAfter.equals(qualifier)) { if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; - CryptoStore store = tcert.getOwningToken() - .getCryptoStore(); + CryptoStore store = tcert.getOwningToken().getCryptoStore(); - tcert.getOwningToken().getCryptoStore() - .deleteCert(tcert); + tcert.getOwningToken().getCryptoStore().deleteCert(tcert); } else { - CryptoToken token = CryptoManager.getInstance() - .getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); store.deleteCert(cert); @@ -1777,64 +1551,45 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } /** * Delete any certificate from the any token. - * * @param nickname The nickname of the certificate. - * @param notAfterTime The notAfter of the certificate. It is possible to - * get multiple certificates under the same nickname. If one of - * the certificates match the notAfterTime, then the certificate - * will get deleted. The format of the notAfterTime has to be in - * "MMMMM dd, yyyy HH:mm:ss" format. - */ - public void deleteCert(String nickname, String notAfterTime) - throws EBaseException { + * @param notAfterTime The notAfter of the certificate. It is possible to get multiple + * certificates under the same nickname. If one of the certificates match the notAfterTime, + * then the certificate will get deleted. The format of the notAfterTime has to be + * in "MMMMM dd, yyyy HH:mm:ss" format. + */ + public void deleteCert(String nickname, String notAfterTime) throws EBaseException { boolean isUserCert = false; - X509Certificate[] certs = null; - ; + X509Certificate[] certs = null;; try { if (mNicknameMapCertsTable != null) { - certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + certs = + (X509Certificate[]) mNicknameMapCertsTable.get(nickname); } if (certs == null) { if (mNicknameMapUserCertsTable != null) { - certs = (X509Certificate[]) mNicknameMapUserCertsTable - .get(nickname); + certs = + (X509Certificate[]) mNicknameMapUserCertsTable.get(nickname); if (certs != null) { CMS.debug("in mNicknameMapUserCertsTable, isUserCert is true"); isUserCert = true; @@ -1845,12 +1600,9 @@ public final class JssSubsystem implements ICryptoSubsystem { } if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); throw e; } else { @@ -1863,14 +1615,11 @@ public final class JssSubsystem implements ICryptoSubsystem { if (notAfter.equals(qualifier)) { if (cert instanceof TokenCertificate) { TokenCertificate tcert = (TokenCertificate) cert; - CryptoStore store = tcert.getOwningToken() - .getCryptoStore(); + CryptoStore store = tcert.getOwningToken().getCryptoStore(); - tcert.getOwningToken().getCryptoStore() - .deleteCert(tcert); + tcert.getOwningToken().getCryptoStore().deleteCert(tcert); } else { - CryptoToken token = CryptoManager.getInstance() - .getInternalKeyStorageToken(); + CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = token.getCryptoStore(); store.deleteCert(cert); @@ -1886,51 +1635,33 @@ public final class JssSubsystem implements ICryptoSubsystem { } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } - public void deleteTokenCertificate(String nickname, String pathname) - throws EBaseException { + public void deleteTokenCertificate(String nickname, String pathname) throws EBaseException { try { - X509Certificate cert = CryptoManager.getInstance() - .findCertByNickname(nickname); + X509Certificate cert = CryptoManager.getInstance().findCertByNickname(nickname); String issuerName = cert.getSubjectDN().getName(); Principal principal = cert.getSubjectDN(); DN dn = new DN(principal.getName()); BigInteger serialno = cert.getSerialNumber(); String suffix = "." + System.currentTimeMillis(); String b64E = com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()); - PrintStream stream = new PrintStream(new FileOutputStream(pathname - + suffix)); + PrintStream stream = new PrintStream(new FileOutputStream(pathname + suffix)); stream.println("-----BEGIN CERTIFICATE-----"); stream.print(b64E); @@ -1941,279 +1672,212 @@ public final class JssSubsystem implements ICryptoSubsystem { CryptoStore store = tcert.getOwningToken().getCryptoStore(); tcert.getOwningToken().getCryptoStore().deleteCert(tcert); - } else - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT")); + } else + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT")); int index = nickname.indexOf(":"); - - // the deleted certificate is on the hardware token. We should - // delete the same one from + + // the deleted certificate is on the hardware token. We should delete the same one from // the internal token. if (index > 0) { - CryptoToken cToken = CryptoManager.getInstance() - .getInternalKeyStorageToken(); + CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken(); CryptoStore store = cToken.getCryptoStore(); - X509Certificate[] allcerts = CryptoManager.getInstance() - .getCACerts(); + X509Certificate[] allcerts = CryptoManager.getInstance().getCACerts(); for (int i = 0; i < allcerts.length; i++) { try { - X509CertImpl certImpl = new X509CertImpl( - allcerts[i].getEncoded()); - String certIssuerName = certImpl.getSubjectDN() - .getName(); + X509CertImpl certImpl = new X509CertImpl(allcerts[i].getEncoded()); + String certIssuerName = certImpl.getSubjectDN().getName(); Principal certPrincipal = certImpl.getSubjectDN(); DN certdn = new DN(certPrincipal.getName()); BigInteger certSerialNo = certImpl.getSerialNumber(); - if (dn.equals(certdn) - && certSerialNo.compareTo(serialno) == 0) { + if (dn.equals(certdn) && certSerialNo.compareTo(serialno) == 0) { store.deleteCert(allcerts[i]); break; } } catch (Exception ee) { - Debug.trace("JssSubsystem:deleteTokenCertificate: " - + ee.toString()); + Debug.trace("JssSubsystem:deleteTokenCertificate: " + ee.toString()); } } } } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NoSuchItemOnTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN")); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } public String getSubjectDN(String nickname) throws EBaseException { try { - X509Certificate cert = CryptoManager.getInstance() - .findCertByNickname(nickname); + X509Certificate cert = + CryptoManager.getInstance().findCertByNickname(nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSubjectDN().getName(); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } public void setRootCertTrust(String nickname, String serialno, - String issuerName, String trust) throws EBaseException { - + String issuerName, String trust) throws EBaseException { + X509Certificate cert = getCertificate(nickname, serialno, issuerName); if (cert instanceof InternalCertificate) { if (trust.equals("trust")) { - int trustflag = InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA; + int trustflag = InternalCertificate.TRUSTED_CA | + InternalCertificate.TRUSTED_CLIENT_CA | + InternalCertificate.VALID_CA; ((InternalCertificate) cert).setSSLTrust(trustflag); } else { - ((InternalCertificate) cert) - .setSSLTrust(InternalCertificate.VALID_CA); + ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA); } } } public X509Certificate getCertificate(String nickname, String serialno, - String issuerName) throws EBaseException { + String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; - int i = 0; + int i=0; if (certs != null && certs.length > 0) { for (; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) - && impl.getSerialNumber().toString() - .equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) && + impl.getSerialNumber().toString().equals(serialno)) return certs[i]; } } else { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); - } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } - + return null; } public String getRootCertTrustBit(String nickname, String serialno, - String issuerName) throws EBaseException { + String issuerName) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; - int i = 0; + int i=0; if (certs != null && certs.length > 0) { for (; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) - && impl.getSerialNumber().toString() - .equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) && + impl.getSerialNumber().toString().equals(serialno)) break; } } else { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } String trust = "U"; if (certs[i] instanceof InternalCertificate) { - InternalCertificate icert = (InternalCertificate) certs[i]; + InternalCertificate icert = (InternalCertificate)certs[i]; int flag = icert.getSSLTrust(); - if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA) + if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == + InternalCertificate.TRUSTED_CLIENT_CA) trust = "T"; - } else + } else trust = "N/A"; return trust; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); - } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } public String getCertPrettyPrint(String nickname, String serialno, - String issuerName, Locale locale) throws EBaseException { + String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; if (certs != null && certs.length > 0) { for (int i = 0; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) - && impl.getSerialNumber().toString() - .equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) && + impl.getSerialNumber().toString().equals(serialno)) break; } } else { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } CertPrettyPrint print = null; @@ -2226,114 +1890,86 @@ public final class JssSubsystem implements ICryptoSubsystem { else return null; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } - public String getCertPrettyPrintAndFingerPrint(String nickname, - String serialno, String issuerName, Locale locale) - throws EBaseException { + public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, + String issuerName, Locale locale) throws EBaseException { int index = nickname.indexOf(":"); String tokenname = nickname.substring(0, index); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { - nickname = nickname.substring(index + 1); + nickname = nickname.substring(index+1); } try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); X509CertImpl impl = null; if (certs != null && certs.length > 0) { for (int i = 0; i < certs.length; i++) { impl = new X509CertImpl(certs[i].getEncoded()); - if (impl.getIssuerDN().toString().equals(issuerName) - && impl.getSerialNumber().toString() - .equals(serialno)) + if (impl.getIssuerDN().toString().equals(issuerName) && + impl.getSerialNumber().toString().equals(serialno)) break; } } else { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + EBaseException e = + new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } CertPrettyPrint print = null; - String fingerPrint = ""; + String fingerPrint = ""; if (impl != null) { print = new CertPrettyPrint(impl); - fingerPrint = CMS.getFingerPrints(impl.getEncoded()); - } + fingerPrint = CMS.getFingerPrints(impl.getEncoded()); + } if ((print != null) && (fingerPrint != "")) { - String pp = print.toString(locale) + "\n" - + "Certificate Fingerprints:" + '\n' + fingerPrint; + String pp = print.toString(locale) + "\n" + + "Certificate Fingerprints:"+ '\n' + fingerPrint; return pp; } else return null; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString())); } } - public String getCertPrettyPrint(String nickname, String date, Locale locale) - throws EBaseException { + public String getCertPrettyPrint(String nickname, String date, + Locale locale) throws