summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cmscore/security
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/security')
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java46
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java138
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java1754
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java39
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java562
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java41
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java92
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/PWUtil.java23
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java215
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/Provider.java15
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java36
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/SSLCert.java38
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java38
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java6
14 files changed, 1352 insertions, 1691 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
index 22c939582..04f442a35 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
@@ -33,6 +34,7 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
+
/**
* CA signing certificate.
*
@@ -41,7 +43,8 @@ import com.netscape.certsrv.security.KeyCertData;
*/
public class CASigningCert extends CertificateInfo {
- public static final String SUBJECT_NAME = "CN=Certificate Authority, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME =
+ "CN=Certificate Authority, O=Netscape Communications, C=US";
public CASigningCert(KeyCertData properties) {
this(properties, null);
@@ -49,11 +52,15 @@ public class CASigningCert extends CertificateInfo {
public CASigningCert(KeyCertData properties, KeyPair pair) {
super(properties, pair);
- /*
- * included in console UI try { if (mProperties.get(Constants.PR_AKI) ==
- * null) { mProperties.put(Constants.PR_AKI, Constants.FALSE); } } catch
- * (Exception e) { mProperties.put(Constants.PR_AKI, Constants.FALSE); }
- */
+ /* included in console UI
+ try {
+ if (mProperties.get(Constants.PR_AKI) == null) {
+ mProperties.put(Constants.PR_AKI, Constants.FALSE);
+ }
+ } catch (Exception e) {
+ mProperties.put(Constants.PR_AKI, Constants.FALSE);
+ }
+ */
try {
if (mProperties.get(Constants.PR_CERT_LEN) == null) {
mProperties.put(Constants.PR_CERT_LEN, "-1");
@@ -70,11 +77,15 @@ public class CASigningCert extends CertificateInfo {
// "null" mean no BasicConstriant
mProperties.put(Constants.PR_IS_CA, "null");
}
- /*
- * included in console UI try { if (mProperties.get(Constants.PR_SKI) ==
- * null) { mProperties.put(Constants.PR_SKI, Constants.FALSE); } } catch
- * (Exception e) { mProperties.put(Constants.PR_SKI, Constants.FALSE); }
- */
+ /* included in console UI
+ try {
+ if (mProperties.get(Constants.PR_SKI) == null) {
+ mProperties.put(Constants.PR_SKI, Constants.FALSE);
+ }
+ } catch (Exception e) {
+ mProperties.put(Constants.PR_SKI, Constants.FALSE);
+ }
+ */
}
public String getSubjectName() {
@@ -96,7 +107,7 @@ public class CASigningCert extends CertificateInfo {
BigInteger P = new BigInteger(p);
BigInteger Q = new BigInteger(q);
BigInteger G = new BigInteger(g);
- BigInteger pqgSeed = new BigInteger(seed);
+ BigInteger pqgSeed = new BigInteger(seed);
BigInteger pqgH = new BigInteger(H);
return new PQGParams(P, Q, G, pqgSeed, counter, pqgH);
@@ -117,22 +128,20 @@ public class CASigningCert extends CertificateInfo {
else if (keyType.equals("RSA"))
alg = "SHA1withRSA";
else
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", keyType));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType));
cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
cmsFileTmp.putString("ca.signing.cacertnickname", nickname);
else
- cmsFileTmp.putString("ca.signing.cacertnickname", tokenname + ":"
- + nickname);
+ cmsFileTmp.putString("ca.signing.cacertnickname",
+ tokenname + ":" + nickname);
cmsFileTmp.commit(false);
}
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties
- .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -153,3 +162,4 @@ public class CASigningCert extends CertificateInfo {
return extension;
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
index b093fba59..dc240dac2 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
@@ -59,6 +60,7 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
+
/**
* This base class provides methods to import CA signing cert or get certificate
* request.
@@ -86,12 +88,11 @@ public abstract class CertificateInfo {
mConfig = (IConfigStore) (mProperties.get("cmsFile"));
}
- protected abstract KeyUsageExtension getKeyUsageExtension()
- throws IOException;
+ protected abstract KeyUsageExtension getKeyUsageExtension() throws IOException;
public abstract String getSubjectName();
- // public abstract SignatureAlgorithm getSigningAlgorithm();
+ //public abstract SignatureAlgorithm getSigningAlgorithm();
public abstract String getKeyAlgorithm();
public abstract String getNickname();
@@ -101,12 +102,12 @@ public abstract class CertificateInfo {
public CertificateValidity getCertificateValidity() throws EBaseException {
/*
- * String period =
- * (String)mProperties.get(Constants.PR_VALIDITY_PERIOD); Date
- * notBeforeDate = CMS.getCurrentDate(); Date notAfterDate = new
- * Date(notBeforeDate.getYear(), notBeforeDate.getMonth(),
- * notBeforeDate.getDate()+Integer.parseInt(period)); return new
- * CertificateValidity(notBeforeDate, notAfterDate);
+ String period = (String)mProperties.get(Constants.PR_VALIDITY_PERIOD);
+ Date notBeforeDate = CMS.getCurrentDate();
+ Date notAfterDate = new Date(notBeforeDate.getYear(),
+ notBeforeDate.getMonth(),
+ notBeforeDate.getDate()+Integer.parseInt(period));
+ return new CertificateValidity(notBeforeDate, notAfterDate);
*/
Date notBeforeDate = null;
Date notAfterDate = null;
@@ -117,41 +118,52 @@ public abstract class CertificateInfo {
notBeforeDate = new Date(Long.parseLong(notBeforeStr));
notAfterDate = new Date(Long.parseLong(notAfterStr));
} else {
- int beginYear = Integer.parseInt(mProperties.getBeginYear()) - 1900;
- int afterYear = Integer.parseInt(mProperties.getAfterYear()) - 1900;
- int beginMonth = Integer.parseInt(mProperties.getBeginMonth());
- int afterMonth = Integer.parseInt(mProperties.getAfterMonth());
- int beginDate = Integer.parseInt(mProperties.getBeginDate());
- int afterDate = Integer.parseInt(mProperties.getAfterDate());
- int beginHour = Integer.parseInt(mProperties.getBeginHour());
- int afterHour = Integer.parseInt(mProperties.getAfterHour());
- int beginMin = Integer.parseInt(mProperties.getBeginMin());
- int afterMin = Integer.parseInt(mProperties.getAfterMin());
- int beginSec = Integer.parseInt(mProperties.getBeginSec());
- int afterSec = Integer.parseInt(mProperties.getAfterSec());
+ int beginYear =
+ Integer.parseInt(mProperties.getBeginYear()) - 1900;
+ int afterYear =
+ Integer.parseInt(mProperties.getAfterYear()) - 1900;
+ int beginMonth =
+ Integer.parseInt(mProperties.getBeginMonth());
+ int afterMonth =
+ Integer.parseInt(mProperties.getAfterMonth());
+ int beginDate =
+ Integer.parseInt(mProperties.getBeginDate());
+ int afterDate =
+ Integer.parseInt(mProperties.getAfterDate());
+ int beginHour =
+ Integer.parseInt(mProperties.getBeginHour());
+ int afterHour =
+ Integer.parseInt(mProperties.getAfterHour());
+ int beginMin =
+ Integer.parseInt(mProperties.getBeginMin());
+ int afterMin =
+ Integer.parseInt(mProperties.getAfterMin());
+ int beginSec =
+ Integer.parseInt(mProperties.getBeginSec());
+ int afterSec =
+ Integer.parseInt(mProperties.getAfterSec());
Calendar calendar = Calendar.getInstance();
- calendar.set(beginYear, beginMonth, beginDate, beginHour, beginMin,
- beginSec);
+ calendar.set(beginYear, beginMonth, beginDate,
+ beginHour, beginMin, beginSec);
notBeforeDate = calendar.getTime();
- calendar.set(afterYear, afterMonth, afterDate, afterHour, afterMin,
- afterSec);
+ calendar.set(afterYear, afterMonth, afterDate,
+ afterHour, afterMin, afterSec);
notAfterDate = calendar.getTime();
}
return new CertificateValidity(notBeforeDate, notAfterDate);
}
- public X509CertInfo getCertInfo() throws EBaseException,
- PQGParamGenException {
+ public X509CertInfo getCertInfo() throws EBaseException, PQGParamGenException {
X509CertInfo certInfo = new X509CertInfo();
try {
- certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
- CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION,
+ new CertificateVersion(CertificateVersion.V3));
BigInteger serialNumber = mProperties.getSerialNumber();
certInfo.set(X509CertInfo.SERIAL_NUMBER,
- new CertificateSerialNumber(serialNumber));
+ new CertificateSerialNumber(serialNumber));
certInfo.set(X509CertInfo.EXTENSIONS, getExtensions());
certInfo.set(X509CertInfo.VALIDITY, getCertificateValidity());
String issuerName = mProperties.getIssuerName();
@@ -160,51 +172,46 @@ public abstract class CertificateInfo {
issuerName = getSubjectName();
}
- certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(
- new X500Name(issuerName)));
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- new X500Name(getSubjectName())));
- certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
- CertificateVersion.V3));
+ certInfo.set(X509CertInfo.ISSUER,
+ new CertificateIssuerName(new X500Name(issuerName)));
+ certInfo.set(X509CertInfo.SUBJECT,
+ new CertificateSubjectName(new X500Name(getSubjectName())));
+ certInfo.set(X509CertInfo.VERSION,
+ new CertificateVersion(CertificateVersion.V3));
PublicKey pubk = mKeyPair.getPublic();
X509Key xKey = KeyCertUtil.convertPublicKeyToX509Key(pubk);
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(xKey));
- // SignatureAlgorithm algm = getSigningAlgorithm();
- SignatureAlgorithm algm = (SignatureAlgorithm) mProperties
- .get(Constants.PR_SIGNATURE_ALGORITHM);
+ //SignatureAlgorithm algm = getSigningAlgorithm();
+ SignatureAlgorithm algm =
+ (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
if (algm == null) {
- String hashtype = (String) mProperties
- .get(ConfigConstants.PR_HASH_TYPE);
+ String hashtype = (String) mProperties.get(ConfigConstants.PR_HASH_TYPE);
- algm = KeyCertUtil.getSigningAlgorithm(getKeyAlgorithm(),
- hashtype);
+ algm = KeyCertUtil.getSigningAlgorithm(getKeyAlgorithm(), hashtype);
mProperties.put(Constants.PR_SIGNATURE_ALGORITHM, algm);
}
AlgorithmId sigAlgId = getAlgorithmId();
if (sigAlgId == null) {
- byte[] encodedOID = ASN1Util.encode(algm.toOID());
+ byte[]encodedOID = ASN1Util.encode(algm.toOID());
sigAlgId = new AlgorithmId(new ObjectIdentifier(
- new DerInputStream(encodedOID)));
+ new DerInputStream(encodedOID)));
}
- certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(
- sigAlgId));
+ certInfo.set(X509CertInfo.ALGORITHM_ID,
+ new CertificateAlgorithmId(sigAlgId));
} catch (InvalidKeyException e) {
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY"));
- } catch (CertificateException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_CERT", e.toString()));
+ } catch (CertificateException e) {
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
} catch (IOException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", ""));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", ""));
}
return certInfo;
@@ -218,7 +225,7 @@ public abstract class CertificateInfo {
KeyCertUtil.setDERExtension(exts, mProperties);
KeyCertUtil.setBasicConstraintsExtension(exts, mProperties);
KeyCertUtil.setSubjectKeyIdentifier(mKeyPair, exts, mProperties);
- // KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties);
+ //KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties);
KeyCertUtil.setAuthInfoAccess(mKeyPair, exts, mProperties);
KeyCertUtil.setOCSPNoCheck(mKeyPair, exts, mProperties);
KeyPair caKeyPair = (KeyPair) mProperties.get(Constants.PR_CA_KEYPAIR);
@@ -238,7 +245,8 @@ public abstract class CertificateInfo {
boolean isKeyUsageEnabled = mProperties.getKeyUsageExtension();
if (isKeyUsageEnabled) {
- KeyCertUtil.setKeyUsageExtension(exts, getKeyUsageExtension());
+ KeyCertUtil.setKeyUsageExtension(
+ exts, getKeyUsageExtension());
}
return exts;
}
@@ -247,27 +255,27 @@ public abstract class CertificateInfo {
return (AlgorithmId) (mProperties.get(Constants.PR_ALGORITHM_ID));
}
- public void setAuthorityKeyIdExt(CertificateExtensions caexts,
- CertificateExtensions ext) throws IOException,
- CertificateException, CertificateEncodingException,
+ public void setAuthorityKeyIdExt(CertificateExtensions caexts, CertificateExtensions ext)
+ throws IOException, CertificateException, CertificateEncodingException,
CertificateParsingException {
SubjectKeyIdentifierExtension subjKeyExt = null;
try {
- subjKeyExt = (SubjectKeyIdentifierExtension) caexts
- .get(SubjectKeyIdentifierExtension.NAME);
+ subjKeyExt =
+ (SubjectKeyIdentifierExtension) caexts.get(SubjectKeyIdentifierExtension.NAME);
} catch (IOException e) {
}
if (subjKeyExt == null)
return;
else {
- KeyIdentifier keyId = (KeyIdentifier) subjKeyExt
- .get(SubjectKeyIdentifierExtension.KEY_ID);
- AuthorityKeyIdentifierExtension authExt = new AuthorityKeyIdentifierExtension(
- false, keyId, null, null);
+ KeyIdentifier keyId = (KeyIdentifier) subjKeyExt.get(
+ SubjectKeyIdentifierExtension.KEY_ID);
+ AuthorityKeyIdentifierExtension authExt =
+ new AuthorityKeyIdentifierExtension(false, keyId, null, null);
ext.set(AuthorityKeyIdentifierExtension.NAME, authExt);
}
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
index 976b8e7ec..d0df7d1a9 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
@@ -100,10 +101,10 @@ import com.netscape.cmscore.cert.CertUtils;
import com.netscape.cmscore.util.Debug;
import com.netscape.cmsutil.crypto.CryptoUtil;
+
/**
* Subsystem for initializing JSS>
* <P>
- *
* @version $Revision$ $Date$
*/
public final class JssSubsystem implements ICryptoSubsystem {
@@ -130,15 +131,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
private Hashtable mNicknameMapCertsTable = new Hashtable();
private Hashtable mNicknameMapUserCertsTable = new Hashtable();
- private FileInputStream devRandomInputStream = null;
+ private FileInputStream devRandomInputStream=null;
- // This date format is to format the date string of the certificate in such
- // a way as
+ // This date format is to format the date string of the certificate in such a way as
// May 01, 1999 01:55:55.
- private static SimpleDateFormat mFormatter = new SimpleDateFormat(
- "MMMMM dd, yyyy HH:mm:ss");
+ private static SimpleDateFormat mFormatter = new SimpleDateFormat("MMMMM dd, yyyy HH:mm:ss");
- // SSL related variables.
+ // SSL related variables.
private IConfigStore mSSLConfig = null;
@@ -148,20 +147,20 @@ public final class JssSubsystem implements ICryptoSubsystem {
private static Hashtable mCipherNames = new Hashtable();
- /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config. */
- private static final String DEFAULT_CIPHERPREF = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,"
- + "TLS_RSA_WITH_AES_128_CBC_SHA,"
- + "TLS_RSA_WITH_AES_256_CBC_SHA,"
- + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,"
- + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,"
- +
- // "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
- // "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
- // "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
- "TLS_DHE_DSS_WITH_AES_128_CBC_SHA,"
- + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA,"
- + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA,"
- + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+ /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config.*/
+ private static final String DEFAULT_CIPHERPREF =
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +
+ "TLS_RSA_WITH_AES_128_CBC_SHA," +
+ "TLS_RSA_WITH_AES_256_CBC_SHA," +
+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +
+// "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
+// "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
+// "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
+ "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +
+ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
/* list of all ciphers JSS supports */
private static final int mJSSCipherSuites[] = {
@@ -179,51 +178,50 @@ public final class JssSubsystem implements ICryptoSubsystem {
SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,
SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, };
+ SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
+ };
static {
/* set ssl cipher string names. */
- /*
- * disallowing SSL2 ciphers to be turned on
- * mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5,
- * Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5));
- * mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5,
- * Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5));
- * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5,
- * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5));
- * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,
- * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5));
- * mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5,
- * Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5));
- * mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5,
- * Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5));
- */
+ /* disallowing SSL2 ciphers to be turned on
+ mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5,
+ Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5));
+ mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5,
+ Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5));
+ mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5,
+ Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5));
+ mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,
+ Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5));
+ mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5,
+ Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5));
+ mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5,
+ Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5));
+ */
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_RC4_128_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
- Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
+ Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_DES_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
mCipherNames.put(Constants.PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
- mCipherNames
- .put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
+ mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
+ Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,
- Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
+ Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA,
- Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
+ Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
- Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
+ Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
+ Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
}
public static JssSubsystem getInstance() {
@@ -241,43 +239,44 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
public void setId(String id) throws EBaseException {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
-
- }
-
- // Add entropy to the 'default' RNG token
- public void addEntropy(int bits)
- throws org.mozilla.jss.util.NotImplementedException, IOException,
- TokenException {
- int read = 0;
- int bytes = (7 + bits) / 8;
- byte[] b = new byte[bytes];
- if (devRandomInputStream == null) {
- throw new IOException(
- CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
- }
- do {
- int c = devRandomInputStream.read(b, read, bytes - read);
- read += c;
- } while (read < bytes);
-
- CMS.debug("JssSubsystem adding " + bits + " bits (" + bytes
- + " bytes) of entropy to default RNG token");
- CMS.debug(b);
- PK11SecureRandom sr = new PK11SecureRandom();
- sr.setSeed(b);
- }
-
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
+
+ }
+
+ // Add entropy to the 'default' RNG token
+ public void addEntropy(int bits)
+ throws org.mozilla.jss.util.NotImplementedException,
+ IOException,
+ TokenException
+ {
+ int read=0;
+ int bytes = (7+bits)/8;
+ byte[] b = new byte[bytes];
+ if (devRandomInputStream == null) {
+ throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
+ }
+ do {
+ int c = devRandomInputStream.read(b,read,bytes-read);
+ read += c;
+ }
+ while (read < bytes);
+
+ CMS.debug("JssSubsystem adding "+bits+" bits ("+bytes+" bytes) of entropy to default RNG token");
+ CMS.debug(b);
+ PK11SecureRandom sr = new PK11SecureRandom();
+ sr.setSeed(b);
+ }
+
/**
- * Initializes the Jss security subsystem.