EBaseException { try { - X509Certificate[] certs = CryptoManager.getInstance() - .findCertsByNickname(nickname); + X509Certificate[] certs = + CryptoManager.getInstance().findCertsByNickname(nickname); - if ((certs == null || certs.length == 0) - && mNicknameMapCertsTable != null) { - certs = (X509Certificate[]) mNicknameMapCertsTable - .get(nickname); + if ((certs == null || certs.length == 0) && + mNicknameMapCertsTable != null) { + certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname); } if (certs == null) { - EBaseException e = new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); throw e; } X509CertImpl impl = null; @@ -2357,35 +1993,22 @@ public final class JssSubsystem implements ICryptoSubsystem { else return null; } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (ParseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } } - public String getCertPrettyPrint(String b64E, Locale locale) - throws EBaseException { - try { + public String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException { + try { try { byte[] b = KeyCertUtil.convertB64EToByteArray(b64E); X509CertImpl impl = new X509CertImpl(b); @@ -2400,8 +2023,8 @@ public final class JssSubsystem implements ICryptoSubsystem { String normalized = CertUtils.normalizeCertStr(noHeader); byte data[] = com.netscape.osutil.OSUtil.AtoB(normalized); - ContentInfo ci = (ContentInfo) ASN1Util.decode( - ContentInfo.getTemplate(), data); + ContentInfo ci = (ContentInfo) + ASN1Util.decode(ContentInfo.getTemplate(), data); if (!ci.getContentType().equals(ContentInfo.SIGNED_DATA)) { throw new CertificateException( @@ -2427,28 +2050,20 @@ public final class JssSubsystem implements ICryptoSubsystem { return content; } } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "Failed to decode")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", + "Failed to decode")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.getMessage())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.getMessage())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } } - public X509CertImpl getSignedCert(KeyCertData data, String certType, - java.security.PrivateKey priKey) throws EBaseException { + public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) + throws EBaseException { CertificateInfo cert = null; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { @@ -2462,8 +2077,7 @@ public final class JssSubsystem implements ICryptoSubsystem { } if (cert == null) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } X509CertInfo certInfo = null; @@ -2471,28 +2085,19 @@ public final class JssSubsystem implements ICryptoSubsystem { try { certInfo = cert.getCertInfo(); - SignatureAlgorithm sigAlg = (SignatureAlgorithm) data - .get(Constants.PR_SIGNATURE_ALGORITHM); + SignatureAlgorithm sigAlg = + (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM); signedCert = KeyCertUtil.signCert(priKey, certInfo, sigAlg); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (PQGParamGenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } return signedCert; @@ -2500,30 +2105,28 @@ public final class JssSubsystem implements ICryptoSubsystem { public boolean isCACert(String fullNickname) throws EBaseException { try { - X509Certificate cert = mCryptoManager - .findCertByNickname(fullNickname); + X509Certificate cert = mCryptoManager.findCertByNickname(fullNickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); - X509CertInfo certinfo = (X509CertInfo) impl.get(X509CertImpl.NAME - + "." + X509CertImpl.INFO); + X509CertInfo certinfo = (X509CertInfo) impl.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); if (certinfo == null) return false; else { - CertificateExtensions exts = (CertificateExtensions) certinfo - .get(X509CertInfo.EXTENSIONS); + CertificateExtensions exts = + (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS); if (exts == null) return false; else { try { - BasicConstraintsExtension ext = (BasicConstraintsExtension) exts - .get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension ext = (BasicConstraintsExtension) + exts.get(BasicConstraintsExtension.NAME); if (ext == null) return false; else { - Boolean bool = (Boolean) ext - .get(BasicConstraintsExtension.IS_CA); + Boolean bool = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); return bool.booleanValue(); } @@ -2533,69 +2136,42 @@ public final class JssSubsystem implements ICryptoSubsystem { } } } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } } - public CertificateExtensions getExtensions(String tokenname, String nickname) - throws EBaseException { + public CertificateExtensions getExtensions(String tokenname, String nickname) + throws EBaseException { try { return KeyCertUtil.getExtensions(tokenname, nickname); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } catch (TokenException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR")); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "")); } } @@ -2603,10 +2179,8 @@ public final class JssSubsystem implements ICryptoSubsystem { KeyCertUtil.checkCertificateExt(ext); } - public void checkKeyLength(String keyType, int keyLength, String certType, - int minRSAKeyLen) throws EBaseException { - // KeyCertUtil.checkKeyLength(keyType, keyLength, certType, - // minRSAKeyLen); + public void checkKeyLength(String keyType, int keyLength, String certType, int minRSAKeyLen) throws EBaseException { + // KeyCertUtil.checkKeyLength(keyType, keyLength, certType, minRSAKeyLen); } public PQGParams getPQG(int keysize) { @@ -2614,25 +2188,25 @@ public final class JssSubsystem implements ICryptoSubsystem { } public PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException { + throws EBaseException { return KeyCertUtil.getCAPQG(keysize, store); } - public CertificateExtensions getCertExtensions(String tokenname, - String nickname) throws NotInitializedException, TokenException, - ObjectNotFoundException, + public CertificateExtensions getCertExtensions(String tokenname, String nickname) + throws NotInitializedException, TokenException, ObjectNotFoundException, IOException, CertificateException { return KeyCertUtil.getExtensions(tokenname, nickname); } } -class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser { +class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser +{ public JSSDatabaseCloser() throws Exception { - super(); + super(); } public void closeDatabases() { - super.closeDatabases(); + super.closeDatabases(); } } diff --git a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java index 7dadc7afa..35b7cdf2b 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.IOException; import java.security.KeyPair; @@ -28,14 +29,16 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; + /** - * KRA transport certificate + * KRA transport certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class KRATransportCert extends CertificateInfo { - public static final String SUBJECT_NAME = "CN=Data Recovery Manager, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=Data Recovery Manager, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public KRATransportCert(KeyCertData properties) { @@ -46,7 +49,8 @@ public class KRATransportCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; mProperties.put(Constants.PR_AKI, Constants.TRUE); } @@ -58,8 +62,7 @@ public class KRATransportCert extends CertificateInfo { if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) cmsFileTmp.putString("kra.transportUnit.nickName", nickname); else - cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":" - + nickname); + cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":" + nickname); cmsFileTmp.commit(false); } @@ -69,8 +72,8 @@ public class KRATransportCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties - .get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = + (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -78,14 +81,19 @@ public class KRATransportCert extends CertificateInfo { } /* - * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg - * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); - * if (sAlg != null) { return sAlg; } String alg = - * (String)mProperties.get(Constants.PR_KEY_TYPE); - * - * if (alg.equals("RSA")) return - * SignatureAlgorithm.RSASignatureWithMD5Digest; else return - * SignatureAlgorithm.DSASignatureWithSHA1Digest; } + public SignatureAlgorithm getSigningAlgorithm() { + SignatureAlgorithm sAlg = + (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + if (sAlg != null) { + return sAlg; + } + String alg = (String)mProperties.get(Constants.PR_KEY_TYPE); + + if (alg.equals("RSA")) + return SignatureAlgorithm.RSASignatureWithMD5Digest; + else + return SignatureAlgorithm.DSASignatureWithSHA1Digest; + } */ public String getKeyAlgorithm() { @@ -99,3 +107,4 @@ public class KRATransportCert extends CertificateInfo { return extension; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java index 95772307e..589d5a68c 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java +++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FilterOutputStream; @@ -115,6 +116,7 @@ import com.netscape.cmscore.dbs.DateMapper; import com.netscape.cmscore.dbs.X509CertImplMapper; import com.netscape.cmsutil.crypto.CryptoUtil; + /** * This class provides all the base methods to generate the key for different * kinds of certificates. @@ -147,15 +149,14 @@ public class KeyCertUtil { try { Extension de = new Extension(new DerValue(b)); } catch (IOException ex) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_CERT_EXTENSION")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT_EXTENSION")); } } } } - public static String getTokenNames(CryptoManager manager) - throws TokenException { + public static String getTokenNames(CryptoManager manager) + throws TokenException { String tokenList = ""; Enumeration tokens = manager.getExternalTokens(); int num = 0; @@ -179,8 +180,11 @@ public class KeyCertUtil { // All this streaming is lame, but Base64OutputStream needs a // PrintStream ByteArrayOutputStream output = new ByteArrayOutputStream(); - Base64OutputStream b64 = new Base64OutputStream(new PrintStream( - new FilterOutputStream(output))); + Base64OutputStream b64 = new Base64OutputStream(new + PrintStream(new + FilterOutputStream(output) + ) + ); b64.write(bytes); b64.flush(); @@ -191,7 +195,7 @@ public class KeyCertUtil { } public static byte[] makeDSSParms(BigInteger P, BigInteger Q, BigInteger G) - throws IOException { + throws IOException { // Write P, Q, G to a DER stream DerOutputStream contents = new DerOutputStream(); @@ -208,43 +212,42 @@ public class KeyCertUtil { return sequence.toByteArray(); } - public static PrivateKey getPrivateKey(String tokenname, String nickname) - throws TokenException, EBaseException, NoSuchTokenException, - NotInitializedException, CertificateException, - CertificateEncodingException, EBaseException, - ObjectNotFoundException { + public static PrivateKey getPrivateKey(String tokenname, String nickname) + throws TokenException, EBaseException, + NoSuchTokenException, NotInitializedException, CertificateException, + CertificateEncodingException, EBaseException, ObjectNotFoundException { /* - * String caNickname = store.getString("ca.signing.tokenname"); String - * tokenName = store.getString("ca.signing.cacertnickname"); + String