+ * Initializes the Jss security subsystem.
* <P>
*/
- public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem owner, IConfigStore config)
+ throws EBaseException {
mLogger = CMS.getLogger();
-
- if (mInited) {
+
+ if (mInited)
+ {
// This used to throw an exeception (e.g. - on Solaris).
// If JSS is already initialized simply return.
CMS.debug("JssSubsystem already inited.. returning.");
@@ -310,9 +309,10 @@ public final class JssSubsystem implements ICryptoSubsystem {
String certDir;
certDir = config.getString(CONFIG_DIR, null);
-
- CryptoManager.InitializationValues vals = new CryptoManager.InitializationValues(
- certDir, "", "", "secmod.db");
+
+ CryptoManager.InitializationValues vals =
+ new CryptoManager.InitializationValues(certDir,
+ "", "", "secmod.db");
vals.removeSunProvider = false;
vals.installJSSProvider = true;
@@ -321,13 +321,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
} catch (AlreadyInitializedException e) {
// do nothing
} catch (Exception e) {
- String[] params = { mId, e.toString() };
- EBaseException ex = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = {mId, e.toString()};
+ EBaseException ex = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
}
@@ -335,21 +333,19 @@ public final class JssSubsystem implements ICryptoSubsystem {
mCryptoManager = CryptoManager.getInstance();
initSSL();
} catch (CryptoManager.NotInitializedException e) {
- String[] params = { mId, e.toString() };
- EBaseException ex = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = {mId, e.toString()};
+ EBaseException ex = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
}
-
+
mInited = true;
}
public String getCipherVersion() throws EBaseException {
- return "cipherdomestic";
+ return "cipherdomestic";
}
public String getCipherPreferences() throws EBaseException {
@@ -367,36 +363,36 @@ public final class JssSubsystem implements ICryptoSubsystem {
public String getECType(String certType) throws EBaseException {
if (mSSLConfig != null) {
// for SSL server, check the value of jss.ssl.sslserver.ectype
- return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE,
- "ECDHE");
+ return mSSLConfig.getString(certType + "." + PROP_SSL_ECTYPE, "ECDHE");
} else {
return "ECDHE";
}
}
public String isCipherFortezza() throws EBaseException {
- // we always display fortezza suites.
- // too much work to display tokens/certs corresponding to the
- // suites.
+ // we always display fortezza suites.
+ // too much work to display tokens/certs corresponding to the
+ // suites.
return "true";
}
void installProvider() {
int position = java.security.Security.insertProviderAt(
- new com.netscape.cmscore.security.Provider(), 1);
+ new com.netscape.cmscore.security.Provider(),
+ 1);
if (position == -1) {
Debug.trace("Unable to install CMS provider");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
}
}
- public void setCipherPreferences(String cipherPrefs) throws EBaseException {
+ public void setCipherPreferences(String cipherPrefs)
+ throws EBaseException {
if (mSSLConfig != null) {
if (cipherPrefs.equals(""))
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS"));
mSSLConfig.putString(Constants.PR_CIPHER_PREF, cipherPrefs);
}
}
@@ -406,7 +402,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
*
*/
private void initSSL() throws EBaseException {
- // JSS will AND what is set and what is allowed by export policy
+ // JSS will AND what is set and what is allowed by export policy
// so we can set what is requested.
try {
@@ -422,11 +418,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (Debug.ON)
Debug.trace("configured ssl cipher prefs is " + sslCiphers);
- // first, disable all ciphers, since JSS defaults to all-enabled
+ // first, disable all ciphers, since JSS defaults to all-enabled
for (int i = mJSSCipherSuites.length - 1; i >= 0; i--) {
try {
- SSLSocket
- .setCipherPreferenceDefault(mJSSCipherSuites[i], false);
+ SSLSocket.setCipherPreferenceDefault(mJSSCipherSuites[i],
+ false);
} catch (SocketException e) {
}
}
@@ -437,10 +433,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
StringTokenizer ciphers = new StringTokenizer(sslCiphers, ",");
if (!ciphers.hasMoreTokens()) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF));
}
while (ciphers.hasMoreTokens()) {
String cipher = ciphers.nextToken();
@@ -449,13 +444,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (sslcipher != null) {
String msg = "setting ssl cipher " + cipher;
- CMS.debug("JSSSubsystem: initSSL(): " + msg);
+ CMS.debug("JSSSubsystem: initSSL(): "+msg);
log(ILogger.LL_INFO, msg);
if (Debug.ON)
Debug.trace(msg);
try {
SSLSocket.setCipherPreferenceDefault(
- sslcipher.intValue(), true);
+ sslcipher.intValue(), true);
} catch (SocketException e) {
}
}
@@ -463,7 +458,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
-
+
/**
* Retrieves a configuration store of this subsystem.
* <P>
@@ -477,26 +472,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
*/
public void startup() throws EBaseException {
}
-
+
/**
* Shutdowns this subsystem.
* <P>
*/
public void shutdown() {
try {
- // After talking to NSS teamm, we should not call close databases
- // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
- boolean isClosing = mConfig.getBoolean("closeDatabases", false);
- if (isClosing) {
- JSSDatabaseCloser closer = new JSSDatabaseCloser();
- closer.closeDatabases();
- }
+ // After talking to NSS teamm, we should not call close databases
+ // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
+ boolean isClosing = mConfig.getBoolean("closeDatabases", false);
+ if (isClosing) {
+ JSSDatabaseCloser closer = new JSSDatabaseCloser();
+ closer.closeDatabases();
+ }
} catch (Exception e) {
}
}
public void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg);
}
public PasswordCallback getPWCB() {
@@ -510,13 +505,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
try {
name = c.getName();
} catch (TokenException e) {
- String[] params = { mId, e.toString() };
- EBaseException ex = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = {mId, e.toString()};
+ EBaseException ex = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
}
@@ -533,29 +526,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
CryptoToken c = (CryptoToken) tokens.nextElement();
// skip builtin object token
- if (c.getName() != null
- && c.getName().equals("Builtin Object Token")) {
+ if (c.getName() != null && c.getName().equals("Builtin Object Token")) {
continue;
}
if (num++ == 0)
- tokenList = tokenList + c.getName();
- else
+ tokenList = tokenList + c.getName();
+ else
tokenList = tokenList + "," + c.getName();
}
} catch (TokenException e) {
- String[] params = { mId, e.toString() };
- EBaseException ex = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = {mId, e.toString()};
+ EBaseException ex = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
}
- if (tokenList.equals(""))
- return Constants.PR_INTERNAL_TOKEN;
+ if (tokenList.equals(""))
+ return Constants.PR_INTERNAL_TOKEN;
else
return (tokenList + "," + Constants.PR_INTERNAL_TOKEN);
}
@@ -568,74 +558,48 @@ public final class JssSubsystem implements ICryptoSubsystem {
return ctoken.isLoggedIn();
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
}
}
- public void loggedInToken(String tokenName, String pwd)
- throws EBaseException {
+ public void loggedInToken(String tokenName, String pwd) throws EBaseException {
try {
CryptoToken ctoken = mCryptoManager.getTokenByName(tokenName);
Password clk = new Password(pwd.toCharArray());
ctoken.login(clk);
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (IncorrectPasswordException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_LOGIN_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_LOGIN_FAILED"));
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TOKEN_LOGGED_IN", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
}
}
- public String getCertSubjectName(String tokenname, String nickname)
- throws EBaseException {
+ public String getCertSubjectName(String tokenname, String nickname)
+ throws EBaseException {
try {
return KeyCertUtil.getCertSubjectName(tokenname, nickname);
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SUBJECT_NAME", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
}
}
@@ -660,21 +624,18 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
} catch (TokenException e) {
- String[] params = { mId, e.toString() };
- EBaseException ex = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = {mId, e.toString()};
+ EBaseException ex = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
}
return certNames;
}
- public String getCertListWithoutTokenName(String name)
- throws EBaseException {
+ public String getCertListWithoutTokenName(String name) throws EBaseException {
CryptoToken c = null;
String certNames = "";
@@ -692,7 +653,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (list == null)
return "";
-
+
for (int i = 0; i < list.length; i++) {
String nickname = list[i].getNickname();
int index = nickname.indexOf(":");
@@ -709,22 +670,18 @@ public final class JssSubsystem implements ICryptoSubsystem {
return "";
} catch (TokenException e) {
- String[] params = { mId, e.toString() };
- EBaseException ex = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = {mId, e.toString()};
+ EBaseException ex = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
} catch (NoSuchTokenException e) {
- String[] params = { mId, e.toString() };
- EBaseException ex = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = {mId, e.toString()};
+ EBaseException ex = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
}
}
@@ -747,7 +704,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (list == null)
return "";
-
+
for (int i = 0; i < list.length; i++) {
String nickname = list[i].getNickname();
@@ -761,28 +718,24 @@ public final class JssSubsystem implements ICryptoSubsystem {
return "";
} catch (TokenException e) {
- String[] params = { mId, e.toString() };
- EBaseException ex = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = {mId, e.toString()};
+ EBaseException ex = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
} catch (NoSuchTokenException e) {
- String[] params = { mId, e.toString() };
- EBaseException ex = new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CREATE_SERVICE_FAILED", params));
+ String[] params = {mId, e.toString()};
+ EBaseException ex = new EBaseException(
+ CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR",
- ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
throw ex;
}
}
- public AlgorithmId getAlgorithmId(String algname, IConfigStore store)
- throws EBaseException {
+ public AlgorithmId getAlgorithmId(String algname, IConfigStore store)
+ throws EBaseException {
try {
if (algname.equals("DSA")) {
byte[] p = store.getByteArray("ca.dsaP", null);
@@ -799,72 +752,60 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
return AlgorithmId.getAlgorithmId(algname);
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", ""));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", ""));
}
}
public String getSignatureAlgorithm(String nickname) throws EBaseException {
try {
- X509Certificate cert = CryptoManager.getInstance()
- .findCertByNickname(nickname);
+ X509Certificate cert =
+ CryptoManager.getInstance().findCertByNickname(nickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
return impl.getSigAlgName();
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- ""));
- }
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
+ }
}
public KeyPair getKeyPair(String nickname) throws EBaseException {
try {
- X509Certificate cert = CryptoManager.getInstance()
- .findCertByNickname(nickname);
- PrivateKey priKey = CryptoManager.getInstance().findPrivKeyByCert(
- cert);
+ X509Certificate cert =
+ CryptoManager.getInstance().findCertByNickname(nickname);
+ PrivateKey priKey =
+ CryptoManager.getInstance().findPrivKeyByCert(cert);
PublicKey publicKey = cert.getPublicKey();
return new KeyPair(publicKey, priKey);
} catch (NotInitializedException e) {
log(ILogger.LL_FAILURE, "Key Pair Error " + e);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (ObjectNotFoundException e) {
log(ILogger.LL_FAILURE, "Key Pair Error " + e);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (TokenException e) {
log(ILogger.LL_FAILURE, "Key Pair Error " + e);
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
}
}
- public KeyPair getKeyPair(String tokenName, String alg, int keySize)
- throws EBaseException {
+ public KeyPair getKeyPair(String tokenName, String alg,
+ int keySize) throws EBaseException {
return getKeyPair(tokenName, alg, keySize, null);
}
- public KeyPair getKeyPair(String tokenName, String alg, int keySize,
- PQGParams pqg) throws EBaseException {
+ public KeyPair getKeyPair(String tokenName, String alg,
+ int keySize, PQGParams pqg) throws EBaseException {
String t = tokenName;
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN))
@@ -872,13 +813,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
CryptoToken token = null;
try {
- token = mCryptoManager.getTokenByName(t);
+ token = mCryptoManager.getTokenByName(t);
} catch (NoSuchTokenException e) {
log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e);
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", tokenName));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName));
}
-
+
KeyPairAlgorithm kpAlg = null;
if (alg.equals("RSA"))
@@ -888,35 +828,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
try {
- KeyPair kp = KeyCertUtil
- .generateKeyPair(token, kpAlg, keySize, pqg);
+ KeyPair kp = KeyCertUtil.generateKeyPair(token, kpAlg, keySize, pqg);
return kp;
} catch (InvalidParameterException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_KEYSIZE_PARAMS", "" + keySize));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEYSIZE_PARAMS",
+ "" + keySize));
} catch (PQGParamGenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", kpAlg.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED",
+ kpAlg.toString()));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_KEY_GEN_FAILED"));
} catch (InvalidAlgorithmParameterException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_SECURITY_KEY_PAIR", e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", "DSA"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_KEY_PAIR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "DSA"));
}
}
@@ -924,108 +855,69 @@ public final class JssSubsystem implements ICryptoSubsystem {
try {
X500Name name = new X500Name(dn);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_X500_NAME", dn));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_X500_NAME", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_X500_NAME", dn));
}
}
- public String getCertRequest(String subjectName, KeyPair kp)
- throws EBaseException {
+ public String getCertRequest(String subjectName, KeyPair kp)
+ throws EBaseException {
try {
- netscape.security.pkcs.PKCS10 pkcs = KeyCertUtil.getCertRequest(
- subjectName, kp);
+ netscape.security.pkcs.PKCS10 pkcs =
+ KeyCertUtil.getCertRequest(subjectName, kp);
ByteArrayOutputStream bs = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(bs);
pkcs.print(ps);
return bs.toString();
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", ""));
} catch (NoSuchProviderException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_PROVIDER_NOT_SUPPORTED"));
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_REQ_FAILED"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_CERT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
} catch (SignatureException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_REQUEST", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_SIGNATURE"));
}
}
- public void importCert(String b64E, String nickname, String certType)
- throws EBaseException {
+ public void importCert(String b64E, String nickname, String certType)
+ throws EBaseException {
try {
KeyCertUtil.importCert(b64E, nickname, certType);
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
String eString = e.toString();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- if (eString
- .contains("Failed to find certificate that was just imported")) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ if (eString.contains("Failed to find certificate that was just imported")) {
throw new EBaseException(eString);
} else {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
}
} catch (UserCertConflictException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT"));
} catch (NicknameConflictException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT"));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
}
}
@@ -1036,7 +928,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) &&
+ (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
tokenname = tmp;
tmp = (String) properties.get(Constants.PR_KEY_TYPE);
if (tmp != null)
@@ -1058,9 +951,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
KeyPair pair = null;
String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
- if (tmp != null)
+ if (tmp != null)
token = tmp;
-
+
tmp = (String) properties.get(Constants.PR_KEY_CURVENAME);
if (tmp != null)
keyCurve = tmp;
@@ -1071,110 +964,77 @@ public final class JssSubsystem implements ICryptoSubsystem {
return pair;
}
-
- public KeyPair getECCKeyPair(String token, String keyCurve, String certType)
- throws EBaseException {
+
+ public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException {
KeyPair pair = null;
if ((token == null) || (token.equals("")))
token = Constants.PR_INTERNAL_TOKEN_NAME;
if ((keyCurve == null) || (keyCurve.equals("")))
- keyCurve = "nistp512";
+ keyCurve = "nistp512";
String ectype = getECType(certType);
// ECDHE needs "SIGN" but no "DERIVE"
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE };
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
+ };
// ECDH needs "DERIVE" but no any kind of "SIGN"
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, };
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
+ };
try {
- if (ectype.equals("ECDHE"))
- pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null,
- usages_mask);
+ if (ectype.equals("ECDHE"))
+ pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask);
else
- pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null,
- ECDH_usages_mask);
+ pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask);
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_NO_SUCH_ALGORITHM", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString()));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
}
return pair;
- }
+ }
public void importCert(X509CertImpl signedCert, String nickname,
- String certType) throws EBaseException {
+ String certType) throws EBaseException {
try {
KeyCertUtil.importCert(signedCert, nickname, certType);
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED"));
} catch (UserCertConflictException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_USERCERT_CONFLICT"));
} catch (NicknameConflictException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_NICKNAME_CONFLICT"));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IMPORT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ENCODE_CERT_FAILED"));
}
}
@@ -1184,94 +1044,70 @@ public final class JssSubsystem implements ICryptoSubsystem {
X509CertImpl impl = new X509CertImpl(b);
NameValuePairs results = new NameValuePairs();
- results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN()
- .getName());
+ results.add(Constants.PR_CERT_SUBJECT_NAME, impl.getSubjectDN().getName());
results.add(Constants.PR_ISSUER_NAME, impl.getIssuerDN().getName());
- results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber()
- .toString());
- results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore()
- .toString());
- results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter()
- .toString());
+ results.add(Constants.PR_SERIAL_NUMBER, impl.getSerialNumber().toString());
+ results.add(Constants.PR_BEFORE_VALIDDATE, impl.getNotBefore().toString());
+ results.add(Constants.PR_AFTER_VALIDDATE, impl.getNotAfter().toString());
// fingerprint is using MD5 hash
return results;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_CERT_INFO", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
}
}
- public void deleteUserCert(String nickname, String serialno,
- String issuername) throws EBaseException {
+ public void deleteUserCert(String nickname, String serialno, String issuername)
+ throws EBaseException {
try {
- X509Certificate cert = getCertificate(nickname, serialno,
- issuername);
+ X509Certificate cert = getCertificate(nickname, serialno, issuername);
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
CryptoStore store = tcert.getOwningToken().getCryptoStore();
- CMS.debug("*** deleting this token cert");
+CMS.debug("*** deleting this token cert");
tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
- CMS.debug("*** finish deleting this token cert");
+CMS.debug("*** finish deleting this token cert");
} else {
- CryptoToken token = CryptoManager.getInstance()
- .getInternalKeyStorageToken();
- CryptoStore store = token.getCryptoStore();
+ CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
+ CryptoStore store = token.getCryptoStore();
- CMS.debug("*** deleting this interna cert");
- store.deleteCert(cert);
- CMS.debug("*** removing this interna cert");
+CMS.debug("*** deleting this interna cert");
+ store.deleteCert(cert);
+CMS.debug("*** removing this interna cert");
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
}
}
- public void deleteRootCert(String nickname, String serialno,
- String issuername) throws EBaseException {
+ public void deleteRootCert(String nickname, String serialno,
+ String issuername) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index + 1);
+ nickname = nickname.substring(index+1);
}
try {
if (mNicknameMapCertsTable != null) {
- X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable
- .get(nickname);
+ X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
if (certs == null) {
- EBaseException e = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString()));
throw e;
} else {
for (int i = 0; i < certs.length; i++) {
@@ -1279,27 +1115,24 @@ public final class JssSubsystem implements ICryptoSubsystem {
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
String num = impl.getSerialNumber().toString();
String issuer = impl.getIssuerDN().toString();
- CMS.debug("*** num " + num);
- CMS.debug("*** issuer " + issuer);
+CMS.debug("*** num "+num);
+CMS.debug("*** issuer "+issuer);
if (num.equals(serialno) && issuername.equals(issuer)) {
- CMS.debug("*** removing root cert");
+CMS.debug("*** removing root cert");
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
- CryptoStore store = tcert.getOwningToken()
- .getCryptoStore();
-
- CMS.debug("*** deleting this token cert");
- tcert.getOwningToken().getCryptoStore()
- .deleteCert(tcert);
- CMS.debug("*** finish deleting this token cert");
+ CryptoStore store = tcert.getOwningToken().getCryptoStore();
+
+CMS.debug("*** deleting this token cert");
+ tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
+CMS.debug("*** finish deleting this token cert");
} else {
- CryptoToken token = CryptoManager.getInstance()
- .getInternalKeyStorageToken();
+ CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
CryptoStore store = token.getCryptoStore();
-
- CMS.debug("*** deleting this interna cert");
+
+CMS.debug("*** deleting this interna cert");
store.deleteCert(cert);
- CMS.debug("*** removing this interna cert");
+CMS.debug("*** removing this interna cert");
}
mNicknameMapCertsTable.remove(nickname);
break;
@@ -1309,29 +1142,17 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
@@ -1354,15 +1175,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
for (int i = 0; i < list.length; i++) {
try {
- PrivateKey key = CryptoManager.getInstance()
- .findPrivKeyByCert(list[i]);
+ PrivateKey key =
+ CryptoManager.getInstance().findPrivKeyByCert(list[i]);
Debug.trace("JssSubsystem getRootCerts: find private key "
- + list[i].getNickname());
+ +list[i].getNickname());
} catch (ObjectNotFoundException e) {
String nickname = list[i].getNickname();
- if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":"
- + nickname;
+ if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
+ nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
}
X509CertImpl impl = null;
@@ -1383,15 +1203,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
String serialno = impl.getSerialNumber().toString();
String issuer = impl.getIssuerDN().toString();
- nvps.add(nickname + "," + serialno, issuer);
- Debug.trace("getRootCerts: nickname=" + nickname
- + ", serialno=" + serialno + ", issuer="
- + issuer);
+ nvps.add(nickname+","+serialno, issuer);
+ Debug.trace("getRootCerts: nickname="+nickname+", serialno="+
+ serialno+", issuer="+issuer);
continue;
} catch (CryptoManager.NotInitializedException e) {
continue;
}
- }
+ }
// convert hashtable of vectors to hashtable of arrays
Enumeration elms = vecTable.keys();
@@ -1405,11 +1224,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
}
return nvps;
@@ -1430,18 +1246,16 @@ public final class JssSubsystem implements ICryptoSubsystem {
for (int i = 0; i < list.length; i++) {
try {
- PrivateKey key = CryptoManager.getInstance()
- .findPrivKeyByCert(list[i]);
+ PrivateKey key =
+ CryptoManager.getInstance().findPrivKeyByCert(list[i]);
String nickname = list[i].getNickname();
- if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)
- || tokenName
- .equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
- nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":"
- + nickname;
+ if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) ||
+ tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
+ nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
}
X509CertImpl impl = null;
- try {
+ try {
impl = new X509CertImpl(list[i].getEncoded());
} catch (CertificateException e) {
// skip bad certificate
@@ -1450,25 +1264,21 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
String serialno = impl.getSerialNumber().toString();
String issuer = impl.getIssuerDN().toString();
- nvps.add(nickname + "," + serialno, issuer);
- Debug.trace("getUserCerts: nickname=" + nickname
- + ", serialno=" + serialno + ", issuer="
- + issuer);
+ nvps.add(nickname+","+serialno, issuer);
+ Debug.trace("getUserCerts: nickname="+nickname+", serialno="+
+ serialno+", issuer="+issuer);
} catch (ObjectNotFoundException e) {
Debug.trace("JssSubsystem getUserCerts: cant find private key "
- + list[i].getNickname());
+ +list[i].getNickname());
continue;
} catch (CryptoManager.NotInitializedException e) {
continue;
}
- }
+ }
}
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
}
return nvps;
@@ -1481,8 +1291,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
public NameValuePairs getAllCertsManage() throws EBaseException {
/*
- * first get all CA certs (internal only), then all user certs (both
- * internal and external)
+ * first get all CA certs (internal only),
+ * then all user certs (both internal and external)
*/
NameValuePairs pairs = getCACerts();
@@ -1502,14 +1312,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
for (int i = 0; i < list.length; i++) {
String nickname = list[i].getNickname();
- X509Certificate[] certificates = CryptoManager
- .getInstance().findCertsByNickname(nickname);
+ X509Certificate[] certificates =
+ CryptoManager.getInstance().findCertsByNickname(nickname);
mNicknameMapUserCertsTable.put(nickname, certificates);
X509CertImpl impl = null;
- try {
+ try {
impl = new X509CertImpl(list[i].getEncoded());
} catch (CertificateException e) {
// skip bad certificate
@@ -1520,7 +1330,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
String dateStr = mFormatter.format(date);
NameValuePair pair = pairs.getPair(nickname);
- /* always user cert here */
+ /* always user cert here*/
String certValue = dateStr + "," + "u";
if (pair == null)
@@ -1531,27 +1341,19 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (vvalue.endsWith(",u")) {
pair.setValue(vvalue + ";" + certValue);
}
- }
+ }
}
} /* while */
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
// } catch (CertificateException e) {
- // log(ILogger.LL_FAILURE,
- // CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
- // e.toString()));
- // throw new EBaseException(BaseResources.CERT_ERROR);
+ // log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
+ // throw new EBaseException(BaseResources.CERT_ERROR);
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
}
return pairs;
@@ -1560,28 +1362,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
public NameValuePairs getCACerts() throws EBaseException {
NameValuePairs pairs = new NameValuePairs();
- // InternalCertificate[] certs;
+ //InternalCertificate[] certs;
X509Certificate[] certs;
try {
- certs = CryptoManager.getInstance().getCACerts();
+ certs =
+ CryptoManager.getInstance().getCACerts();
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
}
- if (mNicknameMapCertsTable == null) {
- CMS.debug("JssSubsystem::getCACerts() - "
- + "mNicknameMapCertsTable is null!");
- throw new EBaseException("mNicknameMapCertsTable is null");
+ if( mNicknameMapCertsTable == null ) {
+ CMS.debug( "JssSubsystem::getCACerts() - "
+ + "mNicknameMapCertsTable is null!" );
+ throw new EBaseException( "mNicknameMapCertsTable is null" );
} else {
mNicknameMapCertsTable.clear();
}
- // a temp hashtable with vectors
+ // a temp hashtable with vectors
Hashtable vecTable = new Hashtable();
for (int i = 0; i < certs.length; i++) {
@@ -1611,13 +1411,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
mNicknameMapCertsTable.put(key, a);
}
- Enumeration keys = mNicknameMapCertsTable.keys();
+ Enumeration keys = mNicknameMapCertsTable.keys();
while (keys.hasMoreElements()) {
String nickname = (String) keys.nextElement();
- X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable
- .get(nickname);
-
+ X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
+
for (int i = 0; i < value.length; i++) {
InternalCertificate icert = null;
@@ -1627,13 +1426,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
Debug.trace("cert is not an InternalCertificate");
Debug.trace("nickname: " + nickname + " index " + i);
Debug.trace("cert: " + value[i]);
- continue;
+ continue;
}
-
+
int flag = icert.getSSLTrust();
String trust = "U";
- if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
+ if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) ==
+ InternalCertificate.TRUSTED_CLIENT_CA)
trust = "T";
X509CertImpl impl = null;
@@ -1650,122 +1450,96 @@ public final class JssSubsystem implements ICryptoSubsystem {
String vvalue = pair.getValue();
pair.setValue(vvalue + ";" + certValue);
- }
+ }
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString()));
// allow it to continue with other certs even if one blows
// up
- // throw new EBaseException(BaseResources.CERT_ERROR);
+ // throw new EBaseException(BaseResources.CERT_ERROR);
}
}
}
return pairs;
}
- public void trustCert(String nickname, String date, String trust)
- throws EBaseException {
+ public void trustCert(String nickname, String date, String trust) throws
+ EBaseException {
try {
if (mNicknameMapCertsTable != null) {
- X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable
- .get(nickname);
+ X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
if (certs == null) {
- EBaseException e = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString()));
throw e;
} else {
for (int i = 0; i < certs.length; i++) {
X509Certificate cert = certs[i];
- X509CertImpl certImpl = new X509CertImpl(
- cert.getEncoded());
+ X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
Date notAfter = certImpl.getNotAfter();
Date qualifier = mFormatter.parse(date);
if (notAfter.equals(qualifier)) {
if (cert instanceof InternalCertificate) {
if (trust.equals("Trust")) {
- int trustflag = InternalCertificate.TRUSTED_CA
- | InternalCertificate.TRUSTED_CLIENT_CA
- | InternalCertificate.VALID_CA;
+ int trustflag = InternalCertificate.TRUSTED_CA |
+ InternalCertificate.TRUSTED_CLIENT_CA |
+ InternalCertificate.VALID_CA;
- ((InternalCertificate) cert)
- .setSSLTrust(trustflag);
+ ((InternalCertificate) cert).setSSLTrust(trustflag);
} else
- ((InternalCertificate) cert)
- .setSSLTrust(InternalCertificate.VALID_CA);
+ ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA);
break;
} else {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_CERT_ERROR", ""));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
}
}
}
}
}
- } catch (ParseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ } catch (ParseException e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
/**
* Delete the CA certificate from the perm database.
- *
* @param nickname The nickname of the CA certificate.
- * @param notAfterTime The notAfter of the certificate. It is possible to
- * get multiple certificates under the same nickname. If one of
- * the certificates match the notAfterTime, then the certificate
- * will get deleted. The format of the notAfterTime has to be in
- * "MMMMM dd, yyyy HH:mm:ss" format.
- */
- public void deleteCACert(String nickname, String notAfterTime)
- throws EBaseException {
+ * @param notAfterTime The notAfter of the certificate. It is possible to get multiple
+ * certificates under the same nickname. If one of the certificates match the notAfterTime,
+ * then the certificate will get deleted. The format of the notAfterTime has to be
+ * in "MMMMM dd, yyyy HH:mm:ss" format.
+ */
+ public void deleteCACert(String nickname, String notAfterTime) throws EBaseException {
try {
if (mNicknameMapCertsTable != null) {
- X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable
- .get(nickname);
+ X509Certificate[] certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
if (certs == null) {
- EBaseException e = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSCORE_SECURITY_DELETE_CA_CERT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CA_CERT", e.toString()));
throw e;
} else {
for (int i = 0; i < certs.length; i++) {
X509Certificate cert = certs[i];
- X509CertImpl certImpl = new X509CertImpl(
- cert.getEncoded());
+ X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
Date notAfter = certImpl.getNotAfter();
Date qualifier = mFormatter.parse(notAfterTime);
if (notAfter.equals(qualifier)) {
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
- CryptoStore store = tcert.getOwningToken()
- .getCryptoStore();
+ CryptoStore store = tcert.getOwningToken().getCryptoStore();
- tcert.getOwningToken().getCryptoStore()
- .deleteCert(tcert);
+ tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
} else {
- CryptoToken token = CryptoManager.getInstance()
- .getInternalKeyStorageToken();
+ CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
CryptoStore store = token.getCryptoStore();
store.deleteCert(cert);
@@ -1777,64 +1551,45 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (ParseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
/**
* Delete any certificate from the any token.
- *
* @param nickname The nickname of the certificate.
- * @param notAfterTime The notAfter of the certificate. It is possible to
- * get multiple certificates under the same nickname. If one of
- * the certificates match the notAfterTime, then the certificate
- * will get deleted. The format of the notAfterTime has to be in
- * "MMMMM dd, yyyy HH:mm:ss" format.
- */
- public void deleteCert(String nickname, String notAfterTime)
- throws EBaseException {
+ * @param notAfterTime The notAfter of the certificate. It is possible to get multiple
+ * certificates under the same nickname. If one of the certificates match the notAfterTime,
+ * then the certificate will get deleted. The format of the notAfterTime has to be
+ * in "MMMMM dd, yyyy HH:mm:ss" format.
+ */
+ public void deleteCert(String nickname, String notAfterTime) throws EBaseException {
boolean isUserCert = false;
- X509Certificate[] certs = null;
- ;
+ X509Certificate[] certs = null;;
try {
if (mNicknameMapCertsTable != null) {
- certs = (X509Certificate[]) mNicknameMapCertsTable
- .get(nickname);
+ certs =
+ (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
}
if (certs == null) {
if (mNicknameMapUserCertsTable != null) {
- certs = (X509Certificate[]) mNicknameMapUserCertsTable
- .get(nickname);
+ certs =
+ (X509Certificate[]) mNicknameMapUserCertsTable.get(nickname);
if (certs != null) {
CMS.debug("in mNicknameMapUserCertsTable, isUserCert is true");
isUserCert = true;
@@ -1845,12 +1600,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
if (certs == null) {
- EBaseException e = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
throw e;
} else {
@@ -1863,14 +1615,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
if (notAfter.equals(qualifier)) {
if (cert instanceof TokenCertificate) {
TokenCertificate tcert = (TokenCertificate) cert;
- CryptoStore store = tcert.getOwningToken()
- .getCryptoStore();
+ CryptoStore store = tcert.getOwningToken().getCryptoStore();
- tcert.getOwningToken().getCryptoStore()
- .deleteCert(tcert);
+ tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
} else {
- CryptoToken token = CryptoManager.getInstance()
- .getInternalKeyStorageToken();
+ CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
CryptoStore store = token.getCryptoStore();
store.deleteCert(cert);
@@ -1886,51 +1635,33 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (ParseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
- public void deleteTokenCertificate(String nickname, String pathname)
- throws EBaseException {
+ public void deleteTokenCertificate(String nickname, String pathname) throws EBaseException {
try {
- X509Certificate cert = CryptoManager.getInstance()
- .findCertByNickname(nickname);
+ X509Certificate cert = CryptoManager.getInstance().findCertByNickname(nickname);
String issuerName = cert.getSubjectDN().getName();
Principal principal = cert.getSubjectDN();
DN dn = new DN(principal.getName());
BigInteger serialno = cert.getSerialNumber();
String suffix = "." + System.currentTimeMillis();
String b64E = com.netscape.osutil.OSUtil.BtoA(cert.getEncoded());
- PrintStream stream = new PrintStream(new FileOutputStream(pathname
- + suffix));
+ PrintStream stream = new PrintStream(new FileOutputStream(pathname + suffix));
stream.println("-----BEGIN CERTIFICATE-----");
stream.print(b64E);
@@ -1941,279 +1672,212 @@ public final class JssSubsystem implements ICryptoSubsystem {
CryptoStore store = tcert.getOwningToken().getCryptoStore();
tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
- } else
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT"));
+ } else
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT"));
int index = nickname.indexOf(":");
-
- // the deleted certificate is on the hardware token. We should
- // delete the same one from
+
+ // the deleted certificate is on the hardware token. We should delete the same one from
// the internal token.