caNickname = store.getString("ca.signing.tokenname"); + String tokenName = store.getString("ca.signing.cacertnickname"); */ X509Certificate cert = getCertificate(tokenname, nickname); - + return CryptoManager.getInstance().findPrivKeyByCert(cert); } - public static String getCertSubjectName(String tokenname, String nickname) - throws TokenException, EBaseException, NoSuchTokenException, + public static String getCertSubjectName(String tokenname, String nickname) + throws TokenException, EBaseException, NoSuchTokenException, NotInitializedException, CertificateException, CertificateEncodingException, EBaseException { - + X509Certificate cert = getCertificate(tokenname, nickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); return impl.getSubjectDN().getName(); } - public static X509CertImpl signCert(PrivateKey privateKey, - X509CertInfo certInfo, SignatureAlgorithm sigAlg) - throws NoSuchTokenException, EBaseException, - NotInitializedException { + public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo, + SignatureAlgorithm sigAlg) + throws NoSuchTokenException, EBaseException, NotInitializedException { try { - CertificateAlgorithmId sId = (CertificateAlgorithmId) certInfo - .get(X509CertInfo.ALGORITHM_ID); - AlgorithmId sigAlgId = (AlgorithmId) sId - .get(CertificateAlgorithmId.ALGORITHM); + CertificateAlgorithmId sId = (CertificateAlgorithmId) + certInfo.get(X509CertInfo.ALGORITHM_ID); + AlgorithmId sigAlgId = + (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM); - org.mozilla.jss.crypto.PrivateKey priKey = (org.mozilla.jss.crypto.PrivateKey) privateKey; + org.mozilla.jss.crypto.PrivateKey priKey = + (org.mozilla.jss.crypto.PrivateKey) privateKey; CryptoToken token = priKey.getOwningToken(); DerOutputStream tmp = new DerOutputStream(); @@ -267,25 +270,19 @@ public class KeyCertUtil { return signedCert; } catch (IOException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_SIGNED_FAILED", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_SIGNED_FAILED", e.toString())); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", e.toString())); } catch (TokenException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_ERROR_1", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR_1", e.toString())); } catch (SignatureException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_SIGNED_FAILED", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_SIGNED_FAILED", e.toString())); } catch (InvalidKeyException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_KEY_1", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); } catch (CertificateException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", - e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } - } + } public static SignatureAlgorithm getSigningAlgorithm(String keyType) { SignatureAlgorithm sAlg = null; @@ -298,8 +295,7 @@ public class KeyCertUtil { return sAlg; } - public static SignatureAlgorithm getSigningAlgorithm(String keyType, - String hashtype) { + public static SignatureAlgorithm getSigningAlgorithm(String keyType, String hashtype) { SignatureAlgorithm sAlg = null; if (keyType.equals("RSA")) { @@ -321,9 +317,9 @@ public class KeyCertUtil { } public static AlgorithmId getAlgorithmId(String algname, IConfigStore store) - throws EBaseException { + throws EBaseException { try { - + if (algname.equals("DSA")) { byte[] p = store.getByteArray("ca.dsaP", null); byte[] q = store.getByteArray("ca.dsaQ", null); @@ -339,16 +335,15 @@ public class KeyCertUtil { } return AlgorithmId.getAlgorithmId(algname); } catch (NoSuchAlgorithmException e) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED")); } } public static X509Certificate getCertificate(String tokenname, - String nickname) throws NotInitializedException, - NoSuchTokenException, EBaseException, TokenException { + String nickname) throws NotInitializedException, NoSuchTokenException, + EBaseException, TokenException { CryptoManager manager = CryptoManager.getInstance(); - CryptoToken token = null; + CryptoToken token = null; if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { token = manager.getInternalKeyStorageToken(); @@ -365,16 +360,16 @@ public class KeyCertUtil { try { return manager.findCertByNickname(certname.toString()); } catch (ObjectNotFoundException e) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CA_SIGNINGCERT_NOT_FOUND")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CA_SIGNINGCERT_NOT_FOUND")); } } - public static KeyPair getKeyPair(String tokenname, String nickname) - throws NotInitializedException, NoSuchTokenException, - TokenException, ObjectNotFoundException, EBaseException { + public static KeyPair getKeyPair(String tokenname, String nickname) + throws NotInitializedException, NoSuchTokenException, TokenException, + ObjectNotFoundException, EBaseException { X509Certificate cert = getCertificate(tokenname, nickname); - PrivateKey priKey = CryptoManager.getInstance().findPrivKeyByCert(cert); + PrivateKey priKey = + CryptoManager.getInstance().findPrivKeyByCert(cert); PublicKey publicKey = cert.getPublicKey(); return new KeyPair(publicKey, priKey); @@ -388,8 +383,8 @@ public class KeyCertUtil { } } - public static PQGParams getCAPQG(int keysize, IConfigStore store) - throws EBaseException { + public static PQGParams getCAPQG(int keysize, IConfigStore store) + throws EBaseException { if (store != null) { try { int pqgKeySize = store.getInteger("ca.dsaPQG.keyLength", 0); @@ -415,44 +410,40 @@ public class KeyCertUtil { PQGParams pqg = PQGParams.generate(keysize); store.putInteger("ca.dsaPQG.keyLength", keysize); - store.putString("ca.dsaP", - KeyCertUtil.base64Encode(pqg.getP().toByteArray())); - store.putString("ca.dsaQ", - KeyCertUtil.base64Encode(pqg.getQ().toByteArray())); - store.putString("ca.dsaG", - KeyCertUtil.base64Encode(pqg.getG().toByteArray())); - store.putString("ca.dsaSeed", - KeyCertUtil.base64Encode(pqg.getSeed().toByteArray())); + store.putString("ca.dsaP", KeyCertUtil.base64Encode( + pqg.getP().toByteArray())); + store.putString("ca.dsaQ", KeyCertUtil.base64Encode( + pqg.getQ().toByteArray())); + store.putString("ca.dsaG", KeyCertUtil.base64Encode( + pqg.getG().toByteArray())); + store.putString("ca.dsaSeed", KeyCertUtil.base64Encode( + pqg.getSeed().toByteArray())); store.putInteger("ca.dsaCounter", pqg.getCounter()); - store.putString("ca.dsaH", - KeyCertUtil.base64Encode(pqg.getH().toByteArray())); - store.putString( - "ca.DSSParms", - KeyCertUtil.base64Encode(KeyCertUtil.makeDSSParms( - pqg.getP(), pqg.getQ(), pqg.getG()))); + store.putString("ca.dsaH", KeyCertUtil.base64Encode( + pqg.getH().toByteArray())); + store.putString("ca.DSSParms", + KeyCertUtil.base64Encode( + KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG()))); store.commit(false); return pqg; } catch (IOException ee) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } catch (EBaseException ee) { throw ee; } catch (PQGParamGenException ee) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } } return null; } public static KeyPair generateKeyPair(CryptoToken token, - KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg) - throws NoSuchAlgorithmException, TokenException, - InvalidAlgorithmParameterException, InvalidParameterException, - PQGParamGenException { + KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg) + throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException, + InvalidParameterException, PQGParamGenException { KeyPairGenerator kpGen = token.getKeyPairGenerator(kpAlg); - + if (kpAlg == KeyPairAlgorithm.DSA) { if (pqg == null) { kpGen.initialize(keySize); @@ -472,16 +463,18 @@ public class KeyCertUtil { do { // 602548 NSS bug - to overcome it, we use isBadDSAKeyPair kp = kpGen.genKeyPair(); - } while (isBadDSAKeyPair(kp)); + } + while (isBadDSAKeyPair(kp)); return kp; } } /** - * Test for a DSA key pair that will trigger a bug in NSS. The problem - * occurs when the first byte of the key is 0. This happens when the value - * otherwise would have been negative, and a zero byte is prepended to force - * it to be positive. This is blackflag bug 602548. + * Test for a DSA key pair that will trigger a bug in NSS. + * The problem occurs when the first byte of the key is 0. This + * happens when the value otherwise would have been negative, and a + * zero byte is prepended to force it to be positive. + * This is blackflag bug 602548. */ public static boolean isBadDSAKeyPair(KeyPair pair) { try { @@ -494,10 +487,9 @@ public class KeyCertUtil { BIT_STRING bs = (BIT_STRING) seq.elementAt(1); byte[] bits = bs.getBits(); - ByteArrayInputStream bitstream = new ByteArrayInputStream( - bs.getBits()); + ByteArrayInputStream bitstream = new ByteArrayInputStream(bs.getBits()); ASN1Header wrapper = new ASN1Header(bitstream); - byte[] valBytes = new byte[(int) wrapper.getContentLength()]; + byte[] valBytes = new byte[ (int) wrapper.getContentLength() ]; ASN1Util.readFully(valBytes, bitstream); @@ -511,7 +503,7 @@ public class KeyCertUtil { } public static KeyPair generateKeyPair(String tokenName, String alg, - int keySize, PQGParams pqg) throws EBaseException { + int keySize, PQGParams pqg) throws EBaseException { CryptoToken token = null; @@ -520,17 +512,14 @@ public class KeyCertUtil { try { if (tokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN)) { - token = CryptoManager.getInstance() - .getInternalKeyStorageToken(); + token = CryptoManager.getInstance().getInternalKeyStorageToken(); } else { token = CryptoManager.getInstance().getTokenByName(tokenName); } } catch (NoSuchTokenException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_NOT_FOUND", tokenName)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName)); } catch (NotInitializedException e) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED")); } KeyPairAlgorithm kpAlg = null; @@ -545,25 +534,22 @@ public class KeyCertUtil { return kp; } catch (InvalidParameterException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_KEYSIZE_PARAMS", "" + keySize)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEYSIZE_PARAMS", + "" + keySize)); } catch (PQGParamGenException e) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED")); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", kpAlg.