if (index > 0) {
- CryptoToken cToken = CryptoManager.getInstance()
- .getInternalKeyStorageToken();
+ CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken();
CryptoStore store = cToken.getCryptoStore();
- X509Certificate[] allcerts = CryptoManager.getInstance()
- .getCACerts();
+ X509Certificate[] allcerts = CryptoManager.getInstance().getCACerts();
for (int i = 0; i < allcerts.length; i++) {
try {
- X509CertImpl certImpl = new X509CertImpl(
- allcerts[i].getEncoded());
- String certIssuerName = certImpl.getSubjectDN()
- .getName();
+ X509CertImpl certImpl = new X509CertImpl(allcerts[i].getEncoded());
+ String certIssuerName = certImpl.getSubjectDN().getName();
Principal certPrincipal = certImpl.getSubjectDN();
DN certdn = new DN(certPrincipal.getName());
BigInteger certSerialNo = certImpl.getSerialNumber();
- if (dn.equals(certdn)
- && certSerialNo.compareTo(serialno) == 0) {
+ if (dn.equals(certdn) && certSerialNo.compareTo(serialno) == 0) {
store.deleteCert(allcerts[i]);
break;
}
} catch (Exception ee) {
- Debug.trace("JssSubsystem:deleteTokenCertificate: "
- + ee.toString());
+ Debug.trace("JssSubsystem:deleteTokenCertificate: " + ee.toString());
}
}
}
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NoSuchItemOnTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ITEM_NOT_FOUND_ON_TOKEN"));
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
- } catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
+ } catch (IOException e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
public String getSubjectDN(String nickname) throws EBaseException {
try {
- X509Certificate cert = CryptoManager.getInstance()
- .findCertByNickname(nickname);
+ X509Certificate cert =
+ CryptoManager.getInstance().findCertByNickname(nickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
return impl.getSubjectDN().getName();
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_SUBJECT_NAME", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
public void setRootCertTrust(String nickname, String serialno,
- String issuerName, String trust) throws EBaseException {
-
+ String issuerName, String trust) throws EBaseException {
+
X509Certificate cert = getCertificate(nickname, serialno, issuerName);
if (cert instanceof InternalCertificate) {
if (trust.equals("trust")) {
- int trustflag = InternalCertificate.TRUSTED_CA
- | InternalCertificate.TRUSTED_CLIENT_CA
- | InternalCertificate.VALID_CA;
+ int trustflag = InternalCertificate.TRUSTED_CA |
+ InternalCertificate.TRUSTED_CLIENT_CA |
+ InternalCertificate.VALID_CA;
((InternalCertificate) cert).setSSLTrust(trustflag);
} else {
- ((InternalCertificate) cert)
- .setSSLTrust(InternalCertificate.VALID_CA);
+ ((InternalCertificate) cert).setSSLTrust(InternalCertificate.VALID_CA);
}
}
}
public X509Certificate getCertificate(String nickname, String serialno,
- String issuerName) throws EBaseException {
+ String issuerName) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index + 1);
+ nickname = nickname.substring(index+1);
}
try {
- X509Certificate[] certs = CryptoManager.getInstance()
- .findCertsByNickname(nickname);
+ X509Certificate[] certs =
+ CryptoManager.getInstance().findCertsByNickname(nickname);
X509CertImpl impl = null;
- int i = 0;
+ int i=0;
if (certs != null && certs.length > 0) {
for (; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
- if (impl.getIssuerDN().toString().equals(issuerName)
- && impl.getSerialNumber().toString()
- .equals(serialno))
+ if (impl.getIssuerDN().toString().equals(issuerName) &&
+ impl.getSerialNumber().toString().equals(serialno))
return certs[i];
}
} else {
- EBaseException e = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e =
+ new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw e;
}
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
- } catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
-
+
return null;
}
public String getRootCertTrustBit(String nickname, String serialno,
- String issuerName) throws EBaseException {
+ String issuerName) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index + 1);
+ nickname = nickname.substring(index+1);
}
try {
- X509Certificate[] certs = CryptoManager.getInstance()
- .findCertsByNickname(nickname);
+ X509Certificate[] certs =
+ CryptoManager.getInstance().findCertsByNickname(nickname);
X509CertImpl impl = null;
- int i = 0;
+ int i=0;
if (certs != null && certs.length > 0) {
for (; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
- if (impl.getIssuerDN().toString().equals(issuerName)
- && impl.getSerialNumber().toString()
- .equals(serialno))
+ if (impl.getIssuerDN().toString().equals(issuerName) &&
+ impl.getSerialNumber().toString().equals(serialno))
break;
}
} else {
- EBaseException e = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e =
+ new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw e;
}
String trust = "U";
if (certs[i] instanceof InternalCertificate) {
- InternalCertificate icert = (InternalCertificate) certs[i];
+ InternalCertificate icert = (InternalCertificate)certs[i];
int flag = icert.getSSLTrust();
- if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
+ if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) ==
+ InternalCertificate.TRUSTED_CLIENT_CA)
trust = "T";
- } else
+ } else
trust = "N/A";
return trust;
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
- } catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", "")); } catch (CertificateException e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
public String getCertPrettyPrint(String nickname, String serialno,
- String issuerName, Locale locale) throws EBaseException {
+ String issuerName, Locale locale) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index + 1);
+ nickname = nickname.substring(index+1);
}
try {
- X509Certificate[] certs = CryptoManager.getInstance()
- .findCertsByNickname(nickname);
+ X509Certificate[] certs =
+ CryptoManager.getInstance().findCertsByNickname(nickname);
X509CertImpl impl = null;
if (certs != null && certs.length > 0) {
for (int i = 0; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
- if (impl.getIssuerDN().toString().equals(issuerName)
- && impl.getSerialNumber().toString()
- .equals(serialno))
+ if (impl.getIssuerDN().toString().equals(issuerName) &&
+ impl.getSerialNumber().toString().equals(serialno))
break;
}
} else {
- EBaseException e = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
+ EBaseException e =
+ new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw e;
}
CertPrettyPrint print = null;
@@ -2226,114 +1890,86 @@ public final class JssSubsystem implements ICryptoSubsystem {
else
return null;
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
- public String getCertPrettyPrintAndFingerPrint(String nickname,
- String serialno, String issuerName, Locale locale)
- throws EBaseException {
+ public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno,
+ String issuerName, Locale locale) throws EBaseException {
int index = nickname.indexOf(":");
String tokenname = nickname.substring(0, index);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
- nickname = nickname.substring(index + 1);
+ nickname = nickname.substring(index+1);
}
try {
- X509Certificate[] certs = CryptoManager.getInstance()
- .findCertsByNickname(nickname);
+ X509Certificate[] certs =
+ CryptoManager.getInstance().findCertsByNickname(nickname);
X509CertImpl impl = null;
if (certs != null && certs.length > 0) {
for (int i = 0; i < certs.length; i++) {
impl = new X509CertImpl(certs[i].getEncoded());
- if (impl.getIssuerDN().toString().equals(issuerName)
- && impl.getSerialNumber().toString()
- .equals(serialno))
+ if (impl.getIssuerDN().toString().equals(issuerName) &&
+ impl.getSerialNumber().toString().equals(serialno))
break;
}
} else {
- EBaseException e = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
+ EBaseException e =
+ new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw e;
}
CertPrettyPrint print = null;
- String fingerPrint = "";
+ String fingerPrint = "";
if (impl != null) {
print = new CertPrettyPrint(impl);
- fingerPrint = CMS.getFingerPrints(impl.getEncoded());
- }
+ fingerPrint = CMS.getFingerPrints(impl.getEncoded());
+ }
if ((print != null) && (fingerPrint != "")) {
- String pp = print.toString(locale) + "\n"
- + "Certificate Fingerprints:" + '\n' + fingerPrint;
+ String pp = print.toString(locale) + "\n" +
+ "Certificate Fingerprints:"+ '\n' + fingerPrint;
return pp;
} else
return null;
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_NO_SUCH_ALGORITHM", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_SUCH_ALGORITHM", e.toString()));
}
}
- public String getCertPrettyPrint(String nickname, String date, Locale locale)
- throws EBaseException {
+ public String getCertPrettyPrint(String nickname, String date,
+ Locale locale) throws EBaseException {
try {
- X509Certificate[] certs = CryptoManager.getInstance()
- .findCertsByNickname(nickname);
+ X509Certificate[] certs =
+ CryptoManager.getInstance().findCertsByNickname(nickname);
- if ((certs == null || certs.length == 0)
- && mNicknameMapCertsTable != null) {
- certs = (X509Certificate[]) mNicknameMapCertsTable
- .get(nickname);
+ if ((certs == null || certs.length == 0) &&
+ mNicknameMapCertsTable != null) {
+ certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
}
if (certs == null) {
- EBaseException e = new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ EBaseException e = new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
throw e;
}
X509CertImpl impl = null;
@@ -2357,35 +1993,22 @@ public final class JssSubsystem implements ICryptoSubsystem {
else
return null;
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
} catch (ParseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
}
- public String getCertPrettyPrint(String b64E, Locale locale)
- throws EBaseException {
- try {
+ public String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException {
+ try {
try {
byte[] b = KeyCertUtil.convertB64EToByteArray(b64E);
X509CertImpl impl = new X509CertImpl(b);
@@ -2400,8 +2023,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
String normalized = CertUtils.normalizeCertStr(noHeader);
byte data[] = com.netscape.osutil.OSUtil.AtoB(normalized);
- ContentInfo ci = (ContentInfo) ASN1Util.decode(
- ContentInfo.getTemplate(), data);
+ ContentInfo ci = (ContentInfo)
+ ASN1Util.decode(ContentInfo.getTemplate(), data);
if (!ci.getContentType().equals(ContentInfo.SIGNED_DATA)) {
throw new CertificateException(
@@ -2427,28 +2050,20 @@ public final class JssSubsystem implements ICryptoSubsystem {
return content;
}
} catch (InvalidBERException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- "Failed to decode"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
+ "Failed to decode"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.getMessage()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.getMessage()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
}
}
- public X509CertImpl getSignedCert(KeyCertData data, String certType,
- java.security.PrivateKey priKey) throws EBaseException {
+ public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey)
+ throws EBaseException {
CertificateInfo cert = null;
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
@@ -2462,8 +2077,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
if (cert == null) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- ""));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
}
X509CertInfo certInfo = null;
@@ -2471,28 +2085,19 @@ public final class JssSubsystem implements ICryptoSubsystem {
try {
certInfo = cert.getCertInfo();
- SignatureAlgorithm sigAlg = (SignatureAlgorithm) data
- .get(Constants.PR_SIGNATURE_ALGORITHM);
+ SignatureAlgorithm sigAlg =
+ (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM);
signedCert = KeyCertUtil.signCert(priKey, certInfo, sigAlg);
} catch (NoSuchTokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (PQGParamGenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_SIGN_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
}
return signedCert;
@@ -2500,30 +2105,28 @@ public final class JssSubsystem implements ICryptoSubsystem {
public boolean isCACert(String fullNickname) throws EBaseException {
try {
- X509Certificate cert = mCryptoManager
- .findCertByNickname(fullNickname);
+ X509Certificate cert = mCryptoManager.findCertByNickname(fullNickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
- X509CertInfo certinfo = (X509CertInfo) impl.get(X509CertImpl.NAME
- + "." + X509CertImpl.INFO);
+ X509CertInfo certinfo = (X509CertInfo) impl.get(
+ X509CertImpl.NAME + "." + X509CertImpl.INFO);
if (certinfo == null)
return false;
else {
- CertificateExtensions exts = (CertificateExtensions) certinfo
- .get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions exts =
+ (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS);
if (exts == null)
return false;
else {
try {
- BasicConstraintsExtension ext = (BasicConstraintsExtension) exts
- .get(BasicConstraintsExtension.NAME);
+ BasicConstraintsExtension ext = (BasicConstraintsExtension)
+ exts.get(BasicConstraintsExtension.NAME);
if (ext == null)
return false;
else {
- Boolean bool = (Boolean) ext
- .get(BasicConstraintsExtension.IS_CA);
+ Boolean bool = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
return bool.booleanValue();
}
@@ -2533,69 +2136,42 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
}
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_IS_CA_CERT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
}
}
- public CertificateExtensions getExtensions(String tokenname, String nickname)
- throws EBaseException {
+ public CertificateExtensions getExtensions(String tokenname, String nickname)
+ throws EBaseException {
try {
return KeyCertUtil.getExtensions(tokenname, nickname);
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
} catch (TokenException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR"));
} catch (ObjectNotFoundException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
- e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_DECODE_CERT_FAILED"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS",
- e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_EXTENSIONS", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
}
}
@@ -2603,10 +2179,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
KeyCertUtil.checkCertificateExt(ext);
}
- public void checkKeyLength(String keyType, int keyLength, String certType,
- int minRSAKeyLen) throws EBaseException {
- // KeyCertUtil.checkKeyLength(keyType, keyLength, certType,
- // minRSAKeyLen);
+ public void checkKeyLength(String keyType, int keyLength, String certType, int minRSAKeyLen) throws EBaseException {
+ // KeyCertUtil.checkKeyLength(keyType, keyLength, certType, minRSAKeyLen);
}
public PQGParams getPQG(int keysize) {
@@ -2614,25 +2188,25 @@ public final class JssSubsystem implements ICryptoSubsystem {
}
public PQGParams getCAPQG(int keysize, IConfigStore store)
- throws EBaseException {
+ throws EBaseException {
return KeyCertUtil.getCAPQG(keysize, store);
}
- public CertificateExtensions getCertExtensions(String tokenname,
- String nickname) throws NotInitializedException, TokenException,
- ObjectNotFoundException,
+ public CertificateExtensions getCertExtensions(String tokenname, String nickname)
+ throws NotInitializedException, TokenException, ObjectNotFoundException,
IOException, CertificateException {
return KeyCertUtil.getExtensions(tokenname, nickname);
}
}
-class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser {
+class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser
+{
public JSSDatabaseCloser() throws Exception {
- super();
+ super();
}
public void closeDatabases() {
- super.closeDatabases();
+ super.closeDatabases();
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
index 7dadc7afa..35b7cdf2b 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.IOException;
import java.security.KeyPair;
@@ -28,14 +29,16 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
+
/**
- * KRA transport certificate
+ * KRA transport certificate
*
* @author Christine Ho
* @version $Revision$, $Date$
*/
public class KRATransportCert extends CertificateInfo {
- public static final String SUBJECT_NAME = "CN=Data Recovery Manager, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME =
+ "CN=Data Recovery Manager, O=Netscape Communications, C=US";
private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
public KRATransportCert(KeyCertData properties) {
@@ -46,7 +49,8 @@ public class KRATransportCert extends CertificateInfo {
super(properties, pair);
String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) &&
+ (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
mTokenname = tmp;
mProperties.put(Constants.PR_AKI, Constants.TRUE);
}
@@ -58,8 +62,7 @@ public class KRATransportCert extends CertificateInfo {
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
cmsFileTmp.putString("kra.transportUnit.nickName", nickname);
else
- cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":"
- + nickname);
+ cmsFileTmp.putString("kra.transportUnit.nickName", tokenname + ":" + nickname);
cmsFileTmp.commit(false);
}
@@ -69,8 +72,8 @@ public class KRATransportCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties
- .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName =
+ (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -78,14 +81,19 @@ public class KRATransportCert extends CertificateInfo {
}
/*
- * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
- * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
- * if (sAlg != null) { return sAlg; } String alg =
- * (String)mProperties.get(Constants.PR_KEY_TYPE);
- *
- * if (alg.equals("RSA")) return
- * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
- * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
+ public SignatureAlgorithm getSigningAlgorithm() {
+ SignatureAlgorithm sAlg =
+ (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+ if (sAlg != null) {
+ return sAlg;
+ }
+ String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
+
+ if (alg.equals("RSA"))
+ return SignatureAlgorithm.RSASignatureWithMD5Digest;
+ else
+ return SignatureAlgorithm.DSASignatureWithSHA1Digest;
+ }
*/
public String getKeyAlgorithm() {
@@ -99,3 +107,4 @@ public class KRATransportCert extends CertificateInfo {
return extension;
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
index 95772307e..589d5a68c 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FilterOutputStream;
@@ -115,6 +116,7 @@ import com.netscape.cmscore.dbs.DateMapper;
import com.netscape.cmscore.dbs.X509CertImplMapper;
import com.netscape.cmsutil.crypto.CryptoUtil;
+
/**
* This class provides all the base methods to generate the key for different
* kinds of certificates.
@@ -147,15 +149,14 @@ public class KeyCertUtil {
try {
Extension de = new Extension(new DerValue(b));
} catch (IOException ex) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_CERT_EXTENSION"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT_EXTENSION"));
}
}
}
}
- public static String getTokenNames(CryptoManager manager)
- throws TokenException {
+ public static String getTokenNames(CryptoManager manager)
+ throws TokenException {
String tokenList = "";
Enumeration tokens = manager.getExternalTokens();
int num = 0;
@@ -179,8 +180,11 @@ public class KeyCertUtil {
// All this streaming is lame, but Base64OutputStream needs a
// PrintStream
ByteArrayOutputStream output = new ByteArrayOutputStream();
- Base64OutputStream b64 = new Base64OutputStream(new PrintStream(
- new FilterOutputStream(output)));
+ Base64OutputStream b64 = new Base64OutputStream(new
+ PrintStream(new
+ FilterOutputStream(output)
+ )
+ );
b64.write(bytes);
b64.flush();
@@ -191,7 +195,7 @@ public class KeyCertUtil {
}
public static byte[] makeDSSParms(BigInteger P, BigInteger Q, BigInteger G)
- throws IOException {
+ throws IOException {
// Write P, Q, G to a DER stream
DerOutputStream contents = new DerOutputStream();
@@ -208,43 +212,42 @@ public class KeyCertUtil {
return sequence.toByteArray();
}
- public static PrivateKey getPrivateKey(String tokenname, String nickname)
- throws TokenException, EBaseException, NoSuchTokenException,
- NotInitializedException, CertificateException,
- CertificateEncodingException, EBaseException,
- ObjectNotFoundException {
+ public static PrivateKey getPrivateKey(String tokenname, String nickname)
+ throws TokenException, EBaseException,
+ NoSuchTokenException, NotInitializedException, CertificateException,
+ CertificateEncodingException, EBaseException, ObjectNotFoundException {
/*
- * String caNickname = store.getString("ca.signing.tokenname"); String
- * tokenName = store.getString("ca.signing.cacertnickname");
+ String caNickname = store.getString("ca.signing.tokenname");
+ String tokenName = store.getString("ca.signing.cacertnickname");
*/
X509Certificate cert = getCertificate(tokenname, nickname);
-
+
return CryptoManager.getInstance().findPrivKeyByCert(cert);
}
- public static String getCertSubjectName(String tokenname, String nickname)
- throws TokenException, EBaseException, NoSuchTokenException,
+ public static String getCertSubjectName(String tokenname, String nickname)
+ throws TokenException, EBaseException, NoSuchTokenException,
NotInitializedException, CertificateException,
CertificateEncodingException, EBaseException {
-
+
X509Certificate cert = getCertificate(tokenname, nickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
return impl.getSubjectDN().getName();
}
- public static X509CertImpl signCert(PrivateKey privateKey,
- X509CertInfo certInfo, SignatureAlgorithm sigAlg)
- throws NoSuchTokenException, EBaseException,
- NotInitializedException {
+ public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo,
+ SignatureAlgorithm sigAlg)
+ throws NoSuchTokenException, EBaseException, NotInitializedException {
try {
- CertificateAlgorithmId sId = (CertificateAlgorithmId) certInfo
- .get(X509CertInfo.ALGORITHM_ID);
- AlgorithmId sigAlgId = (AlgorithmId) sId
- .get(CertificateAlgorithmId.ALGORITHM);
+ CertificateAlgorithmId sId = (CertificateAlgorithmId)
+ certInfo.get(X509CertInfo.ALGORITHM_ID);
+ AlgorithmId sigAlgId =
+ (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM);
- org.mozilla.jss.crypto.PrivateKey priKey = (org.mozilla.jss.crypto.PrivateKey) privateKey;
+ org.mozilla.jss.crypto.PrivateKey priKey =
+ (org.mozilla.jss.crypto.PrivateKey) privateKey;
CryptoToken token = priKey.getOwningToken();
DerOutputStream tmp = new DerOutputStream();
@@ -267,25 +270,19 @@ public class KeyCertUtil {
return signedCert;
} catch (IOException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_SIGNED_FAILED", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_SIGNED_FAILED", e.toString()));
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", e.toString()));
} catch (TokenException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_ERROR_1", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR_1", e.toString()));
} catch (SignatureException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_SIGNED_FAILED", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_SIGNED_FAILED", e.toString()));
} catch (InvalidKeyException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_KEY_1", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString()));
} catch (CertificateException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
- e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
}
- }
+ }
public static SignatureAlgorithm getSigningAlgorithm(String keyType) {
SignatureAlgorithm sAlg = null;
@@ -298,8 +295,7 @@ public class KeyCertUtil {
return sAlg;
}
- public static SignatureAlgorithm getSigningAlgorithm(String keyType,
- String hashtype) {
+ public static SignatureAlgorithm getSigningAlgorithm(String keyType, String hashtype) {
SignatureAlgorithm sAlg = null;
if (keyType.equals("RSA")) {
@@ -321,9 +317,9 @@ public class KeyCertUtil {
}
public static AlgorithmId getAlgorithmId(String algname, IConfigStore store)
- throws EBaseException {
+ throws EBaseException {
try {
-
+
if (algname.equals("DSA")) {
byte[] p = store.getByteArray("ca.dsaP", null);
byte[] q = store.getByteArray("ca.dsaQ", null);
@@ -339,16 +335,15 @@ public class KeyCertUtil {
}
return AlgorithmId.getAlgorithmId(algname);
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED"));
}
}
public static X509Certificate getCertificate(String tokenname,
- String nickname) throws NotInitializedException,
- NoSuchTokenException, EBaseException, TokenException {
+ String nickname) throws NotInitializedException, NoSuchTokenException,
+ EBaseException, TokenException {
CryptoManager manager = CryptoManager.getInstance();
- CryptoToken token = null;
+ CryptoToken token = null;
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
token = manager.getInternalKeyStorageToken();
@@ -365,16 +360,16 @@ public class KeyCertUtil {
try {
return manager.findCertByNickname(certname.toString());
} catch (ObjectNotFoundException e) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CA_SIGNINGCERT_NOT_FOUND"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CA_SIGNINGCERT_NOT_FOUND"));
}
}
- public static KeyPair getKeyPair(String tokenname, String nickname)
- throws NotInitializedException, NoSuchTokenException,
- TokenException, ObjectNotFoundException, EBaseException {
+ public static KeyPair getKeyPair(String tokenname, String nickname)
+ throws NotInitializedException, NoSuchTokenException, TokenException,
+ ObjectNotFoundException, EBaseException {
X509Certificate cert = getCertificate(tokenname, nickname);
- PrivateKey priKey = CryptoManager.getInstance().findPrivKeyByCert(cert);
+ PrivateKey priKey =
+ CryptoManager.getInstance().findPrivKeyByCert(cert);
PublicKey publicKey = cert.getPublicKey();
return new KeyPair(publicKey, priKey);
@@ -388,8 +383,8 @@ public class KeyCertUtil {
}
}
- public static PQGParams getCAPQG(int keysize, IConfigStore store)
- throws EBaseException {
+ public static PQGParams getCAPQG(int keysize, IConfigStore store)
+ throws EBaseException {
if (store != null) {
try {
int pqgKeySize = store.getInteger("ca.dsaPQG.keyLength", 0);
@@ -415,44 +410,40 @@ public class KeyCertUtil {
PQGParams pqg = PQGParams.generate(keysize);
store.putInteger("ca.dsaPQG.keyLength", keysize);
- store.putString("ca.dsaP",
- KeyCertUtil.base64Encode(pqg.getP().toByteArray()));
- store.putString("ca.dsaQ",
- KeyCertUtil.base64Encode(pqg.getQ().toByteArray()));
- store.putString("ca.dsaG",
- KeyCertUtil.base64Encode(pqg.getG().toByteArray()));
- store.putString("ca.dsaSeed",
- KeyCertUtil.base64Encode(pqg.getSeed().toByteArray()));
+ store.putString("ca.dsaP", KeyCertUtil.base64Encode(
+ pqg.getP().toByteArray()));
+ store.putString("ca.dsaQ", KeyCertUtil.base64Encode(
+ pqg.getQ().toByteArray()));
+ store.putString("ca.dsaG", KeyCertUtil.base64Encode(
+ pqg.getG().toByteArray()));
+ store.putString("ca.dsaSeed", KeyCertUtil.base64Encode(
+ pqg.getSeed().toByteArray()));
store.putInteger("ca.dsaCounter", pqg.getCounter());
- store.putString("ca.dsaH",
- KeyCertUtil.base64Encode(pqg.getH().toByteArray()));
- store.putString(
- "ca.DSSParms",
- KeyCertUtil.base64Encode(KeyCertUtil.makeDSSParms(
- pqg.getP(), pqg.getQ(), pqg.getG())));
+ store.putString("ca.dsaH", KeyCertUtil.base64Encode(
+ pqg.getH().toByteArray()));
+ store.putString("ca.DSSParms",
+ KeyCertUtil.base64Encode(
+ KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG())));
store.commit(false);
return pqg;
} catch (IOException ee) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
} catch (EBaseException ee) {
throw ee;
} catch (PQGParamGenException ee) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
}
}
return null;
}
public static KeyPair generateKeyPair(CryptoToken token,
- KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg)
- throws NoSuchAlgorithmException, TokenException,
- InvalidAlgorithmParameterException, InvalidParameterException,
- PQGParamGenException {
+ KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg)
+ throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException,
+ InvalidParameterException, PQGParamGenException {
KeyPairGenerator kpGen = token.getKeyPairGenerator(kpAlg);
-
+
if (kpAlg == KeyPairAlgorithm.DSA) {
if (pqg == null) {
kpGen.initialize(keySize);
@@ -472,16 +463,18 @@ public class KeyCertUtil {
do {
// 602548 NSS bug - to overcome it, we use isBadDSAKeyPair
kp = kpGen.genKeyPair();
- } while (isBadDSAKeyPair(kp));
+ }
+ while (isBadDSAKeyPair(kp));
return kp;
}
}
/**
- * Test for a DSA key pair that will trigger a bug in NSS. The problem
- * occurs when the first byte of the key is 0. This happens when the value
- * otherwise would have been negative, and a zero byte is prepended to force
- * it to be positive. This is blackflag bug 602548.
+ * Test for a DSA key pair that will trigger a bug in NSS.
+ * The problem occurs when the first byte of the key is 0. This
+ * happens when the value otherwise would have been negative, and a
+ * zero byte is prepended to force it to be positive.
+ * This is blackflag bug 602548.
*/
public static boolean isBadDSAKeyPair(KeyPair pair) {
try {
@@ -494,10 +487,9 @@ public class KeyCertUtil {
BIT_STRING bs = (BIT_STRING) seq.elementAt(1);
byte[] bits = bs.getBits();
- ByteArrayInputStream bitstream = new ByteArrayInputStream(
- bs.getBits());
+ ByteArrayInputStream bitstream = new ByteArrayInputStream(bs.getBits());
ASN1Header wrapper = new ASN1Header(bitstream);
- byte[] valBytes = new byte[(int) wrapper.getContentLength()];
+ byte[] valBytes = new byte[ (int) wrapper.getContentLength() ];
ASN1Util.readFully(valBytes, bitstream);
@@ -511,7 +503,7 @@ public class KeyCertUtil {
}
public static KeyPair generateKeyPair(String tokenName, String alg,
- int keySize, PQGParams pqg) throws EBaseException {
+ int keySize, PQGParams pqg) throws EBaseException {
CryptoToken token = null;
@@ -520,17 +512,14 @@ public class KeyCertUtil {
try {
if (tokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN)) {
- token = CryptoManager.getInstance()
- .getInternalKeyStorageToken();
+ token = CryptoManager.getInstance().getInternalKeyStorageToken();
} else {
token = CryptoManager.getInstance().getTokenByName(tokenName);
}
} catch (NoSuchTokenException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_NOT_FOUND", tokenName));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName));
} catch (NotInitializedException e) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
}
KeyPairAlgorithm kpAlg = null;
@@ -545,25 +534,22 @@ public class KeyCertUtil {
return kp;
} catch (InvalidParameterException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_INVALID_KEYSIZE_PARAMS", "" + keySize));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEYSIZE_PARAMS",
+ "" + keySize));
} catch (PQGParamGenException e) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_PQG_GEN_FAILED"));
} catch (NoSuchAlgorithmException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", kpAlg.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED",
+ kpAlg.toString()));
} catch (TokenException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_TOKEN_ERROR_1", e.toString()));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_ERROR_1", e.toString()));
} catch (InvalidAlgorithmParameterException e) {
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", "DSA"));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", "DSA"));
}
}
- public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair)
- throws NoSuchAlgorithmException, NoSuchProviderException,
+ public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException, IOException, CertificateException,
SignatureException {
PublicKey pubk = keyPair.getPublic();
@@ -577,8 +563,8 @@ public class KeyCertUtil {
} else {
alg = "DSA";
}
- java.security.Signature sig = java.security.Signature.getInstance(alg,
- "Mozilla-JSS");
+ java.security.Signature sig =
+ java.security.Signature.getInstance(alg, "Mozilla-JSS");
sig.initSign(keyPair.getPrivate());
@@ -592,10 +578,12 @@ public class KeyCertUtil {
return pkcs10;
}
- public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair,
- Extensions exts) throws NoSuchAlgorithmException,
- NoSuchProviderException, InvalidKeyException, IOException,
- CertificateException, SignatureException {
+ public static PKCS10 getCertRequest(String subjectName, KeyPair
+ keyPair, Extensions
+ exts)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
+ InvalidKeyException, IOException, CertificateException,
+ SignatureException {
PublicKey pubk = keyPair.getPublic();
X509Key key = convertPublicKeyToX509Key(pubk);
String alg;
@@ -607,16 +595,17 @@ public class KeyCertUtil {
} else {
alg = "DSA";
}
- java.security.Signature sig = java.security.Signature.getInstance(alg,
- "Mozilla-JSS");
+ java.security.Signature sig =
+ java.security.Signature.getInstance(alg, "Mozilla-JSS");
sig.initSign(keyPair.getPrivate());
PKCS10 pkcs10 = null;
if (exts != null) {
- PKCS10Attribute attr = new PKCS10Attribute(
- PKCS9Attribute.EXTENSION_REQUEST_OID, (CertAttrSet) exts);
+ PKCS10Attribute attr = new
+ PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID,
+ (CertAttrSet) exts);
PKCS10Attributes attrs = new PKCS10Attributes();
attrs.setAttribute(attr.getAttributeValue().getName(), attr);
@@ -634,8 +623,8 @@ public class KeyCertUtil {
return pkcs10;
}
- public static X509Key convertPublicKeyToX509Key(PublicKey pubk)
- throws InvalidKeyException {
+ public static X509Key convertPublicKeyToX509Key(PublicKey pubk)
+ throws InvalidKeyException {
X509Key xKey;
@@ -643,9 +632,9 @@ public class KeyCertUtil {
RSAPublicKey rsaKey = (RSAPublicKey) pubk;
// REMOVED constructors from parameters by MLH on 1/9/99
- xKey = new netscape.security.provider.RSAPublicKey(new BigInt(
- rsaKey.getModulus()),
- new BigInt(rsaKey.getPublicExponent()));
+ xKey = new netscape.security.provider.RSAPublicKey(
+ new BigInt(rsaKey.getModulus()),
+ new BigInt(rsaKey.getPublicExponent()));
} else if (pubk instanceof PK11ECPublicKey) {
byte encoded[] = pubk.getEncoded();
xKey = CryptoUtil.getPublicX509ECCKey(encoded);
@@ -654,41 +643,44 @@ public class KeyCertUtil {
DSAPublicKey dsaKey = (DSAPublicKey) pubk;
DSAParams params = dsaKey.getParams();
- xKey = new netscape.security.provider.DSAPublicKey(dsaKey.getY(),
- params.getP(), params.getQ(), params.getG());
+ xKey = new netscape.security.provider.DSAPublicKey(
+ dsaKey.getY(),
+ params.getP(),
+ params.getQ(),
+ params.getG());
}
return xKey;
}
- public static X509Certificate importCert(X509CertImpl signedCert,
- String nickname, String certType) throws NotInitializedException,
- TokenException, CertificateEncodingException,
- UserCertConflictException, NicknameConflictException,
- NoSuchItemOnTokenException, CertificateException {
-
+ public static X509Certificate
+ importCert(X509CertImpl signedCert, String nickname,
+ String certType) throws NotInitializedException, TokenException,
+ CertificateEncodingException, UserCertConflictException,
+ NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+
return importCert(signedCert.getEncoded(), nickname, certType);
}
- public static X509Certificate importCert(String b64E, String nickname,
- String certType) throws NotInitializedException, TokenException,
+ public static X509Certificate
+ importCert(String b64E, String nickname, String certType)
+ throws NotInitializedException, TokenException,
CertificateEncodingException, UserCertConflictException,
- NicknameConflictException, NoSuchItemOnTokenException,
- CertificateException {
-
+ NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+
byte b[] = b64E.getBytes();
X509Certificate cert = getInternalCertificate(b, nickname, certType);
-
+
if (cert instanceof InternalCertificate) {
setTrust(certType, (InternalCertificate) cert);
}
return cert;
}
- public static X509Certificate importCert(byte[] b, String nickname,
- String certType) throws NotInitializedException, TokenException,
- CertificateEncodingException, UserCertConflictException,
- NicknameConflictException, NoSuchItemOnTokenException,
- CertificateException {
+ public static X509Certificate
+ importCert(byte[] b, String nickname, String certType)
+ throws NotInitializedException, TokenException,
+ CertificateEncodingException, UserCertConflictException,
+ NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
X509Certificate cert = getInternalCertificate(b, nickname, certType);
@@ -698,43 +690,43 @@ public class KeyCertUtil {
return cert;
}
- public static X509Certificate getInternalCertificate(byte[] b,
- String nickname, String certType) throws NotInitializedException,
- TokenException, CertificateEncodingException,
- UserCertConflictException, NicknameConflictException,
- NoSuchItemOnTokenException, CertificateException {
+ public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType)
+ throws NotInitializedException, TokenException, CertificateEncodingException,
+ UserCertConflictException, NicknameConflictException, NoSuchItemOnTokenException,
+ CertificateException {
X509Certificate cert = null;
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
cert = CryptoManager.getInstance().importUserCACertPackage(b,
- nickname);
- } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)
- || certType.equals(Constants.PR_KRA_TRANSPORT_CERT)
- || certType.equals(Constants.PR_OCSP_SIGNING_CERT)
- || certType.equals(Constants.PR_SERVER_CERT)
- || certType.equals(Constants.PR_SERVER_CERT_RADM)
- || certType.equals(Constants.PR_OTHER_CERT)
- || certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
- cert = CryptoManager.getInstance().importCertPackage(b, nickname);
+ nickname);
+ } else if (certType.equals(Constants.PR_RA_SIGNING_CERT) ||
+ certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
+ certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
+ certType.equals(Constants.PR_SERVER_CERT) ||
+ certType.equals(Constants.PR_SERVER_CERT_RADM) ||
+ certType.equals(Constants.PR_OTHER_CERT) ||
+ certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+ cert = CryptoManager.getInstance().importCertPackage(b,
+ nickname);
} else if (certType.equals(Constants.PR_SERVER_CERT_CHAIN)) {
cert = CryptoManager.getInstance().importCACertPackage(b);
} else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) {
cert = CryptoManager.getInstance().importCACertPackage(b);
- X509Certificate[] certchain = CryptoManager.getInstance()
- .buildCertificateChain(cert);
+ X509Certificate[] certchain = CryptoManager.getInstance().buildCertificateChain(cert);
if (certchain != null) {
cert = certchain[certchain.length - 1];
}
}
- return cert;
+ return cert;
}
public static void setTrust(String certType, InternalCertificate inCert) {
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
- int flag = InternalCertificate.VALID_CA
- | InternalCertificate.TRUSTED_CA | InternalCertificate.USER
- | InternalCertificate.TRUSTED_CLIENT_CA;
+ int flag = InternalCertificate.VALID_CA |
+ InternalCertificate.TRUSTED_CA |
+ InternalCertificate.USER |
+ InternalCertificate.TRUSTED_CLIENT_CA;
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
@@ -744,61 +736,72 @@ public class KeyCertUtil {
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
- inCert.setEmailTrust(flag);
+ inCert.setEmailTrust(flag);
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
- inCert.setEmailTrust(flag);
- } else if (certType.equals(Constants.PR_SERVER_CERT)
- || certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+ inCert.setEmailTrust(flag);
+ } else if (certType.equals(Constants.PR_SERVER_CERT) ||
+ certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
inCert.setSSLTrust(flag);
inCert.setObjectSigningTrust(flag);
- inCert.setEmailTrust(flag);
+ inCert.setEmailTrust(flag);
} else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) {
- inCert.setSSLTrust(InternalCertificate.TRUSTED_CA
- | InternalCertificate.TRUSTED_CLIENT_CA
- | InternalCertificate.VALID_CA);
- // inCert.setEmailTrust(InternalCertificate.TRUSTED_CA);
-
- // cannot set this bit. If set, then the cert will not appear when
- // you called getCACerts().
- // inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA);
+ inCert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA |
+ InternalCertificate.VALID_CA);
+ //inCert.setEmailTrust(InternalCertificate.TRUSTED_CA);
+
+ // cannot set this bit. If set, then the cert will not appear when you called getCACerts().
+ //inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA);
}
}
public static byte[] convertB64EToByteArray(String b64E)
- throws CertificateException, IOException {
+ throws CertificateException, IOException {
String str = CertUtils.stripCertBrackets(b64E);
byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(str));
/*
- * java.security.cert.X509Certificate cert =
- * java.security.cert.X509Certificate.getInstance(bCert); return cert;
+ java.security.cert.X509Certificate cert =
+ java.security.cert.X509Certificate.getInstance(bCert);
+ return cert;
*/
return bCert;
}
/**
- * ASN.1 structure: 0 30 142: SEQUENCE { 3 30 69: SEQUENCE { 5 06 3: OBJECT
- * IDENTIFIER issuerAltName (2 5 29 18) 10 04 62: OCTET STRING : 30 3C 82 01
- * 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04
- * 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61
- * 70 65 2E 63 6F 6D 88 03 29 01 01 : } 74 30 69: SEQUENCE { 76 06 3: OBJECT
- * IDENTIFIER subjectAltName (2 5 29 17) 81 04 62: OCTET STRING : 30 3C 82
- * 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87
- * 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63
- * 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } : } Uses the following to test
- * with configuration wizard:
+ * ASN.1 structure:
+ * 0 30 142: SEQUENCE {
+ * 3 30 69: SEQUENCE {
+ * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
+ * 10 04 62: OCTET STRING
+ * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
+ * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
+ * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
+ * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
+ * : }
+ * 74 30 69: SEQUENCE {
+ * 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
+ * 81 04 62: OCTET STRING
+ * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
+ * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
+ * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
+ * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
+ * : }
+ * : }
+ * Uses the following to test with configuration wizard:
* MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB
* FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x
- * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB AQ==
+ * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB
+ * AQ==
*/
- public static void setDERExtension(CertificateExtensions ext,
- KeyCertData properties) throws IOException {
+ public static void setDERExtension(
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException {
String b64E = properties.getDerExtension();
@@ -822,8 +825,9 @@ public class KeyCertUtil {
}
}
- public static void setBasicConstraintsExtension(CertificateExtensions ext,
- KeyCertData properties) throws IOException {
+ public static void setBasicConstraintsExtension(
+ CertificateExtensions ext, KeyCertData properties)
+ throws IOException {
String isCA = properties.isCA();
String certLen = properties.getCertLen();
@@ -839,29 +843,30 @@ public class KeyCertUtil {
else
len = Integer.parseInt(certLen);
- if ((isCA == null) || (isCA.equals(""))
- || (isCA.equals(Constants.FALSE)))
+ if ((isCA == null) || (isCA.equals("")) ||
+ (isCA.equals(Constants.FALSE)))
bool = false;
else
bool = true;
-
- BasicConstraintsExtension basic = new BasicConstraintsExtension(bool,
- len);
+
+ BasicConstraintsExtension basic = new BasicConstraintsExtension(
+ bool, len);
ext.set(BasicConstraintsExtension.NAME, basic);
}
- public static void setExtendedKeyUsageExtension(CertificateExtensions ext,
- KeyCertData properties) throws IOException, CertificateException {
+ public static void setExtendedKeyUsageExtension(
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
+ CertificateException {
ExtendedKeyUsageExtension ns = new ExtendedKeyUsageExtension();
boolean anyExt = false;
-
+
String sslClient = properties.getSSLClientBit();
-
+
if ((sslClient != null) && (sslClient.equals(Constants.TRUE))) {
ns.addOID(new ObjectIdentifier("1.3.6.1.5.5.7.3.2"));
anyExt = true;
- }
+ }
String sslServer = properties.getSSLServerBit();
@@ -902,8 +907,8 @@ public class KeyCertUtil {
}
public static void setNetscapeCertificateExtension(
- CertificateExtensions ext, KeyCertData properties)
- throws IOException, CertificateException {
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
+ CertificateException {
NSCertTypeExtension ns = new NSCertTypeExtension();
boolean anyExt = false;
@@ -952,8 +957,7 @@ public class KeyCertUtil {
String objectSigningCA = properties.getObjectSigningCABit();
- if ((objectSigningCA != null)
- && (objectSigningCA.equals(Constants.TRUE))) {
+ if ((objectSigningCA != null) && (objectSigningCA.equals(Constants.TRUE))) {
ns.set(NSCertTypeExtension.OBJECT_SIGNING_CA, new Boolean(true));
anyExt = true;
}
@@ -961,36 +965,38 @@ public class KeyCertUtil {
ext.set(NSCertTypeExtension.NAME, ns);
}
- public static void setOCSPNoCheck(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties)
- throws IOException, NoSuchAlgorithmException, InvalidKeyException {
+ public static void setOCSPNoCheck(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
+ NoSuchAlgorithmException, InvalidKeyException {
String noCheck = properties.getOCSPNoCheck();
if ((noCheck != null) && (noCheck.equals(Constants.TRUE))) {
- OCSPNoCheckExtension noCheckExt = new OCSPNoCheckExtension();
+ OCSPNoCheckExtension noCheckExt =
+ new OCSPNoCheckExtension();
ext.set(OCSPNoCheckExtension.NAME, noCheckExt);
}
}
- public static void setOCSPSigning(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties)
- throws IOException, NoSuchAlgorithmException, InvalidKeyException {
+ public static void setOCSPSigning(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
+ NoSuchAlgorithmException, InvalidKeyException {
String signing = properties.getOCSPSigning();
- if ((signing != null) && (signing.equals(Constants.TRUE))) {
- Vector oidSet = new Vector();
- oidSet.addElement(ObjectIdentifier
- .getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning));
- ExtendedKeyUsageExtension ocspExt = new ExtendedKeyUsageExtension(
- false, oidSet);
+ if ((signing != null) && (signing.equals(Constants.TRUE))) {
+ Vector oidSet = new Vector();
+ oidSet.addElement(
+ ObjectIdentifier.getObjectIdentifier(
+ ExtendedKeyUsageExtension.OID_OCSPSigning));
+ ExtendedKeyUsageExtension ocspExt =
+ new ExtendedKeyUsageExtension(false, oidSet);
ext.set(ExtendedKeyUsageExtension.NAME, ocspExt);
}
}
- public static void setAuthInfoAccess(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties)
- throws IOException, NoSuchAlgorithmException, InvalidKeyException {
+ public static void setAuthInfoAccess(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
+ NoSuchAlgorithmException, InvalidKeyException {
String aia = properties.getAIA();
if ((aia != null) && (aia.equals(Constants.TRUE))) {
@@ -998,131 +1004,137 @@ public class KeyCertUtil {
String port = CMS.getEENonSSLPort();
AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(false);
if (hostname != null && port != null) {
- String location = "http://" + hostname + ":" + port
- + "/ca/ocsp";
+ String location = "http://"+hostname+":"+port+"/ca/ocsp";
GeneralName ocspName = new GeneralName(new URIName(location));
- aiaExt.addAccessDescription(
- AuthInfoAccessExtension.METHOD_OCSP, ocspName);
+ aiaExt.addAccessDescription(AuthInfoAccessExtension.METHOD_OCSP, ocspName);
}
ext.set(AuthInfoAccessExtension.NAME, aiaExt);
}
}
- public static void setAuthorityKeyIdentifier(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties)
- throws IOException, NoSuchAlgorithmException, InvalidKeyException {
+ public static void setAuthorityKeyIdentifier(KeyPair keypair,
+ CertificateExtensions ext, KeyCertData properties) throws IOException,
+ NoSuchAlgorithmException, InvalidKeyException {
String aki = properties.getAKI();
if ((aki != null) && (aki.equals(Constants.TRUE))) {
KeyIdentifier id = createKeyIdentifier(keypair);
- AuthorityKeyIdentifierExtension akiExt = new AuthorityKeyIdentifierExtension(
- id, null, null);
+ AuthorityKeyIdentifierExtension akiExt =
+ new AuthorityKeyIdentifierExtension(id, null, null);
ext.set(AuthorityKeyIdentifierExtension.NAME, akiExt);
}
}
- public static void setSubjectKeyIdentifier(KeyPair keypair,
- CertificateExtensions ext, KeyCertData properties)
- throws IOException, NoSuchAlgorithmException, InvalidKeyException {
+ public static void setSubjectKeyIdentifier(KeyPair keypair,
+ CertificateExtensions ext,
+ KeyCertData properties) throws IOException, NoSuchAlgorithmException,
+ InvalidKeyException {
String ski = properties.getSKI();
if ((ski != null) && (ski.equals(Constants.TRUE))) {
KeyIdentifier id = createKeyIdentifier(keypair);
- SubjectKeyIdentifierExtension skiExt = new SubjectKeyIdentifierExtension(
- id.getIdentifier());
+ SubjectKeyIdentifierExtension skiExt =
+ new SubjectKeyIdentifierExtension(id.getIdentifier());
ext.set(SubjectKeyIdentifierExtension.NAME, skiExt);
}
}
public static void setKeyUsageExtension(CertificateExtensions ext,
- KeyUsageExtension keyUsage) throws IOException {
+ KeyUsageExtension keyUsage) throws IOException {
ext.set(KeyUsageExtension.NAME, keyUsage);
}
- public static KeyIdentifier createKeyIdentifier(KeyPair keypair)
- throws NoSuchAlgorithmException, InvalidKeyException {
+ public static KeyIdentifier createKeyIdentifier(KeyPair keypair)
+ throws NoSuchAlgorithmException, InvalidKeyException {
MessageDigest md = MessageDigest.getInstance("SHA-1");
- X509Key subjectKeyInfo = convertPublicKeyToX509Key(keypair.getPublic());
+ X509Key subjectKeyInfo = convertPublicKeyToX509Key(
+ keypair.getPublic());
- // md.update(subjectKeyInfo.getEncoded());
+ //md.update(subjectKeyInfo.getEncoded());
md.update(subjectKeyInfo.getKey());
return new KeyIdentifier(md.digest());
}
- public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN)
- throws LDAPException {
+ public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN)
+ throws LDAPException {
String dn = "ou=certificateRepository,ou=ca," + baseDN;
BigInteger serialno = null;
LDAPEntry entry = conn.read(dn);
- String serialnoStr = (String) entry.getAttribute("serialno")
- .getStringValues().nextElement();
+ String serialnoStr = (String) entry.getAttribute(
+ "serialno").getStringValues().nextElement();
serialno = BigIntegerMapper.BigIntegerFromDB(serialnoStr);
LDAPAttribute attr = new LDAPAttribute("serialno");
- attr.addValue(BigIntegerMapper.BigIntegerToDB(serialno
- .add(new BigInteger("1"))));
- LDAPModification mod = new LDAPModification(LDAPModification.REPLACE,
- attr);
+ attr.addValue(BigIntegerMapper.BigIntegerToDB(
+ serialno.add(new BigInteger("1"))));
+ LDAPModification mod = new LDAPModification(
+ LDAPModification.REPLACE, attr);
conn.modify(dn, mod);
return serialno;
}
- public static void setSerialNumber(LDAPConnection conn, String baseDN,
- BigInteger serial) throws LDAPException {
+ public static void setSerialNumber(LDAPConnection conn,
+ String baseDN, BigInteger serial)
+ throws LDAPException {
String dn = "ou=certificateRepository,ou=ca," + baseDN;
LDAPAttribute attr = new LDAPAttribute("serialno");
// the serial number should already be set
- attr.addValue(BigIntegerMapper.BigIntegerToDB(serial));
- LDAPModification mod = new LDAPModification(LDAPModification.REPLACE,
- attr);
+ attr.addValue(BigIntegerMapper.BigIntegerToDB(
+ serial));
+ LDAPModification mod = new LDAPModification(
+ LDAPModification.REPLACE, attr);
conn.modify(dn, mod);
}
- public static void addCertToDB(LDAPConnection conn, String dn,
- X509CertImpl cert) throws LDAPException, EBaseException {
+ public static void addCertToDB(LDAPConnection conn, String dn, X509CertImpl cert)
+ throws LDAPException, EBaseException {
BigInteger serialno = cert.getSerialNumber();
X509CertImplMapper mapper = new X509CertImplMapper();
LDAPAttributeSet attrs = new LDAPAttributeSet();
- mapper.mapObjectToLDAPAttributeSet(null, null, cert, attrs);
+ mapper.mapObjectToLDAPAttributeSet(null, null,
+ cert, attrs);
attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "certificateRecord"));
- attrs.add(new LDAPAttribute("serialno", BigIntegerMapper
- .BigIntegerToDB(serialno)));
- attrs.add(new LDAPAttribute("dateOfCreate", DateMapper.dateToDB((CMS
- .getCurrentDate()))));
- attrs.add(new LDAPAttribute("dateOfModify", DateMapper.dateToDB((CMS
- .getCurrentDate()))));
- attrs.add(new LDAPAttribute("certStatus", "VALID"));
- attrs.add(new LDAPAttribute("autoRenew", "ENABLED"));
- attrs.add(new LDAPAttribute("issuedBy", "installation"));
- LDAPEntry entry = new LDAPEntry("cn=" + serialno.toString() + "," + dn,
- attrs);
+ attrs.add(new LDAPAttribute("objectclass",
+ "certificateRecord"));
+ attrs.add(new LDAPAttribute("serialno",
+ BigIntegerMapper.BigIntegerToDB(
+ serialno)));
+ attrs.add(new LDAPAttribute("dateOfCreate",
+ DateMapper.dateToDB((CMS.getCurrentDate()))));
+ attrs.add(new LDAPAttribute("dateOfModify",
+ DateMapper.dateToDB((CMS.getCurrentDate()))));
+ attrs.add(new LDAPAttribute("certStatus",
+ "VALID"));
+ attrs.add(new LDAPAttribute("autoRenew",
+ "ENABLED"));
+ attrs.add(new LDAPAttribute("issuedBy",
+ "installation"));
+ LDAPEntry entry = new LDAPEntry("cn=" + serialno.toString() + "," + dn, attrs);
conn.add(entry);
}
- public static CertificateExtensions getExtensions(String tokenname,
- String nickname) throws NotInitializedException, TokenException,
- ObjectNotFoundException, IOException, CertificateException {
+ public static CertificateExtensions getExtensions(String tokenname, String nickname)
+ throws NotInitializedException, TokenException, ObjectNotFoundException,
+ IOException, CertificateException {
String fullnickname = nickname;
- if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
+ if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
fullnickname = tokenname + ":" + nickname;
CryptoManager manager = CryptoManager.getInstance();
X509Certificate cert = manager.findCertByNickname(fullnickname);
X509CertImpl impl = new X509CertImpl(cert.getEncoded());
- X509CertInfo info = (X509CertInfo) impl.get(X509CertImpl.NAME + "."