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", + kpAlg.toString())); } catch (TokenException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_TOKEN_ERROR_1", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR_1", e.toString())); } catch (InvalidAlgorithmParameterException e) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "DSA")); } } - public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair) - throws NoSuchAlgorithmException, NoSuchProviderException, + public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair) + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { PublicKey pubk = keyPair.getPublic(); @@ -577,8 +563,8 @@ public class KeyCertUtil { } else { alg = "DSA"; } - java.security.Signature sig = java.security.Signature.getInstance(alg, - "Mozilla-JSS"); + java.security.Signature sig = + java.security.Signature.getInstance(alg, "Mozilla-JSS"); sig.initSign(keyPair.getPrivate()); @@ -592,10 +578,12 @@ public class KeyCertUtil { return pkcs10; } - public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair, - Extensions exts) throws NoSuchAlgorithmException, - NoSuchProviderException, InvalidKeyException, IOException, - CertificateException, SignatureException { + public static PKCS10 getCertRequest(String subjectName, KeyPair + keyPair, Extensions + exts) + throws NoSuchAlgorithmException, NoSuchProviderException, + InvalidKeyException, IOException, CertificateException, + SignatureException { PublicKey pubk = keyPair.getPublic(); X509Key key = convertPublicKeyToX509Key(pubk); String alg; @@ -607,16 +595,17 @@ public class KeyCertUtil { } else { alg = "DSA"; } - java.security.Signature sig = java.security.Signature.getInstance(alg, - "Mozilla-JSS"); + java.security.Signature sig = + java.security.Signature.getInstance(alg, "Mozilla-JSS"); sig.initSign(keyPair.getPrivate()); PKCS10 pkcs10 = null; if (exts != null) { - PKCS10Attribute attr = new PKCS10Attribute( - PKCS9Attribute.EXTENSION_REQUEST_OID, (CertAttrSet) exts); + PKCS10Attribute attr = new + PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, + (CertAttrSet) exts); PKCS10Attributes attrs = new PKCS10Attributes(); attrs.setAttribute(attr.getAttributeValue().getName(), attr); @@ -634,8 +623,8 @@ public class KeyCertUtil { return pkcs10; } - public static X509Key convertPublicKeyToX509Key(PublicKey pubk) - throws InvalidKeyException { + public static X509Key convertPublicKeyToX509Key(PublicKey pubk) + throws InvalidKeyException { X509Key xKey; @@ -643,9 +632,9 @@ public class KeyCertUtil { RSAPublicKey rsaKey = (RSAPublicKey) pubk; // REMOVED constructors from parameters by MLH on 1/9/99 - xKey = new netscape.security.provider.RSAPublicKey(new BigInt( - rsaKey.getModulus()), - new BigInt(rsaKey.getPublicExponent())); + xKey = new netscape.security.provider.RSAPublicKey( + new BigInt(rsaKey.getModulus()), + new BigInt(rsaKey.getPublicExponent())); } else if (pubk instanceof PK11ECPublicKey) { byte encoded[] = pubk.getEncoded(); xKey = CryptoUtil.getPublicX509ECCKey(encoded); @@ -654,41 +643,44 @@ public class KeyCertUtil { DSAPublicKey dsaKey = (DSAPublicKey) pubk; DSAParams params = dsaKey.getParams(); - xKey = new netscape.security.provider.DSAPublicKey(dsaKey.getY(), - params.getP(), params.getQ(), params.getG()); + xKey = new netscape.security.provider.DSAPublicKey( + dsaKey.getY(), + params.getP(), + params.getQ(), + params.getG()); } return xKey; } - public static X509Certificate importCert(X509CertImpl signedCert, - String nickname, String certType) throws NotInitializedException, - TokenException, CertificateEncodingException, - UserCertConflictException, NicknameConflictException, - NoSuchItemOnTokenException, CertificateException { - + public static X509Certificate + importCert(X509CertImpl signedCert, String nickname, + String certType) throws NotInitializedException, TokenException, + CertificateEncodingException, UserCertConflictException, + NicknameConflictException, NoSuchItemOnTokenException, CertificateException { + return importCert(signedCert.getEncoded(), nickname, certType); } - public static X509Certificate importCert(String b64E, String nickname, - String certType) throws NotInitializedException, TokenException, + public static X509Certificate + importCert(String b64E, String nickname, String certType) + throws NotInitializedException, TokenException, CertificateEncodingException, UserCertConflictException, - NicknameConflictException, NoSuchItemOnTokenException, - CertificateException { - + NicknameConflictException, NoSuchItemOnTokenException, CertificateException { + byte b[] = b64E.getBytes(); X509Certificate cert = getInternalCertificate(b, nickname, certType); - + if (cert instanceof InternalCertificate) { setTrust(certType, (InternalCertificate) cert); } return cert; } - public static X509Certificate importCert(byte[] b, String nickname, - String certType) throws NotInitializedException, TokenException, - CertificateEncodingException, UserCertConflictException, - NicknameConflictException, NoSuchItemOnTokenException, - CertificateException { + public static X509Certificate + importCert(byte[] b, String nickname, String certType) + throws NotInitializedException, TokenException, + CertificateEncodingException, UserCertConflictException, + NicknameConflictException, NoSuchItemOnTokenException, CertificateException { X509Certificate cert = getInternalCertificate(b, nickname, certType); @@ -698,43 +690,43 @@ public class KeyCertUtil { return cert; } - public static X509Certificate getInternalCertificate(byte[] b, - String nickname, String certType) throws NotInitializedException, - TokenException, CertificateEncodingException, - UserCertConflictException, NicknameConflictException, - NoSuchItemOnTokenException, CertificateException { + public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType) + throws NotInitializedException, TokenException, CertificateEncodingException, + UserCertConflictException, NicknameConflictException, NoSuchItemOnTokenException, + CertificateException { X509Certificate cert = null; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { cert = CryptoManager.getInstance().importUserCACertPackage(b, - nickname); - } else if (certType.equals(Constants.PR_RA_SIGNING_CERT) - || certType.equals(Constants.PR_KRA_TRANSPORT_CERT) - || certType.equals(Constants.PR_OCSP_SIGNING_CERT) - || certType.equals(Constants.PR_SERVER_CERT) - || certType.equals(Constants.PR_SERVER_CERT_RADM) - || certType.equals(Constants.PR_OTHER_CERT) - || certType.equals(Constants.PR_SUBSYSTEM_CERT)) { - cert = CryptoManager.getInstance().importCertPackage(b, nickname); + nickname); + } else if (certType.equals(Constants.PR_RA_SIGNING_CERT) || + certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || + certType.equals(Constants.PR_OCSP_SIGNING_CERT) || + certType.equals(Constants.PR_SERVER_CERT) || + certType.equals(Constants.PR_SERVER_CERT_RADM) || + certType.equals(Constants.PR_OTHER_CERT) || + certType.equals(Constants.PR_SUBSYSTEM_CERT)) { + cert = CryptoManager.getInstance().importCertPackage(b, + nickname); } else if (certType.equals(Constants.PR_SERVER_CERT_CHAIN)) { cert = CryptoManager.getInstance().importCACertPackage(b); } else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) { cert = CryptoManager.getInstance().importCACertPackage(b); - X509Certificate[] certchain = CryptoManager.getInstance() - .buildCertificateChain(cert); + X509Certificate[] certchain = CryptoManager.getInstance().buildCertificateChain(cert); if (certchain != null) { cert = certchain[certchain.length - 1]; } } - return cert; + return cert; } public static void setTrust(String certType, InternalCertificate inCert) { if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - int flag = InternalCertificate.VALID_CA - | InternalCertificate.TRUSTED_CA | InternalCertificate.USER - | InternalCertificate.TRUSTED_CLIENT_CA; + int flag = InternalCertificate.VALID_CA | + InternalCertificate.TRUSTED_CA | + InternalCertificate.USER | + InternalCertificate.TRUSTED_CLIENT_CA; inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); @@ -744,61 +736,72 @@ public class KeyCertUtil { inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); - inCert.setEmailTrust(flag); + inCert.setEmailTrust(flag); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { int flag = InternalCertificate.USER | InternalCertificate.VALID_CA; inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); - inCert.setEmailTrust(flag); - } else if (certType.equals(Constants.PR_SERVER_CERT) - || certType.equals(Constants.PR_SUBSYSTEM_CERT)) { + inCert.setEmailTrust(flag); + } else if (certType.equals(Constants.PR_SERVER_CERT) || + certType.equals(Constants.PR_SUBSYSTEM_CERT)) { int flag = InternalCertificate.USER | InternalCertificate.VALID_CA; inCert.setSSLTrust(flag); inCert.setObjectSigningTrust(flag); - inCert.setEmailTrust(flag); + inCert.setEmailTrust(flag); } else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) { - inCert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); - // inCert.setEmailTrust(InternalCertificate.TRUSTED_CA); - - // cannot set this bit. If set, then the cert will not appear when - // you called getCACerts(). - // inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA); + inCert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA | + InternalCertificate.VALID_CA); + //inCert.setEmailTrust(InternalCertificate.TRUSTED_CA); + + // cannot set this bit. If set, then the cert will not appear when you called getCACerts(). + //inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA); } } public static byte[] convertB64EToByteArray(String b64E) - throws CertificateException, IOException { + throws CertificateException, IOException { String str = CertUtils.stripCertBrackets(b64E); byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(str)); /* - * java.security.cert.X509Certificate cert = - * java.security.cert.X509Certificate.getInstance(bCert); return cert; + java.security.cert.X509Certificate cert = + java.security.cert.X509Certificate.getInstance(bCert); + return cert; */ return bCert; } /** - * ASN.1 structure: 0 30 142: SEQUENCE { 3 30 69: SEQUENCE { 5 06 3: OBJECT - * IDENTIFIER issuerAltName (2 5 29 18) 10 04 62: OCTET STRING : 30 3C 82 01 - * 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04 - * 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61 - * 70 65 2E 63 6F 6D 88 03 29 01 01 : } 74 30 69: SEQUENCE { 76 06 3: OBJECT - * IDENTIFIER subjectAltName (2 5 29 17) 81 04 62: OCTET STRING : 30 3C 82 - * 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 - * 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 - * 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } : } Uses the following to test - * with configuration wizard: + * ASN.1 structure: + * 0 30 142: SEQUENCE { + * 3 30 69: SEQUENCE { + * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18) + * 10 04 62: OCTET STRING + * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A + * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 + * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 + * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 + * : } + * 74 30 69: SEQUENCE { + * 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) + * 81 04 62: OCTET STRING + * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A + * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01 + * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 + * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01 + * : } + * : } + * Uses the following to test with configuration wizard: * MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB * FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x - * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB AQ== + * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB + * AQ== */ - public static void setDERExtension(CertificateExtensions ext, - KeyCertData properties) throws IOException { + public static void setDERExtension( + CertificateExtensions ext, KeyCertData properties) + throws IOException { String b64E = properties.getDerExtension(); @@ -822,8 +825,9 @@ public class KeyCertUtil { } } - public static void setBasicConstraintsExtension(CertificateExtensions ext, - KeyCertData properties) throws IOException { + public static void setBasicConstraintsExtension( + CertificateExtensions ext, KeyCertData