- + X509CertImpl.INFO);
+ X509CertInfo info = (X509CertInfo) impl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
return (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
}
diff --git a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
index c04bc19f9..efeade921 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
@@ -33,6 +34,7 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
+
/**
* OCSP signing certificate.
*
@@ -40,7 +42,8 @@ import com.netscape.certsrv.security.KeyCertData;
* @version $Revision$, $Date$
*/
public class OCSPSigningCert extends CertificateInfo {
- public static final String SUBJECT_NAME = "CN=Certificate Authority, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME =
+ "CN=Certificate Authority, O=Netscape Communications, C=US";
public OCSPSigningCert(KeyCertData properties) {
this(properties, null);
@@ -48,16 +51,19 @@ public class OCSPSigningCert extends CertificateInfo {
public OCSPSigningCert(KeyCertData properties, KeyPair pair) {
super(properties, pair);
- /*
- * included in console UI try { if
- * (mProperties.get(Constants.PR_OCSP_SIGNING) == null) {
- * mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE); } if
- * (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) {
- * mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE); } } catch
- * (Exception e) { mProperties.put(Constants.PR_OCSP_SIGNING,
- * Constants.TRUE); mProperties.put(Constants.PR_OCSP_NOCHECK,
- * Constants.TRUE); }
- */
+ /* included in console UI
+ try {
+ if (mProperties.get(Constants.PR_OCSP_SIGNING) == null) {
+ mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE);
+ }
+ if (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) {
+ mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE);
+ }
+ } catch (Exception e) {
+ mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE);
+ mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE);
+ }
+ */
}
public String getSubjectName() {
@@ -79,7 +85,7 @@ public class OCSPSigningCert extends CertificateInfo {
BigInteger P = new BigInteger(p);
BigInteger Q = new BigInteger(q);
BigInteger G = new BigInteger(g);
- BigInteger pqgSeed = new BigInteger(seed);
+ BigInteger pqgSeed = new BigInteger(seed);
BigInteger pqgH = new BigInteger(H);
return new PQGParams(P, Q, G, pqgSeed, counter, pqgH);
@@ -100,22 +106,20 @@ public class OCSPSigningCert extends CertificateInfo {
else if (keyType.equals("DSA"))
alg = "SHA1withDSA";
else
- throw new EBaseException(CMS.getUserMessage(
- "CMS_BASE_ALG_NOT_SUPPORTED", keyType));
+ throw new EBaseException(CMS.getUserMessage("CMS_BASE_ALG_NOT_SUPPORTED", keyType));
cmsFileTmp.putString("ca.signing.defaultSigningAlgorithm", alg);
if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
cmsFileTmp.putString("ca.signing.cacertnickname", nickname);
else
- cmsFileTmp.putString("ca.signing.cacertnickname", tokenname + ":"
- + nickname);
+ cmsFileTmp.putString("ca.signing.cacertnickname",
+ tokenname + ":" + nickname);
cmsFileTmp.commit(false);
}
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties
- .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -136,3 +140,4 @@ public class OCSPSigningCert extends CertificateInfo {
return extension;
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
index 3e94d601d..48b19f62b 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.File;
import java.io.InputStream;
import java.io.OutputStream;
@@ -29,6 +30,7 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmscore.base.JDialogPasswordCallback;
+
/*
* A class to retrieve passwords from the SDR password cache
*
@@ -39,7 +41,7 @@ import com.netscape.cmscore.base.JDialogPasswordCallback;
public class PWCBsdr implements PasswordCallback {
InputStream in = null;
OutputStream out = null;
- String mprompt = "";
+ String mprompt = "";
boolean firsttime = true;
private PasswordCallback mCB = null;
private String mPWcachedb = null;
@@ -48,38 +50,38 @@ public class PWCBsdr implements PasswordCallback {
public PWCBsdr() {
this(null);
}
-
+
public PWCBsdr(String prompt) {
in = System.in;
out = System.out;
mprompt = prompt;
- /*
- * to get the test program work
- * System.out.println("before CMS.getLogger"); try {
+ /* to get the test program work
+ System.out.println("before CMS.getLogger");
+ try {
*/
mLogger = CMS.getLogger();
/*
- * } catch (NullPointerException e) { System.out.println(
- * "after CMS.getLoggergot NullPointerException ... testing ok"); }
- * System.out.println("after CMS.getLogger");
+ } catch (NullPointerException e) {
+ System.out.println("after CMS.getLoggergot NullPointerException ... testing ok");
+ }
+ System.out.println("after CMS.getLogger");
*/
// get path to password cache
try {
mPWcachedb = CMS.getConfigStore().getString("pwCache");
- CMS.debug("got pwCache from configstore: " + mPWcachedb);
+ CMS.debug("got pwCache from configstore: " +
+ mPWcachedb);
} catch (NullPointerException e) {
- System.out
- .println("after CMS.getConfigStore got NullPointerException ... testing ok");
+ System.out.println("after CMS.getConfigStore got NullPointerException ... testing ok");
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG"));
// let it fall through
}
- // System.out.println("after CMS.getConfigStore");
- if (File.separator.equals("/")) {
+ // System.out.println("after CMS.getConfigStore");
+ if (File.separator.equals("/")) {
// Unix
mCB = new PWsdrConsolePasswordCallback(prompt);
} else {
@@ -88,27 +90,33 @@ public class PWCBsdr implements PasswordCallback {
}
// System.out.println( "Created PWCBsdr with prompt of "
- // + mprompt );
+ // + mprompt );
}
- /*
- * We are now assuming that PasswordCallbackInfo.getname() returns the tag
- * we are hoping to match in the cache.
+ /* We are now assuming that PasswordCallbackInfo.getname() returns
+ * the tag we are hoping to match in the cache.
*/
public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
- throws PasswordCallback.GiveUpException {
+ throws PasswordCallback.GiveUpException {
CMS.debug("in getPasswordFirstAttempt");
- /*
- * debugging code to see if token is logged in try { CryptoManager cm =
- * CryptoManager.getInstance(); CryptoToken token =
- * cm.getInternalKeyStorageToken(); if (token.isLoggedIn() == false) {
- * // missed it. CMS.debug("token not yet logged in!!"); } else {
- * CMS.debug("token logged in."); } } catch (Exception e) {
- * CMS.debug("crypto manager error:"+e.toString()); }
- * CMS.debug("still in getPasswordFirstAttempt");
+ /* debugging code to see if token is logged in
+ try {
+ CryptoManager cm = CryptoManager.getInstance();
+ CryptoToken token =
+ cm.getInternalKeyStorageToken();
+ if (token.isLoggedIn() == false) {
+ // missed it.
+ CMS.debug("token not yet logged in!!");
+ } else {
+ CMS.debug("token logged in.");
+ }
+ } catch (Exception e) {
+ CMS.debug("crypto manager error:"+e.toString());
+ }
+ CMS.debug("still in getPasswordFirstAttempt");
*/
Password pw = null;
String tmpPrompt = info.getName();
@@ -136,7 +144,7 @@ public class PWCBsdr implements PasswordCallback {
if (tmpPrompt == null) { /* no name, fail */
System.out.println("Shouldn't get here");
throw new PasswordCallback.GiveUpException();
- } else { /* get password from password cache */
+ } else { /* get password from password cache */
CMS.debug("getting tag = " + tmpPrompt);
PWsdrCache pwc = new PWsdrCache(mPWcachedb, mLogger);
@@ -149,9 +157,8 @@ public class PWCBsdr implements PasswordCallback {
return (pw);
} else { /* password not found */
- // we don't want caller to do getPasswordAgain, for now
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_THROW_CALLBACK"));
+ // we don't want caller to do getPasswordAgain, for now
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_THROW_CALLBACK"));
throw new PasswordCallback.GiveUpException();
}
}
@@ -162,13 +169,12 @@ public class PWCBsdr implements PasswordCallback {
}
}
- /*
- * The password cache has failed to return a password (or a usable password.
- * Now we will try and get the password from the user and hopefully add the
- * password to the cache pw cache
+ /* The password cache has failed to return a password (or a usable password.
+ * Now we will try and get the password from the user and hopefully add
+ * the password to the cache pw cache
*/
public Password getPasswordAgain(PasswordCallbackInfo info)
- throws PasswordCallback.GiveUpException {
+ throws PasswordCallback.GiveUpException {
CMS.debug("in getPasswordAgain");
try {
@@ -192,7 +198,7 @@ public class PWCBsdr implements PasswordCallback {
}
} catch (Throwable e) {
// System.out.println( "BUG HERE!! in the password again!!"
- // + "!!!!!!!!!!!" );
+ // + "!!!!!!!!!!!" );
// e.printStackTrace();
throw new PasswordCallback.GiveUpException();
}
@@ -202,12 +208,12 @@ public class PWCBsdr implements PasswordCallback {
if (mLogger == null) {
System.out.println(msg);
} else {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr "
- + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg);
}
}
}
+
class PWsdrConsolePasswordCallback implements PasswordCallback {
private String mPrompt = null;
@@ -220,7 +226,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
}
public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
- throws PasswordCallback.GiveUpException {
+ throws PasswordCallback.GiveUpException {
if (mPrompt == null) {
System.out.println("Get password " + info.getName());
} else {
@@ -233,7 +239,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
}
public Password getPasswordAgain(PasswordCallbackInfo info)
- throws PasswordCallback.GiveUpException {
+ throws PasswordCallback.GiveUpException {
System.out.println("Password Incorrect.");
if (mPrompt == null) {
System.out.println("Get password " + info.getName());
@@ -247,6 +253,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
}
}
+
class PWsdrDialogPasswordCallback extends JDialogPasswordCallback {
private String mPrompt = null;
@@ -263,3 +270,4 @@ class PWsdrDialogPasswordCallback extends JDialogPasswordCallback {
}
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
index 908ac1db7..3be636912 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
@@ -17,19 +17,23 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.BufferedReader;
import java.io.InputStreamReader;
import org.mozilla.jss.util.Password;
import org.mozilla.jss.util.PasswordCallback;
-public class PWUtil {
- public static Password readPasswordFromStream()
- throws PasswordCallback.GiveUpException {
+
+public class
+PWUtil {
+ public static Password
+ readPasswordFromStream()
+ throws PasswordCallback.GiveUpException {
BufferedReader in;
in = new BufferedReader(new InputStreamReader(System.in));
-
+
StringBuffer buf = new StringBuffer();
String passwordString = new String();
int c;
@@ -45,7 +49,7 @@ public class PWUtil {
if (ch != '\r') {
if (ch != '\n') {
buf.append(ch);
- } else {
+ } else {
passwordString = buf.toString();
buf.setLength(0);
break;
@@ -57,10 +61,10 @@ public class PWUtil {
}
// memory problem?
- // String passwordString = in.readLine();
- // System.out.println( "done read" );
- // System.out.println( " password recieved is ["
- // + passwordString + "]" );
+ // String passwordString = in.readLine();
+ // System.out.println( "done read" );
+ // System.out.println( " password recieved is ["
+ // + passwordString + "]" );
if (passwordString == null) {
throw new PasswordCallback.GiveUpException();
}
@@ -76,3 +80,4 @@ public class PWUtil {
}
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
index 51c1a3b77..12412f59c 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -45,6 +46,7 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmsutil.util.Utils;
+
/*
* A class for managing passwords in the SDR password cache
*
@@ -71,8 +73,7 @@ public class PWsdrCache {
mPWcachedb = CMS.getConfigStore().getString("pwCache");
CMS.debug("got pwCache file path from configstore");
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CONFIG"));
// let it fall through
}
initToken();
@@ -84,18 +85,14 @@ public class PWsdrCache {
CryptoManager cm = null;
try {
cm = CryptoManager.getInstance();
- mTokenName = CMS.getConfigStore()
- .getString(PROP_PWC_TOKEN_NAME);
- log(ILogger.LL_DEBUG,
- "pwcTokenname specified. Use token for SDR key. tokenname= "
- + mTokenName);
+ mTokenName = CMS.getConfigStore().getString(PROP_PWC_TOKEN_NAME);
+ log (ILogger.LL_DEBUG, "pwcTokenname specified. Use token for SDR key. tokenname= "+mTokenName);
mToken = cm.getTokenByName(mTokenName);
} catch (NotInitializedException e) {
- log(ILogger.LL_FAILURE, e.toString());
+ log (ILogger.LL_FAILURE, e.toString());
throw new EBaseException(e.toString());
} catch (Exception e) {
- log(ILogger.LL_DEBUG,
- "no pwcTokenname specified, use internal token for SDR key");
+ log (ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key");
mToken = cm.getInternalKeyStorageToken();
}
}
@@ -106,11 +103,11 @@ public class PWsdrCache {
if (mKeyID == null) {
try {
String keyID = CMS.getConfigStore().getString(PROP_PWC_KEY_ID);
- log(ILogger.LL_DEBUG, "retrieved PWC SDR key");
+ log (ILogger.LL_DEBUG, "retrieved PWC SDR key");
mKeyID = base64Decode(keyID);
-
+
} catch (Exception e) {
- log(ILogger.LL_DEBUG, "no pwcSDRKey specified");
+ log (ILogger.LL_DEBUG, "no pwcSDRKey specified");
throw new EBaseException(e.toString());
}
}
@@ -121,7 +118,7 @@ public class PWsdrCache {
// Do not use for PWCBsdr, since we don't want to mistakenly
// generate SDR keys in case of configuration errors
public PWsdrCache(String pwCache, String pwcTokenname, byte[] keyId,
- boolean isTool) throws Exception {
+ boolean isTool) throws Exception {
mPWcachedb = pwCache;
mIsTool = isTool;
mTokenName = pwcTokenname;
@@ -134,10 +131,10 @@ public class PWsdrCache {
cm = CryptoManager.getInstance();
if (mTokenName != null) {
mToken = cm.getTokenByName(mTokenName);
- mToken = cm.getInternalKeyStorageToken();
- debug("PWsdrCache: mToken = " + mTokenName);
+ mToken = cm.getInternalKeyStorageToken();
+ debug("PWsdrCache: mToken = "+mTokenName);
} else {
- mToken = cm.getInternalKeyStorageToken();
+ mToken = cm.getInternalKeyStorageToken();
debug("PWsdrCache: mToken = internal");
}
}
@@ -150,54 +147,61 @@ public class PWsdrCache {
return mTokenName;
}
- public void deleteUniqueNamedKey(String nickName) throws Exception {
- KeyManager km = new KeyManager(mToken);
- km.deleteUniqueNamedKey(nickName);
+ public void deleteUniqueNamedKey( String nickName )
+ throws Exception
+ {
+ KeyManager km = new KeyManager( mToken );
+ km.deleteUniqueNamedKey( nickName );
}
- public byte[] generateSDRKey() throws Exception {
- return generateSDRKeyWithNickName(PROP_PWC_NICKNAME);
+ public byte[] generateSDRKey () throws Exception {
+ return generateSDRKeyWithNickName(PROP_PWC_NICKNAME);
}
- public byte[] generateSDRKeyWithNickName(String nickName) throws Exception {
+ public byte[] generateSDRKeyWithNickName (String nickName)
+ throws Exception
+ {
try {
if (mIsTool != true) {
// generate SDR key
KeyManager km = new KeyManager(mToken);
try {
- // Bugscape Bug #54838: Due to the CMS cloning feature,
- // we must check for the presence of
- // a uniquely named symmetric key
- // prior to making an attempt to
- // generate it!
+ // Bugscape Bug #54838: Due to the CMS cloning feature,
+ // we must check for the presence of
+ // a uniquely named symmetric key
+ // prior to making an attempt to
+ // generate it!
//
- if (!(km.uniqueNamedKeyExists(nickName))) {
- mKeyID = km.generateUniqueNamedKey(nickName);
+ if( !( km.uniqueNamedKeyExists( nickName ) ) ) {
+ mKeyID = km.generateUniqueNamedKey( nickName );
}
} catch (TokenException e) {
- log(0, "generateSDRKey() failed on " + e.toString());
+ log (0, "generateSDRKey() failed on "+e.toString());
throw e;
}
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, e.toString());
+ log (ILogger.LL_FAILURE, e.toString());
throw e;
}
return mKeyID;
}
public byte[] base64Decode(String s) throws IOException {
- byte[] d = com.netscape.osutil.OSUtil.AtoB(s);
- return d;
+ byte[] d = com.netscape.osutil.OSUtil.AtoB(s);
+ return d;
}
public static String base64Encode(byte[] bytes) throws IOException {
// All this streaming is lame, but Base64OutputStream needs a
// PrintStream
ByteArrayOutputStream output = new ByteArrayOutputStream();
- Base64OutputStream b64 = new Base64OutputStream(new PrintStream(
- new FilterOutputStream(output)));
+ Base64OutputStream b64 = new Base64OutputStream(new
+ PrintStream(new
+ FilterOutputStream(output)
+ )
+ );
b64.write(bytes);
b64.flush();
@@ -207,8 +211,10 @@ public class PWsdrCache {
return output.toString("8859_1");
}
+
// for PWCBsdr
- public PWsdrCache(String pwCache, ILogger logger) throws EBaseException {
+ public PWsdrCache(String pwCache, ILogger logger) throws
+ EBaseException {
mLogger = logger;
mPWcachedb = pwCache;
initToken();
@@ -229,9 +235,8 @@ public class PWsdrCache {
/*
* add passwd in pwcache.
*/
- public void addEntry(String tag, String pwd, Hashtable tagPwds)
- throws EBaseException {
-
+ public void addEntry(String tag, String pwd, Hashtable tagPwds) throws EBaseException {
+
String stringToAdd = null;
String bufs = null;
@@ -244,7 +249,7 @@ public class PWsdrCache {
tag = (String) enum1.nextElement();
pwd = (String) tagPwds.get(tag);
debug("password tag: " + tag + " stored in " + mPWcachedb);
-
+
if (stringToAdd == null) {
stringToAdd = tag + ":" + pwd + "\n";
} else {
@@ -257,7 +262,7 @@ public class PWsdrCache {
if (dcrypts != null) {
// converts to Hashtable, replace if tag exists, add
- // if tag doesn't exist
+ // if tag doesn't exist
Hashtable ht = string2Hashtable(dcrypts);
if (ht.containsKey(tag) == false) {
@@ -272,7 +277,7 @@ public class PWsdrCache {
debug("adding new tag: " + tag);
bufs = stringToAdd;
}
-
+
// write update to cache
writePWcache(bufs);
}
@@ -287,7 +292,7 @@ public class PWsdrCache {
if (dcrypts != null) {
// converts to Hashtable, replace if tag exists, add
- // if tag doesn't exist
+ // if tag doesn't exist
Hashtable ht = string2Hashtable(dcrypts);
if (ht.containsKey(tag) == false) {
@@ -302,7 +307,7 @@ public class PWsdrCache {
debug("password cache contains no tags");
return;
}
-
+
// write update to cache
writePWcache(bufs);
}
@@ -332,14 +337,10 @@ public class PWsdrCache {
}
inputs.close();
} catch (FileNotFoundException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
}
@@ -350,9 +351,7 @@ public class PWsdrCache {
dcrypts = new String(dcryptb, "UTF-8");
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_DECRYPT",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_DECRYPT", e.toString()));
e.printStackTrace();
throw new EBaseException("password cache decrypt failed");
}
@@ -367,7 +366,7 @@ public class PWsdrCache {
public void writePWcache(String bufs) throws EBaseException {
try {
Encryptor sdr = new Encryptor(mToken, mKeyID,
- Encryptor.DEFAULT_ENCRYPTION_ALG);
+ Encryptor.DEFAULT_ENCRYPTION_ALG);
byte[] writebuf = null;
@@ -375,9 +374,7 @@ public class PWsdrCache {
// now encrypt it again
writebuf = sdr.encrypt(bufs.getBytes("UTF-8"));
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_ENCRYPT",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_ENCRYPT", e.toString()));
e.printStackTrace();
throw new EBaseException("password cache encrypt failed");
}
@@ -389,8 +386,7 @@ public class PWsdrCache {
tmpPWcache.delete();
tmpPWcache = new File(mPWcachedb + ".tmp");
}
- FileOutputStream outstream = new FileOutputStream(mPWcachedb
- + ".tmp");
+ FileOutputStream outstream = new FileOutputStream(mPWcachedb + ".tmp");
outstream.write(writebuf);
outstream.close();
@@ -398,54 +394,48 @@ public class PWsdrCache {
File origFile = new File(mPWcachedb);
try {
- if (Utils.isNT()) {
+ if( Utils.isNT() ) {
// NT is very picky on the path
- Utils.exec("copy "
- + tmpPWcache.getAbsolutePath().replace('/', '\\')
- + " "
- + origFile.getAbsolutePath().replace('/', '\\'));
+ Utils.exec( "copy " +
+ tmpPWcache.getAbsolutePath().replace( '/',
+ '\\' ) +
+ " " +
+ origFile.getAbsolutePath().replace( '/',
+ '\\' ) );
} else {
// Create a copy of the original file which
// preserves the original file permissions.
- Utils.exec("cp -p " + tmpPWcache.getAbsolutePath() + " "
- + origFile.getAbsolutePath());
+ Utils.exec( "cp -p " + tmpPWcache.getAbsolutePath() + " " +
+ origFile.getAbsolutePath() );
}
// Remove the original file if and only if
// the backup copy was successful.
- if (origFile.exists()) {
- if (!Utils.isNT()) {
+ if( origFile.exists() ) {
+ if( !Utils.isNT() ) {
try {
- Utils.exec("chmod 00660 "
- + origFile.getCanonicalPath());
- } catch (IOException e) {
- CMS.debug("Unable to change file permissions on "
- + origFile.toString());
+ Utils.exec( "chmod 00660 " +
+ origFile.getCanonicalPath() );
+ } catch( IOException e ) {
+ CMS.debug( "Unable to change file permissions on "
+ + origFile.toString() );
}
}
tmpPWcache.delete();
- debug("operation completed for " + mPWcachedb);
+ debug( "operation completed for " + mPWcachedb );
}
} catch (Exception exx) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE",
- exx.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", exx.toString()));
throw new EBaseException(exx.toString() + ": " + mPWcachedb);
}
} catch (FileNotFoundException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_FILE", mPWcachedb, e.toString()));
throw new EBaseException(e.toString() + ": " + mPWcachedb);
}
}
@@ -457,7 +447,7 @@ public class PWsdrCache {
while (enum1.hasMoreElements()) {
String tag = (String) enum1.nextElement();
String pwd = (String) ht.get(tag);
-
+
if (returnString == null) {
returnString = tag + ":" + pwd + "\n";
} else {
@@ -480,18 +470,19 @@ public class PWsdrCache {
if (colonIdx != -1) {
String tag = line.substring(0, colonIdx);
- String passwd = line.substring(colonIdx + 1, line.length());
+ String passwd = line.substring(colonIdx + 1,
+ line.length());
ht.put(tag.trim(), passwd.trim());
} else {
- // invalid format...log or throw...later
+ //invalid format...log or throw...later
}
}
return ht;
}
/*
- * get password from cache. This one supplies cache file name
+ * get password from cache. This one supplies cache file name
*/
public Password getEntry(String fileName, String tag) {
mPWcachedb = fileName;
@@ -499,8 +490,8 @@ public class PWsdrCache {
}
/*
- * if tag found with pwd, return it if tag not found, return null, which
- * will cause it to give up
+ * if tag found with pwd, return it
+ * if tag not found, return null, which will cause it to give up
*/
public Password getEntry(String tag) {
Hashtable pwTable = null;
@@ -518,8 +509,7 @@ public class PWsdrCache {
try {
dcrypts = readPWcache();
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString()));
return null;
}
@@ -537,13 +527,12 @@ public class PWsdrCache {
debug("getEntry gotten password for " + tag);
return new Password(pw.toCharArray());
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_TAG", tag));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_TAG", tag));
return null;
}
}
- // copied from IOUtil.java
+ //copied from IOUtil.java
/**
* Checks if this is NT.
*/
@@ -577,17 +566,22 @@ public class PWsdrCache {
if (process.exitValue() == 0) {
/**
- * pOut = new BufferedReader( new
- * InputStreamReader(process.getInputStream())); while ((l =
- * pOut.readLine()) != null) { System.out.println(l); }
+ pOut = new BufferedReader(
+ new InputStreamReader(process.getInputStream()));
+ while ((l = pOut.readLine()) != null) {
+ System.out.println(l);
+ }
**/
return true;
} else {
/**
- * pOut = new BufferedReader( new
- * InputStreamReader(process.getErrorStream())); l = null; while
- * ((l = pOut.readLine()) != null) { System.out.println(l); }
+ pOut = new BufferedReader(
+ new InputStreamReader(process.getErrorStream()));
+ l = null;
+ while ((l = pOut.readLine()) != null) {
+ System.out.println(l);
+ }
**/
return false;
}
@@ -605,7 +599,7 @@ public class PWsdrCache {
public void log(int level, String msg) {
if (mLogger != null) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
- "PWsdrCache " + msg);
+ "PWsdrCache " + msg);
} else if (mIsTool) {
System.out.println(msg);
} // else it's most likely the installation wizard...no logging
@@ -621,8 +615,7 @@ public class PWsdrCache {
try {
dcrypts = readPWcache();
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_READ", e.toString()));
return false;
}
@@ -639,11 +632,13 @@ public class PWsdrCache {
if (colonIdx != -1) {
String tag = line.substring(0, colonIdx);
- String passwd = line.substring(colonIdx + 1, line.length());
+ String passwd = line.substring(colonIdx + 1,
+ line.length());
- debug(tag.trim() + " : " + passwd.trim());
+ debug(tag.trim() +
+ " : " + passwd.trim());
} else {
- // invalid format...log or throw...later
+ //invalid format...log or throw...later
debug("invalid format");
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/security/Provider.java b/pki/base/common/src/com/netscape/cmscore/security/Provider.java
index f4d8c03c2..0e7f8e2e8 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/Provider.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/Provider.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
public class Provider extends java.security.Provider {
/**
@@ -25,11 +26,12 @@ public class Provider extends java.security.Provider {
private static final long serialVersionUID = -8050884788034389693L;
public Provider() {
- super("CMS", 1.4, "Provides Signature and Message Digesting");
+ super("CMS", 1.4,
+ "Provides Signature and Message Digesting");
- // ///////////////////////////////////////////////////////////
+ /////////////////////////////////////////////////////////////
// Signature
- // ///////////////////////////////////////////////////////////
+ /////////////////////////////////////////////////////////////
put("Signature.SHA1withDSA", "org.mozilla.jss.provider.DSASignature");
@@ -43,13 +45,14 @@ public class Provider extends java.security.Provider {
put("Signature.MD5/RSA", "org.mozilla.jss.provider.MD5RSASignature");
put("Signature.MD2/RSA", "org.mozilla.jss.provider.MD2RSASignature");
- put("Signature.SHA-1/RSA", "org.mozilla.jss.provider.SHA1RSASignature");
+ put("Signature.SHA-1/RSA",
+ "org.mozilla.jss.provider.SHA1RSASignature");
put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA");
- // ///////////////////////////////////////////////////////////
+ /////////////////////////////////////////////////////////////
// Message Digesting
- // ///////////////////////////////////////////////////////////
+ /////////////////////////////////////////////////////////////
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
index 5302c5e70..1ac8f0ea7 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.IOException;
import java.security.KeyPair;
@@ -28,14 +29,16 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
+
/**
- * RA signing certificate
+ * RA signing certificate
*
* @author Christine Ho
* @version $Revision$, $Date$
*/
public class RASigningCert extends CertificateInfo {
- public static final String SUBJECT_NAME = "CN=Registration Authority, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME =
+ "CN=Registration Authority, O=Netscape Communications, C=US";
private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
public RASigningCert(KeyCertData properties) {
@@ -46,7 +49,8 @@ public class RASigningCert extends CertificateInfo {
super(properties, pair);
String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) &&
+ (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
mTokenname = tmp;
try {
if (mProperties.get(Constants.PR_AKI) == null) {
@@ -74,8 +78,8 @@ public class RASigningCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties
- .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName =
+ (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -83,14 +87,19 @@ public class RASigningCert extends CertificateInfo {
}
/*
- * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
- * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
- * if (sAlg != null) { return sAlg; } String alg =
- * (String)mProperties.get(Constants.PR_KEY_TYPE);
- *
- * if (alg.equals("RSA")) return
- * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
- * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
+ public SignatureAlgorithm getSigningAlgorithm() {
+ SignatureAlgorithm sAlg =
+ (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+ if (sAlg != null) {
+ return sAlg;
+ }
+ String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
+
+ if (alg.equals("RSA"))
+ return SignatureAlgorithm.RSASignatureWithMD5Digest;
+ else
+ return SignatureAlgorithm.DSASignatureWithSHA1Digest;
+ }
*/
public String getKeyAlgorithm() {
@@ -104,3 +113,4 @@ public class RASigningCert extends CertificateInfo {
return extension;
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
index b886ec36a..eab48bdf5 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.IOException;
import java.security.KeyPair;
@@ -28,14 +29,16 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
+
/**
- * SSL server certificate
+ * SSL server certificate
*
* @author Christine Ho
* @version $Revision$, $Date$
*/
public class SSLCert extends CertificateInfo {
- public static final String SUBJECT_NAME = "CN=SSL, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME =
+ "CN=SSL, O=Netscape Communications, C=US";
private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
public SSLCert(KeyCertData properties) {
@@ -46,7 +49,8 @@ public class SSLCert extends CertificateInfo {
super(properties, pair);
String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) &&
+ (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
mTokenname = tmp;
try {
if (mProperties.get(Constants.PR_AKI) == null) {
@@ -58,7 +62,7 @@ public class SSLCert extends CertificateInfo {
// 020598: The server bit has to be turned on. Otherwise, it might
// crash jss.
- // mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE);
+ //mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE);
}
public void updateConfig(IConfigStore cmsFileTmp) throws EBaseException {
@@ -83,8 +87,8 @@ public class SSLCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties
- .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName =
+ (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -92,14 +96,19 @@ public class SSLCert extends CertificateInfo {
}
/*
- * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
- * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
- * if (sAlg != null) { return sAlg; } String alg =
- * (String)mProperties.get(Constants.PR_KEY_TYPE);
- *
- * if (alg.equals("RSA")) return
- * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
- * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
+ public SignatureAlgorithm getSigningAlgorithm() {
+ SignatureAlgorithm sAlg =
+ (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+ if (sAlg != null) {
+ return sAlg;
+ }
+ String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
+
+ if (alg.equals("RSA"))
+ return SignatureAlgorithm.RSASignatureWithMD5Digest;
+ else
+ return SignatureAlgorithm.DSASignatureWithSHA1Digest;
+ }
*/
public String getKeyAlgorithm() {
@@ -116,3 +125,4 @@ public class SSLCert extends CertificateInfo {
return extension;
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
index b210ce7a2..ac7eb2ad9 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.IOException;
import java.security.KeyPair;
@@ -28,14 +29,16 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
+
/**
- * SSL server certificate
+ * SSL server certificate
*
* @author Christine Ho
* @version $Revision$, $Date$
*/
public class SSLSelfSignedCert extends CertificateInfo {
- public static final String SUBJECT_NAME = "CN=SSL, O=Netscape Communications, C=US";
+ public static final String SUBJECT_NAME =
+ "CN=SSL, O=Netscape Communications, C=US";
private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
public SSLSelfSignedCert(KeyCertData properties) {
@@ -46,7 +49,8 @@ public class SSLSelfSignedCert extends CertificateInfo {
super(properties, pair);
String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
- if ((tmp != null) && (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+ if ((tmp != null) &&
+ (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
mTokenname = tmp;
mProperties.remove(Constants.PR_AKI);
@@ -75,8 +79,8 @@ public class SSLSelfSignedCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties
- .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName =
+ (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -84,14 +88,19 @@ public class SSLSelfSignedCert extends CertificateInfo {
}
/*
- * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
- * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
- * if (sAlg != null) { return sAlg; } String alg =
- * (String)mProperties.get(Constants.PR_KEY_TYPE);
- *
- * if (alg.equals("RSA")) return
- * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
- * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
+ public SignatureAlgorithm getSigningAlgorithm() {
+ SignatureAlgorithm sAlg =
+ (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+ if (sAlg != null) {
+ return sAlg;
+ }
+ String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
+
+ if (alg.equals("RSA"))
+ return SignatureAlgorithm.RSASignatureWithMD5Digest;
+ else
+ return SignatureAlgorithm.DSASignatureWithSHA1Digest;
+ }
*/
public String getKeyAlgorithm() {
@@ -105,8 +114,9 @@ public class SSLSelfSignedCert extends CertificateInfo {
KeyUsageExtension extension = new KeyUsageExtension();
extension.set(KeyUsageExtension.DIGITAL_SIGNATURE, new Boolean(true));
- // extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true));
+ //extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true));
extension.set(KeyUsageExtension.KEY_ENCIPHERMENT, new Boolean(true));
return extension;
}
}
+
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
index e5a036d1d..bd630de84 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cmscore.security;
+
import java.io.IOException;
import java.security.KeyPair;
@@ -28,6 +29,7 @@ import com.netscape.certsrv.common.ConfigConstants;
import com.netscape.certsrv.common.Constants;
import com.netscape.certsrv.security.KeyCertData;
+
/**
* Subsystem certificate.
*
@@ -59,8 +61,7 @@ public class SubsystemCert extends CertificateInfo {
public String getNickname() {
String name = (String) mProperties.get(Constants.PR_NICKNAME);
- String instanceName = (String) mProperties
- .get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+ String instanceName = (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
if (name != null)
return name;
@@ -80,3 +81,4 @@ public class SubsystemCert extends CertificateInfo {
return extension;
}
}
+
generated by cgit (git 2.34.1) at 2024-09-17 02:25:01 +0000