properties) + throws IOException { String isCA = properties.isCA(); String certLen = properties.getCertLen(); @@ -839,29 +843,30 @@ public class KeyCertUtil { else len = Integer.parseInt(certLen); - if ((isCA == null) || (isCA.equals("")) - || (isCA.equals(Constants.FALSE))) + if ((isCA == null) || (isCA.equals("")) || + (isCA.equals(Constants.FALSE))) bool = false; else bool = true; - - BasicConstraintsExtension basic = new BasicConstraintsExtension(bool, - len); + + BasicConstraintsExtension basic = new BasicConstraintsExtension( + bool, len); ext.set(BasicConstraintsExtension.NAME, basic); } - public static void setExtendedKeyUsageExtension(CertificateExtensions ext, - KeyCertData properties) throws IOException, CertificateException { + public static void setExtendedKeyUsageExtension( + CertificateExtensions ext, KeyCertData properties) throws IOException, + CertificateException { ExtendedKeyUsageExtension ns = new ExtendedKeyUsageExtension(); boolean anyExt = false; - + String sslClient = properties.getSSLClientBit(); - + if ((sslClient != null) && (sslClient.equals(Constants.TRUE))) { ns.addOID(new ObjectIdentifier("1.3.6.1.5.5.7.3.2")); anyExt = true; - } + } String sslServer = properties.getSSLServerBit(); @@ -902,8 +907,8 @@ public class KeyCertUtil { } public static void setNetscapeCertificateExtension( - CertificateExtensions ext, KeyCertData properties) - throws IOException, CertificateException { + CertificateExtensions ext, KeyCertData properties) throws IOException, + CertificateException { NSCertTypeExtension ns = new NSCertTypeExtension(); boolean anyExt = false; @@ -952,8 +957,7 @@ public class KeyCertUtil { String objectSigningCA = properties.getObjectSigningCABit(); - if ((objectSigningCA != null) - && (objectSigningCA.equals(Constants.TRUE))) { + if ((objectSigningCA != null) && (objectSigningCA.equals(Constants.TRUE))) { ns.set(NSCertTypeExtension.OBJECT_SIGNING_CA, new Boolean(true)); anyExt = true; } @@ -961,36 +965,38 @@ public class KeyCertUtil { ext.set(NSCertTypeExtension.NAME, ns); } - public static void setOCSPNoCheck(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) - throws IOException, NoSuchAlgorithmException, InvalidKeyException { + public static void setOCSPNoCheck(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) throws IOException, + NoSuchAlgorithmException, InvalidKeyException { String noCheck = properties.getOCSPNoCheck(); if ((noCheck != null) && (noCheck.equals(Constants.TRUE))) { - OCSPNoCheckExtension noCheckExt = new OCSPNoCheckExtension(); + OCSPNoCheckExtension noCheckExt = + new OCSPNoCheckExtension(); ext.set(OCSPNoCheckExtension.NAME, noCheckExt); } } - public static void setOCSPSigning(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) - throws IOException, NoSuchAlgorithmException, InvalidKeyException { + public static void setOCSPSigning(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) throws IOException, + NoSuchAlgorithmException, InvalidKeyException { String signing = properties.getOCSPSigning(); - if ((signing != null) && (signing.equals(Constants.TRUE))) { - Vector oidSet = new Vector(); - oidSet.addElement(ObjectIdentifier - .getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning)); - ExtendedKeyUsageExtension ocspExt = new ExtendedKeyUsageExtension( - false, oidSet); + if ((signing != null) && (signing.equals(Constants.TRUE))) { + Vector oidSet = new Vector(); + oidSet.addElement( + ObjectIdentifier.getObjectIdentifier( + ExtendedKeyUsageExtension.OID_OCSPSigning)); + ExtendedKeyUsageExtension ocspExt = + new ExtendedKeyUsageExtension(false, oidSet); ext.set(ExtendedKeyUsageExtension.NAME, ocspExt); } } - public static void setAuthInfoAccess(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) - throws IOException, NoSuchAlgorithmException, InvalidKeyException { + public static void setAuthInfoAccess(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) throws IOException, + NoSuchAlgorithmException, InvalidKeyException { String aia = properties.getAIA(); if ((aia != null) && (aia.equals(Constants.TRUE))) { @@ -998,131 +1004,137 @@ public class KeyCertUtil { String port = CMS.getEENonSSLPort(); AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(false); if (hostname != null && port != null) { - String location = "http://" + hostname + ":" + port - + "/ca/ocsp"; + String location = "http://"+hostname+":"+port+"/ca/ocsp"; GeneralName ocspName = new GeneralName(new URIName(location)); - aiaExt.addAccessDescription( - AuthInfoAccessExtension.METHOD_OCSP, ocspName); + aiaExt.addAccessDescription(AuthInfoAccessExtension.METHOD_OCSP, ocspName); } ext.set(AuthInfoAccessExtension.NAME, aiaExt); } } - public static void setAuthorityKeyIdentifier(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) - throws IOException, NoSuchAlgorithmException, InvalidKeyException { + public static void setAuthorityKeyIdentifier(KeyPair keypair, + CertificateExtensions ext, KeyCertData properties) throws IOException, + NoSuchAlgorithmException, InvalidKeyException { String aki = properties.getAKI(); if ((aki != null) && (aki.equals(Constants.TRUE))) { KeyIdentifier id = createKeyIdentifier(keypair); - AuthorityKeyIdentifierExtension akiExt = new AuthorityKeyIdentifierExtension( - id, null, null); + AuthorityKeyIdentifierExtension akiExt = + new AuthorityKeyIdentifierExtension(id, null, null); ext.set(AuthorityKeyIdentifierExtension.NAME, akiExt); } } - public static void setSubjectKeyIdentifier(KeyPair keypair, - CertificateExtensions ext, KeyCertData properties) - throws IOException, NoSuchAlgorithmException, InvalidKeyException { + public static void setSubjectKeyIdentifier(KeyPair keypair, + CertificateExtensions ext, + KeyCertData properties) throws IOException, NoSuchAlgorithmException, + InvalidKeyException { String ski = properties.getSKI(); if ((ski != null) && (ski.equals(Constants.TRUE))) { KeyIdentifier id = createKeyIdentifier(keypair); - SubjectKeyIdentifierExtension skiExt = new SubjectKeyIdentifierExtension( - id.getIdentifier()); + SubjectKeyIdentifierExtension skiExt = + new SubjectKeyIdentifierExtension(id.getIdentifier()); ext.set(SubjectKeyIdentifierExtension.NAME, skiExt); } } public static void setKeyUsageExtension(CertificateExtensions ext, - KeyUsageExtension keyUsage) throws IOException { + KeyUsageExtension keyUsage) throws IOException { ext.set(KeyUsageExtension.NAME, keyUsage); } - public static KeyIdentifier createKeyIdentifier(KeyPair keypair) - throws NoSuchAlgorithmException, InvalidKeyException { + public static KeyIdentifier createKeyIdentifier(KeyPair keypair) + throws NoSuchAlgorithmException, InvalidKeyException { MessageDigest md = MessageDigest.getInstance("SHA-1"); - X509Key subjectKeyInfo = convertPublicKeyToX509Key(keypair.getPublic()); + X509Key subjectKeyInfo = convertPublicKeyToX509Key( + keypair.getPublic()); - // md.update(subjectKeyInfo.getEncoded()); + //md.update(subjectKeyInfo.getEncoded()); md.update(subjectKeyInfo.getKey()); return new KeyIdentifier(md.digest()); } - public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN) - throws LDAPException { + public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN) + throws LDAPException { String dn = "ou=certificateRepository,ou=ca," + baseDN; BigInteger serialno = null; LDAPEntry entry = conn.read(dn); - String serialnoStr = (String) entry.getAttribute("serialno") - .getStringValues().nextElement(); + String serialnoStr = (String) entry.getAttribute( + "serialno").getStringValues().nextElement(); serialno = BigIntegerMapper.BigIntegerFromDB(serialnoStr); LDAPAttribute attr = new LDAPAttribute("serialno"); - attr.addValue(BigIntegerMapper.BigIntegerToDB(serialno - .add(new BigInteger("1")))); - LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, - attr); + attr.addValue(BigIntegerMapper.BigIntegerToDB( + serialno.add(new BigInteger("1")))); + LDAPModification mod = new LDAPModification( + LDAPModification.REPLACE, attr); conn.modify(dn, mod); return serialno; } - public static void setSerialNumber(LDAPConnection conn, String baseDN, - BigInteger serial) throws LDAPException { + public static void setSerialNumber(LDAPConnection conn, + String baseDN, BigInteger serial) + throws LDAPException { String dn = "ou=certificateRepository,ou=ca," + baseDN; LDAPAttribute attr = new LDAPAttribute("serialno"); // the serial number should already be set - attr.addValue(BigIntegerMapper.BigIntegerToDB(serial)); - LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, - attr); + attr.addValue(BigIntegerMapper.BigIntegerToDB( + serial)); + LDAPModification mod = new LDAPModification( + LDAPModification.REPLACE, attr); conn.modify(dn, mod); } - public static void addCertToDB(LDAPConnection conn, String dn, - X509CertImpl cert) throws LDAPException, EBaseException { + public static void addCertToDB(LDAPConnection conn, String dn, X509CertImpl cert) + throws LDAPException, EBaseException { BigInteger serialno = cert.getSerialNumber(); X509CertImplMapper mapper = new X509CertImplMapper(); LDAPAttributeSet attrs = new LDAPAttributeSet(); - mapper.mapObjectToLDAPAttributeSet(null, null, cert, attrs); + mapper.mapObjectToLDAPAttributeSet(null, null, + cert, attrs); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", "certificateRecord")); - attrs.add(new LDAPAttribute("serialno", BigIntegerMapper - .BigIntegerToDB(serialno))); - attrs.add(new LDAPAttribute("dateOfCreate", DateMapper.dateToDB((CMS - .getCurrentDate())))); - attrs.add(new LDAPAttribute("dateOfModify", DateMapper.dateToDB((CMS - .getCurrentDate())))); - attrs.add(new LDAPAttribute("certStatus", "VALID")); - attrs.add(new LDAPAttribute("autoRenew", "ENABLED")); - attrs.add(new LDAPAttribute("issuedBy", "installation")); - LDAPEntry entry = new LDAPEntry("cn=" + serialno.toString() + "," + dn, - attrs); + attrs.add(new LDAPAttribute("objectclass", + "certificateRecord")); + attrs.add(new LDAPAttribute("serialno", + BigIntegerMapper.BigIntegerToDB( + serialno))); + attrs.add(new LDAPAttribute("dateOfCreate", + DateMapper.dateToDB((CMS.getCurrentDate())))); + attrs.add(new LDAPAttribute("dateOfModify", + DateMapper.dateToDB((CMS.getCurrentDate())))); + attrs.add(new LDAPAttribute("certStatus", + "VALID")); + attrs.add(new LDAPAttribute("autoRenew", + "ENABLED")); + attrs.add(new LDAPAttribute("issuedBy", + "installation")); + LDAPEntry entry = new LDAPEntry("cn=" + serialno.toString() + "," + dn, attrs); conn.add(entry); } - public static CertificateExtensions getExtensions(String tokenname, - String nickname) throws NotInitializedException, TokenException, - ObjectNotFoundException, IOException, CertificateException { + public static CertificateExtensions getExtensions(String tokenname, String nickname) + throws NotInitializedException, TokenException, ObjectNotFoundException, + IOException, CertificateException { String fullnickname = nickname; - if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) fullnickname = tokenname + ":" + nickname; CryptoManager manager = CryptoManager.getInstance(); X509Certificate cert = manager.findCertByNickname(fullnickname); X509CertImpl impl = new X509CertImpl(cert.getEncoded()); - X509CertInfo info = (X509CertInfo) impl.get(X509CertImpl.NAME + "." - + X509CertImpl.INFO); + X509CertInfo info = (X509CertInfo) impl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); return (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); } diff --git a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java index c04bc19f9..efeade921 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; @@ -33,6 +34,7 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; + /** * OCSP signing certificate. * @@ -40,7 +42,8 @@ import com.netscape.certsrv.security.KeyCertData; * @version $Revision$, $Date$ */ public class OCSPSigningCert extends CertificateInfo { - public static final String SUBJECT_NAME = "CN=Certificate Authority, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=Certificate Authority, O=Netscape Communications, C=US"; public OCSPSigningCert(KeyCertData properties) { this(properties, null); @@ -48,16 +51,19 @@ public class OCSPSigningCert extends CertificateInfo { public OCSPSigningCert(KeyCertData properties, KeyPair pair) { super(properties, pair); - /* - * included in console UI try { if - * (mProperties.get(Constants.PR_OCSP_SIGNING) == null) { - * mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE); } if - * (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) { - * mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE); } } catch - * (Exception e) { mProperties.put(Constants.PR_OCSP_SIGNING, - * Constants.TRUE); mProperties.put(Constants.PR_OCSP_NOCHECK, - * Constants.TRUE); } - */ + /* included in console UI + try { + if (mProperties.get(Constants.PR_OCSP_SIGNING) == null) { + mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE); + } + if (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) { + mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE); + } + } catch (Exception e) { + mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE); + mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE); + } + */ } public String getSubjectName() { @@ -79,7 +85,7 @@ public class OCSPSigningCert extends CertificateInfo { BigInteger P = new BigInteger(p); BigInteger Q = new BigInteger(q); BigInteger G = new BigInteger(g); - BigInteger pqgSeed = new BigInteger(seed); + BigInteger pqgSeed = new BigInteger(seed); BigInteger pqgH = new BigInteger(H); return new PQGParams(P, Q, G, pqgSeed, counter, pqgH); @@ -100,22 +106,20 @@ public class OCSPSigningCert extends CertificateInfo { else if (keyType.equals("DSA")) alg = "SHA1withDSA"; else - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_ALG_NOT_SUPPORTED", keyType)); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType)); cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg); if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) cmsFileTmp.putString("ca.signing.cacertnickname", nickname); else - cmsFileTmp.putString("ca.signing.cacertnickname", tokenname + ":" - + nickname); + cmsFileTmp.putString("ca.signing.cacertnickname", + tokenname + ":" + nickname); cmsFileTmp.commit(false); } public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties - .get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -136,3 +140,4 @@ public class OCSPSigningCert extends CertificateInfo { return extension; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java index 3e94d601d..48b19f62b 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.File; import java.io.InputStream; import java.io.OutputStream; @@ -29,6 +30,7 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmscore.base.JDialogPasswordCallback; + /* * A class to retrieve passwords from the SDR password cache * @@ -39,7 +41,7 @@ import com.netscape.cmscore.base.JDialogPasswordCallback; public class PWCBsdr implements PasswordCallback { InputStream in = null; OutputStream out = null; - String mprompt = ""; + String mprompt = ""; boolean firsttime = true; private PasswordCallback mCB = null; private String mPWcachedb = null; @@ -48,38 +50,38 @@ public class PWCBsdr implements PasswordCallback { public PWCBsdr() { this(null); } - + public PWCBsdr(String prompt) { in = System.in; out = System.out; mprompt = prompt; - /* - * to get the test program work - * System.out.println("before CMS.getLogger"); try { + /* to get the test program work + System.out.println("before CMS.getLogger"); + try { */ mLogger = CMS.getLogger(); /* - * } catch (NullPointerException e) { System.out.println( - * "after CMS.getLoggergot NullPointerException ... testing ok"); } - * System.out.println("after CMS.getLogger"); + } catch (NullPointerException e) { + System.out.println("after CMS.getLoggergot NullPointerException ... testing ok"); + } + System.out.println("after CMS.getLogger"); */ // get path to password cache try { mPWcachedb = CMS.getConfigStore().getString("pwCache"); - CMS.debug("got pwCache from configstore: " + mPWcachedb); + CMS.debug("got pwCache from configstore: " + + mPWcachedb); } catch (NullPointerException e) { - System.out - .println("after CMS.getConfigStore got NullPointerException ... testing ok"); + System.out.println("after CMS.getConfigStore got NullPointerException ... testing ok"); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG")); // let it fall through } - // System.out.println("after CMS.getConfigStore"); - if (File.separator.equals("/")) { + // System.out.println("after CMS.getConfigStore"); + if (File.separator.equals("/")) { // Unix mCB = new PWsdrConsolePasswordCallback(prompt); } else { @@ -88,27 +90,33 @@ public class PWCBsdr implements PasswordCallback { } // System.out.println( "Created PWCBsdr with prompt of " - // + mprompt ); + // + mprompt ); } - /* - * We are now assuming that PasswordCallbackInfo.getname() returns the tag - * we are hoping to match in the cache. + /* We are now assuming that PasswordCallbackInfo.getname() returns + * the tag we are hoping to match in the cache. */ public Password getPasswordFirstAttempt(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { CMS.debug("in getPasswordFirstAttempt"); - /* - * debugging code to see if token is logged in try { CryptoManager cm = - * CryptoManager.getInstance(); CryptoToken token = - * cm.getInternalKeyStorageToken(); if (token.isLoggedIn() == false) { - * // missed it. CMS.debug("token not yet logged in!!"); } else { - * CMS.debug("token logged in."); } } catch (Exception e) { - * CMS.debug("crypto manager error:"+e.toString()); } - * CMS.debug("still in getPasswordFirstAttempt"); + /* debugging code to see if token is logged in + try { + CryptoManager cm = CryptoManager.getInstance(); + CryptoToken token = + cm.getInternalKeyStorageToken(); + if (token.isLoggedIn() == false) { + // missed it. + CMS.debug("token not yet logged in!!"); + } else { + CMS.debug("token logged in."); + } + } catch (Exception e) { + CMS.debug("crypto manager error:"+e.toString()); + } + CMS.debug("still in getPasswordFirstAttempt"); */ Password pw = null; String tmpPrompt = info.getName(); @@ -136,7 +144,7 @@ public class PWCBsdr implements PasswordCallback { if (tmpPrompt == null) { /* no name, fail */ System.out.println("Shouldn't get here"); throw new PasswordCallback.GiveUpException(); - } else { /* get password from password cache */ + } else { /* get password from password cache */ CMS.debug("getting tag = " + tmpPrompt); PWsdrCache pwc = new PWsdrCache(mPWcachedb, mLogger); @@ -149,9 +157,8 @@ public class PWCBsdr implements PasswordCallback { return (pw); } else { /* password not found */ - // we don't want caller to do getPasswordAgain, for now - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_THROW_CALLBACK")); + // we don't want caller to do getPasswordAgain, for now + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_THROW_CALLBACK")); throw new PasswordCallback.GiveUpException(); } } @@ -162,13 +169,12 @@ public class PWCBsdr implements PasswordCallback { } } - /* - * The password cache has failed to return a password (or a usable password. - * Now we will try and get the password from the user and hopefully add the - * password to the cache pw cache + /* The password cache has failed to return a password (or a usable password. + * Now we will try and get the password from the user and hopefully add + * the password to the cache pw cache */ public Password getPasswordAgain(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { CMS.debug("in getPasswordAgain"); try { @@ -192,7 +198,7 @@ public class PWCBsdr implements PasswordCallback { } } catch (Throwable e) { // System.out.println( "BUG HERE!! in the password again!!" - // + "!!!!!!!!!!!" ); + // + "!!!!!!!!!!!" ); // e.printStackTrace(); throw new PasswordCallback.GiveUpException(); } @@ -202,12 +208,12 @@ public class PWCBsdr implements PasswordCallback { if (mLogger == null) { System.out.println(msg); } else { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " - + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg); } } } + class PWsdrConsolePasswordCallback implements PasswordCallback { private String mPrompt = null; @@ -220,7 +226,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback { } public Password getPasswordFirstAttempt(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { if (mPrompt == null) { System.out.println("Get password " + info.getName()); } else { @@ -233,7 +239,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback { } public Password getPasswordAgain(PasswordCallbackInfo info) - throws PasswordCallback.GiveUpException { + throws PasswordCallback.GiveUpException { System.out.println("Password Incorrect."); if (mPrompt == null) { System.out.println("Get password " + info.getName()); @@ -247,6 +253,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback { } } + class PWsdrDialogPasswordCallback extends JDialogPasswordCallback { private String mPrompt = null; @@ -263,3 +270,4 @@ class PWsdrDialogPasswordCallback extends JDialogPasswordCallback { } } } + diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java index 908ac1db7..3be636912 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java @@ -17,19 +17,23 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.BufferedReader; import java.io.InputStreamReader; import org.mozilla.jss.util.Password; import org.mozilla.jss.util.PasswordCallback; -public class PWUtil { - public static Password readPasswordFromStream() - throws PasswordCallback.GiveUpException { + +public class +PWUtil { + public static Password + readPasswordFromStream() + throws PasswordCallback.GiveUpException { BufferedReader in; in = new BufferedReader(new InputStreamReader(System.in)); - + StringBuffer buf = new StringBuffer(); String passwordString = new String(); int c; @@ -45,7 +49,7 @@ public class PWUtil { if (ch != '\r') { if (ch != '\n') { buf.append(ch); - } else { + } else { passwordString = buf.toString(); buf.setLength(0); break; @@ -57,10 +61,10 @@ public class PWUtil { } // memory problem? - // String passwordString = in.readLine(); - // System.out.println( "done read" ); - // System.out.println( " password recieved is [" - // + passwordString + "]" ); + // String passwordString = in.readLine(); + // System.out.println( "done read" ); + // System.out.println( " password recieved is [" + // + passwordString + "]" ); if (passwordString == null) { throw new PasswordCallback.GiveUpException(); } @@ -76,3 +80,4 @@ public class PWUtil { } } } + diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java index 51c1a3b77..12412f59c 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.File; @@ -45,6 +46,7 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; + /* * A class for managing passwords in the SDR password cache * @@ -71,8 +73,7 @@ public class PWsdrCache { mPWcachedb = CMS.getConfigStore().getString("pwCache"); CMS.debug("got pwCache file path from configstore"); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG")); // let it fall through } initToken(); @@ -84,18 +85,14 @@ public class PWsdrCache { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); - mTokenName = CMS.getConfigStore() - .getString(PROP_PWC_TOKEN_NAME); - log(ILogger.LL_DEBUG, - "pwcTokenname specified. Use token for SDR key. tokenname= " - + mTokenName); + mTokenName = CMS.getConfigStore().getString(PROP_PWC_TOKEN_NAME); + log (ILogger.LL_DEBUG, "pwcTokenname specified. Use token for SDR key. tokenname= "+mTokenName); mToken = cm.getTokenByName(mTokenName); } catch (NotInitializedException e) { - log(ILogger.LL_FAILURE, e.toString()); + log (ILogger.LL_FAILURE, e.toString()); throw new EBaseException(e.toString()); } catch (Exception e) { - log(ILogger.LL_DEBUG, - "no pwcTokenname specified, use internal token for SDR key"); + log (ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key"); mToken = cm.getInternalKeyStorageToken(); } } @@ -106,11 +103,11 @@ public class PWsdrCache { if (mKeyID == null) { try { String keyID = CMS.getConfigStore().getString(PROP_PWC_KEY_ID); - log(ILogger.LL_DEBUG, "retrieved PWC SDR key"); + log (ILogger.LL_DEBUG, "retrieved PWC SDR key"); mKeyID = base64Decode(keyID); - + } catch (Exception e) { - log(ILogger.LL_DEBUG, "no pwcSDRKey specified"); + log (ILogger.LL_DEBUG, "no pwcSDRKey specified"); throw new EBaseException(e.toString()); } } @@ -121,7 +118,7 @@ public class PWsdrCache { // Do not use for PWCBsdr, since we don't want to mistakenly // generate SDR keys in case of configuration errors public PWsdrCache(String pwCache, String pwcTokenname, byte[] keyId, - boolean isTool) throws Exception { + boolean isTool) throws Exception { mPWcachedb = pwCache; mIsTool = isTool; mTokenName = pwcTokenname; @@ -134,10 +131,10 @@ public class PWsdrCache { cm = CryptoManager.getInstance(); if (mTokenName != null) { mToken = cm.getTokenByName(mTokenName); - mToken = cm.getInternalKeyStorageToken(); - debug("PWsdrCache: mToken = " + mTokenName); + mToken = cm.getInternalKeyStorageToken(); + debug("PWsdrCache: mToken = "+mTokenName); } else { - mToken = cm.getInternalKeyStorageToken(); + mToken = cm.getInternalKeyStorageToken(); debug("PWsdrCache: mToken = internal"); } } @@ -150,54 +147,61 @@ public class PWsdrCache { return mTokenName; } - public void deleteUniqueNamedKey(String nickName) throws Exception { - KeyManager km = new KeyManager(mToken); - km.deleteUniqueNamedKey(nickName); + public void deleteUniqueNamedKey( String nickName ) + throws Exception + { + KeyManager km = new KeyManager( mToken ); + km.deleteUniqueNamedKey( nickName ); } - public byte[] generateSDRKey() throws Exception { - return generateSDRKeyWithNickName(PROP_PWC_NICKNAME); + public byte[] generateSDRKey () throws Exception { + return generateSDRKeyWithNickName(PROP_PWC_NICKNAME); } - public byte[] generateSDRKeyWithNickName(String nickName) throws Exception { + public byte[] generateSDRKeyWithNickName (String nickName) + throws Exception + { try { if (mIsTool != true) { // generate SDR key KeyManager km = new KeyManager(mToken); try { - // Bugscape Bug #54838: Due to the CMS cloning feature, - // we must check for the presence of - // a uniquely named symmetric key - // prior to making an attempt to - // generate it! + // Bugscape Bug #54838: Due to the CMS cloning feature, + // we must check for the presence of + // a uniquely named symmetric key + // prior to making an attempt to + // generate it! // - if (!(km.uniqueNamedKeyExists(nickName))) { - mKeyID = km.generateUniqueNamedKey(nickName); + if( !( km.uniqueNamedKeyExists( nickName ) ) ) { + mKeyID = km.generateUniqueNamedKey( nickName ); } } catch (TokenException e) { - log(0, "generateSDRKey() failed on " + e.toString()); + log (0, "generateSDRKey() failed on "+e.toString()); throw e; } } } catch (Exception e) { - log(ILogger.LL_FAILURE, e.toString()); + log (ILogger.LL_FAILURE, e.toString()); throw e; } return mKeyID; } public byte[] base64Decode(String s) throws IOException { - byte[] d = com.netscape.osutil.OSUtil.AtoB(s); - return d; + byte[] d = com.netscape.osutil.OSUtil.AtoB(s); + return d; } public static String base64Encode(byte[] bytes) throws IOException { // All this streaming is lame, but Base64OutputStream needs a // PrintStream ByteArrayOutputStream output = new ByteArrayOutputStream(); - Base64OutputStream b64 = new Base64OutputStream(new PrintStream( - new FilterOutputStream(output))); + Base64OutputStream b64 = new Base64OutputStream(new + PrintStream(new + FilterOutputStream(output) + ) + ); b64.write(bytes); b64.flush(); @@ -207,8 +211,10 @@ public class PWsdrCache { return output.toString("8859_1"); } + // for PWCBsdr - public PWsdrCache(String pwCache, ILogger logger) throws EBaseException { + public PWsdrCache(String pwCache, ILogger logger) throws + EBaseException { mLogger = logger; mPWcachedb = pwCache; initToken(); @@ -229,9 +235,8 @@ public class PWsdrCache { /* * add passwd in pwcache. */ - public void addEntry(String tag, String pwd, Hashtable tagPwds) - throws EBaseException { - + public void addEntry(String tag, String pwd, Hashtable tagPwds) throws EBaseException { + String stringToAdd = null; String bufs = null; @@ -244,7 +249,7 @@ public class PWsdrCache { tag = (String) enum1.nextElement(); pwd = (String) tagPwds.get(tag); debug("password tag: " + tag + " stored in " + mPWcachedb); - + if (stringToAdd == null) { stringToAdd = tag + ":" + pwd + "\n"; } else { @@ -257,7 +262,7 @@ public class PWsdrCache { if (dcrypts != null) { // converts to Hashtable, replace if tag exists, add - // if tag doesn't exist + // if tag doesn't exist Hashtable ht = string2Hashtable(dcrypts); if (ht.containsKey(tag) == false) { @@ -272,7 +277,7 @@ public class PWsdrCache { debug("adding new tag: " + tag); bufs = stringToAdd; } - + // write update to cache writePWcache(bufs); } @@ -287,7 +292,7 @@ public class PWsdrCache { if (dcrypts != null) { // converts to Hashtable, replace if tag exists, add - // if tag doesn't exist + // if tag doesn't exist Hashtable ht = string2Hashtable(dcrypts); if (ht.containsKey(tag) == false) { @@ -302,7 +307,7 @@ public class PWsdrCache { debug("password cache contains no tags"); return; } - + // write update to cache writePWcache(bufs); } @@ -332,14 +337,10 @@ public class PWsdrCache { } inputs.close(); } catch (FileNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } @@ -350,9 +351,7 @@ public class PWsdrCache { dcrypts = new String(dcryptb, "UTF-8"); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_DECRYPT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_DECRYPT", e.toString())); e.printStackTrace(); throw new EBaseException("password cache decrypt failed"); } @@ -367,7 +366,7 @@ public class PWsdrCache { public void writePWcache(String bufs) throws EBaseException { try { Encryptor sdr = new Encryptor(mToken, mKeyID, - Encryptor.DEFAULT_ENCRYPTION_ALG); + Encryptor.DEFAULT_ENCRYPTION_ALG); byte[] writebuf = null; @@ -375,9 +374,7 @@ public class PWsdrCache { // now encrypt it again writebuf = sdr.encrypt(bufs.getBytes("UTF-8")); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_ENCRYPT", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_ENCRYPT", e.toString())); e.printStackTrace(); throw new EBaseException("password cache encrypt failed"); } @@ -389,8 +386,7 @@ public class PWsdrCache { tmpPWcache.delete(); tmpPWcache = new File(mPWcachedb + ".tmp"); } - FileOutputStream outstream = new FileOutputStream(mPWcachedb - + ".tmp"); + FileOutputStream outstream = new FileOutputStream(mPWcachedb + ".tmp"); outstream.write(writebuf); outstream.close(); @@ -398,54 +394,48 @@ public class PWsdrCache { File origFile = new File(mPWcachedb); try { - if (Utils.isNT()) { + if( Utils.isNT() ) { // NT is very picky on the path - Utils.exec("copy " - + tmpPWcache.getAbsolutePath().replace('/', '\\') - + " " - + origFile.getAbsolutePath().replace('/', '\\')); + Utils.exec( "copy " + + tmpPWcache.getAbsolutePath().replace( '/', + '\\' ) + + " " + + origFile.getAbsolutePath().replace( '/', + '\\' ) ); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec("cp -p " + tmpPWcache.getAbsolutePath() + " " - + origFile.getAbsolutePath()); + Utils.exec( "cp -p " + tmpPWcache.getAbsolutePath() + " " + + origFile.getAbsolutePath() ); } // Remove the original file if and only if // the backup copy was successful. - if (origFile.exists()) { - if (!Utils.isNT()) { + if( origFile.exists() ) { + if( !Utils.isNT() ) { try { - Utils.exec("chmod 00660 " - + origFile.getCanonicalPath()); - } catch (IOException e) { - CMS.debug("Unable to change file permissions on " - + origFile.toString()); + Utils.exec( "chmod 00660 " + + origFile.getCanonicalPath() ); + } catch( IOException e ) { + CMS.debug( "Unable to change file permissions on " + + origFile.toString() ); } } tmpPWcache.delete(); - debug("operation completed for " + mPWcachedb); + debug( "operation completed for " + mPWcachedb ); } } catch (Exception exx) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", - exx.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", exx.toString())); throw new EBaseException(exx.toString() + ": " + mPWcachedb); } } catch (FileNotFoundException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString())); throw new EBaseException(e.toString() + ": " + mPWcachedb); } } @@ -457,7 +447,7 @@ public class PWsdrCache { while (enum1.hasMoreElements()) { String tag = (String) enum1.nextElement(); String pwd = (String) ht.get(tag); - + if (returnString == null) { returnString = tag + ":" + pwd + "\n"; } else { @@ -480,18 +470,19 @@ public class PWsdrCache { if (colonIdx != -1) { String tag = line.substring(0, colonIdx); - String passwd = line.substring(colonIdx + 1, line.length()); + String passwd = line.substring(colonIdx + 1, + line.length()); ht.put(tag.trim(), passwd.trim()); } else { - // invalid format...log or throw...later + //invalid format...log or throw...later } } return ht; } /* - * get password from cache. This one supplies cache file name + * get password from cache. This one supplies cache file name */ public Password getEntry(String fileName, String tag) { mPWcachedb = fileName; @@ -499,8 +490,8 @@ public class PWsdrCache { } /* - * if tag found with pwd, return it if tag not found, return null, which - * will cause it to give up + * if tag found with pwd, return it + * if tag not found, return null, which will cause it to give up */ public Password getEntry(String tag) { Hashtable pwTable = null; @@ -518,8 +509,7 @@ public class PWsdrCache { try { dcrypts = readPWcache(); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString())); return null; } @@ -537,13 +527,12 @@ public class PWsdrCache { debug("getEntry gotten password for " + tag); return new Password(pw.toCharArray()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_TAG", tag)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_TAG", tag)); return null; } } - // copied from IOUtil.java + //copied from IOUtil.java /** * Checks if this is NT. */ @@ -577,17 +566,22 @@ public class PWsdrCache { if (process.exitValue() == 0) { /** - * pOut = new BufferedReader( new - * InputStreamReader(process.getInputStream())); while ((l = - * pOut.readLine()) != null) { System.out.println(l); } + pOut = new BufferedReader( + new InputStreamReader(process.getInputStream())); + while ((l = pOut.readLine()) != null) { + System.out.println(l); + } **/ return true; } else { /** - * pOut = new BufferedReader( new - * InputStreamReader(process.getErrorStream())); l = null; while - * ((l = pOut.readLine()) != null) { System.out.println(l); } + pOut = new BufferedReader( + new InputStreamReader(process.getErrorStream())); + l = null; + while ((l = pOut.readLine()) != null) { + System.out.println(l); + } **/ return false; } @@ -605,7 +599,7 @@ public class PWsdrCache { public void log(int level, String msg) { if (mLogger != null) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "PWsdrCache " + msg); + "PWsdrCache " + msg); } else if (mIsTool) { System.out.println(msg); } // else it's most likely the installation wizard...no logging @@ -621,8 +615,7 @@ public class PWsdrCache { try { dcrypts = readPWcache(); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString())); return false; } @@ -639,11 +632,13 @@ public class PWsdrCache { if (colonIdx != -1) { String tag = line.substring(0, colonIdx); - String passwd = line.substring(colonIdx + 1, line.length()); + String passwd = line.substring(colonIdx + 1, + line.length()); - debug(tag.trim() + " : " + passwd.trim()); + debug(tag.trim() + + " : " + passwd.trim()); } else { - // invalid format...log or throw...later + //invalid format...log or throw...later debug("invalid format"); } } diff --git a/pki/base/common/src/com/netscape/cmscore/security/Provider.java b/pki/base/common/src/com/netscape/cmscore/security/Provider.java index f4d8c03c2..0e7f8e2e8 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/Provider.java +++ b/pki/base/common/src/com/netscape/cmscore/security/Provider.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + public class Provider extends java.security.Provider { /** @@ -25,11 +26,12 @@ public class Provider extends java.security.Provider { private static final long serialVersionUID = -8050884788034389693L; public Provider() { - super("CMS", 1.4, "Provides Signature and Message Digesting"); + super("CMS", 1.4, + "Provides Signature and Message Digesting"); - // /////////////////////////////////////////////////////////// + ///////////////////////////////////////////////////////////// // Signature - // /////////////////////////////////////////////////////////// + ///////////////////////////////////////////////////////////// put("Signature.SHA1withDSA", "org.mozilla.jss.provider.DSASignature"); @@ -43,13 +45,14 @@ public class Provider extends java.security.Provider { put("Signature.MD5/RSA", "org.mozilla.jss.provider.MD5RSASignature"); put("Signature.MD2/RSA", "org.mozilla.jss.provider.MD2RSASignature"); - put("Signature.SHA-1/RSA", "org.mozilla.jss.provider.SHA1RSASignature"); + put("Signature.SHA-1/RSA", + "org.mozilla.jss.provider.SHA1RSASignature"); put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA"); - // /////////////////////////////////////////////////////////// + ///////////////////////////////////////////////////////////// // Message Digesting - // /////////////////////////////////////////////////////////// + ///////////////////////////////////////////////////////////// } } diff --git a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java index 5302c5e70..1ac8f0ea7 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.IOException; import java.security.KeyPair; @@ -28,14 +29,16 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; + /** - * RA signing certificate + * RA signing certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class RASigningCert extends CertificateInfo { - public static final String SUBJECT_NAME = "CN=Registration Authority, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=Registration Authority, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public RASigningCert(KeyCertData properties) { @@ -46,7 +49,8 @@ public class RASigningCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; try { if (mProperties.get(Constants.PR_AKI) == null) { @@ -74,8 +78,8 @@ public class RASigningCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties - .get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = + (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -83,14 +87,19 @@ public class RASigningCert extends CertificateInfo { } /* - * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg - * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); - * if (sAlg != null) { return sAlg; } String alg = - * (String)mProperties.get(Constants.PR_KEY_TYPE); - * - * if (alg.equals("RSA")) return - * SignatureAlgorithm.RSASignatureWithMD5Digest; else return - * SignatureAlgorithm.DSASignatureWithSHA1Digest; } + public SignatureAlgorithm getSigningAlgorithm() { + SignatureAlgorithm sAlg = + (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + if (sAlg != null) { + return sAlg; + } + String alg = (String)mProperties.get(Constants.PR_KEY_TYPE); + + if (alg.equals("RSA")) + return SignatureAlgorithm.RSASignatureWithMD5Digest; + else + return SignatureAlgorithm.DSASignatureWithSHA1Digest; + } */ public String getKeyAlgorithm() { @@ -104,3 +113,4 @@ public class RASigningCert extends CertificateInfo { return extension; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java index b886ec36a..eab48bdf5 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.IOException; import java.security.KeyPair; @@ -28,14 +29,16 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; + /** - * SSL server certificate + * SSL server certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class SSLCert extends CertificateInfo { - public static final String SUBJECT_NAME = "CN=SSL, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=SSL, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public SSLCert(KeyCertData properties) { @@ -46,7 +49,8 @@ public class SSLCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; try { if (mProperties.get(Constants.PR_AKI) == null) { @@ -58,7 +62,7 @@ public class SSLCert extends CertificateInfo { // 020598: The server bit has to be turned on. Otherwise, it might // crash jss. - // mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE); + //mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE); } public void updateConfig(IConfigStore cmsFileTmp) throws EBaseException { @@ -83,8 +87,8 @@ public class SSLCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties - .get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = + (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -92,14 +96,19 @@ public class SSLCert extends CertificateInfo { } /* - * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg - * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); - * if (sAlg != null) { return sAlg; } String alg = - * (String)mProperties.get(Constants.PR_KEY_TYPE); - * - * if (alg.equals("RSA")) return - * SignatureAlgorithm.RSASignatureWithMD5Digest; else return - * SignatureAlgorithm.DSASignatureWithSHA1Digest; } + public SignatureAlgorithm getSigningAlgorithm() { + SignatureAlgorithm sAlg = + (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + if (sAlg != null) { + return sAlg; + } + String alg = (String)mProperties.get(Constants.PR_KEY_TYPE); + + if (alg.equals("RSA")) + return SignatureAlgorithm.RSASignatureWithMD5Digest; + else + return SignatureAlgorithm.DSASignatureWithSHA1Digest; + } */ public String getKeyAlgorithm() { @@ -116,3 +125,4 @@ public class SSLCert extends CertificateInfo { return extension; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java index b210ce7a2..ac7eb2ad9 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.IOException; import java.security.KeyPair; @@ -28,14 +29,16 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; + /** - * SSL server certificate + * SSL server certificate * * @author Christine Ho * @version $Revision$, $Date$ */ public class SSLSelfSignedCert extends CertificateInfo { - public static final String SUBJECT_NAME = "CN=SSL, O=Netscape Communications, C=US"; + public static final String SUBJECT_NAME = + "CN=SSL, O=Netscape Communications, C=US"; private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME; public SSLSelfSignedCert(KeyCertData properties) { @@ -46,7 +49,8 @@ public class SSLSelfSignedCert extends CertificateInfo { super(properties, pair); String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME); - if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) + if ((tmp != null) && + (!tmp.equals(Constants.PR_INTERNAL_TOKEN))) mTokenname = tmp; mProperties.remove(Constants.PR_AKI); @@ -75,8 +79,8 @@ public class SSLSelfSignedCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties - .get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = + (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -84,14 +88,19 @@ public class SSLSelfSignedCert extends CertificateInfo { } /* - * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg - * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); - * if (sAlg != null) { return sAlg; } String alg = - * (String)mProperties.get(Constants.PR_KEY_TYPE); - * - * if (alg.equals("RSA")) return - * SignatureAlgorithm.RSASignatureWithMD5Digest; else return - * SignatureAlgorithm.DSASignatureWithSHA1Digest; } + public SignatureAlgorithm getSigningAlgorithm() { + SignatureAlgorithm sAlg = + (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM); + if (sAlg != null) { + return sAlg; + } + String alg = (String)mProperties.get(Constants.PR_KEY_TYPE); + + if (alg.equals("RSA")) + return SignatureAlgorithm.RSASignatureWithMD5Digest; + else + return SignatureAlgorithm.DSASignatureWithSHA1Digest; + } */ public String getKeyAlgorithm() { @@ -105,8 +114,9 @@ public class SSLSelfSignedCert extends CertificateInfo { KeyUsageExtension extension = new KeyUsageExtension(); extension.set(KeyUsageExtension.DIGITAL_SIGNATURE, new Boolean(true)); - // extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true)); + //extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true)); extension.set(KeyUsageExtension.KEY_ENCIPHERMENT, new Boolean(true)); return extension; } } + diff --git a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java index e5a036d1d..bd630de84 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java +++ b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.security; + import java.io.IOException; import java.security.KeyPair; @@ -28,6 +29,7 @@ import com.netscape.certsrv.common.ConfigConstants; import com.netscape.certsrv.common.Constants; import com.netscape.certsrv.security.KeyCertData; + /** * Subsystem certificate. * @@ -59,8 +61,7 @@ public class SubsystemCert extends CertificateInfo { public String getNickname() { String name = (String) mProperties.get(Constants.PR_NICKNAME); - String instanceName = (String) mProperties - .get(ConfigConstants.PR_CERT_INSTANCE_NAME); + String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME); if (name != null) return name; @@ -80,3 +81,4 @@ public class SubsystemCert extends CertificateInfo { return extension; } } + |