diff options
Diffstat (limited to 'pki/base/common/src')
8 files changed, 77 insertions, 53 deletions
diff --git a/pki/base/common/src/LogMessages.properties b/pki/base/common/src/LogMessages.properties index 28616d370..9866175b8 100644 --- a/pki/base/common/src/LogMessages.properties +++ b/pki/base/common/src/LogMessages.properties @@ -1941,29 +1941,59 @@ LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4=<type=LOG_EXPIRATION_CHANGE>:[Audit # so should be seen logged right following the certificate request, if selected # ReqID must be the certificate enrollment request ID associated with the # CA archive option (even if the request was originally submitted via -# an RA) +# an RA) (this field is set to the "EntityID" in caase of server-side key gen) # ArchiveID must be the DRM request ID associated with the enrollment ID, # ReqID (this field will be "N/A" when logged by the CA) # -LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4=<type=PRIVATE_KEY_ARCHIVE>:[AuditEvent=PRIVATE_KEY_ARCHIVE][SubjectID={0}][Outcome={1}][ReqID={2}][ArchiveID={3}] private key archive request +LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4=<type=PRIVATE_KEY_ARCHIVE_REQUEST>:[AuditEvent=PRIVATE_KEY_ARCHIVE_REQUEST][SubjectID={0}][Outcome={1}][ReqID={2}][ArchiveID={3}] private key archive request # -# LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED +# LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED # - used when user private key archive request is processed # this is when DRM receives and processed the request # PubKey must be the base-64 encoded public key associated with # the private key to be archived # -LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_PROCESSED_3=<type=PRIVATE_KEY_ARCHIVE_PROCESSED>:[AuditEvent=PRIVATE_KEY_ARCHIVE_PROCESSED][SubjectID={0}][Outcome={1}][PubKey={2}] private key archive request processed +LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED_3=<type=PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED>:[AuditEvent=PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED][SubjectID={0}][Outcome={1}][PubKey={2}] private key archive request processed +# +# LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS +# - used when user private key export request is made and processed with success +# - this is used in case of server-side keygen when keys generated on the server +# need to be transported back to the client +# EntityID must be the id that represents the client +# PubKey must be the base-64 encoded public key associated with +# the private key to be archived +# +LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4=<type=PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS>:[AuditEvent=PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS][SubjectID={0}][Outcome={1}][EntityID={2}][PubKey={3}] private key export request processed with success +# +# LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE +# - used when user private key export request is made and processed with failure +# - this is used in case of server-side keygen when keys generated on the server +# need to be transported back to the client +# EntityID must be the id that represents the client +# PubKey must be the base-64 encoded public key associated with +# the private key to be archived +# +LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4=<type=PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE>:[AuditEvent=PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE][SubjectID={0}][Outcome={1}][EntityID={2}][PubKey={3}] private key export request processed with failure # # LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST # - used when server-side key generation request is made # This is for tokenkeys -LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_3=<type=SERVER_SIDE_KEYGEN_REQUEST>:[AuditEvent=SERVER_SIDE_KEYGEN_REQUEST][SubjectID={0}][Outcome={1}][AgentID={2}] server-side key generation request processed +# EntityID must be the representation of the subject that will be on the certificate when issued +LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_3=<type=SERVER_SIDE_KEYGEN_REQUEST>:[AuditEvent=SERVER_SIDE_KEYGEN_REQUEST][SubjectID={0}][Outcome={1}][EntityID={2}] server-side key generation request processed +# +# LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS +# - used when server-side key generation request has been processed with success +# This is for tokenkeys +# EntityID must be the representation of the subject that will be on the certificate when issued +# PubKey must be the base-64 encoded public key associated with +# the private key to be archived +LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS_4=<type=SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS>:[AuditEvent=SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS][SubjectID={0}][Outcome={1}][EntityID={2}][PubKey={3}] server-side key generation request processed with success # -# LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED -# - used when server-side key generation request has been processed +# LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE +# - used when server-side key generation request has been processed with failure # This is for tokenkeys -LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_PROCESSED_3=<type=SERVER_SIDE_KEYGEN_PROCESSED>:[AuditEvent=SERVER_SIDE_KEYGEN_PROCESSED][SubjectID={0}][Outcome={1}][AgentID={2}] server-side key generation request processed +# EntityID must be the representation of the subject that will be on the certificate when issued +LOGGING_SIGNED_AUDIT_SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE_3=<type=SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE>:[AuditEvent=SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE][SubjectID={0}][Outcome={1}][EntityID={2}] server-side key generation request processed with failure # # LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST # - used when key recovery request is made @@ -1979,7 +2009,7 @@ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_4=<type=KEY_RECOVERY_REQUEST>:[AuditEv # PubKey must be the base-64 encoded public key associated with # the private key to be recovered # -LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_ASYNC_4=<type=KEY_RECOVERY_REQUEST>:[AuditEvent=KEY_RECOVERY_REQUEST][SubjectID={0}][Outcome={1}][RequestID={2}][PubKey={3}] asynchronous key recovery request made +LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_ASYNC_4=<type=KEY_RECOVERY_REQUEST_ASYNC>:[AuditEvent=KEY_RECOVERY_REQUEST_ASYNC][SubjectID={0}][Outcome={1}][RequestID={2}][PubKey={3}] asynchronous key recovery request made # # LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN # - used when DRM agents login as recovery agents to approve @@ -1990,21 +2020,21 @@ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_ASYNC_4=<type=KEY_RECOVERY_REQUEST>:[A # LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4=<type=KEY_RECOVERY_AGENT_LOGIN>:[AuditEvent=KEY_RECOVERY_AGENT_LOGIN][SubjectID={0}][Outcome={1}][RecoveryID={2}][RecoveryAgent={3}] key recovery agent login # -# LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED +# LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED # - used when key recovery request is processed # RecoveryID must be the recovery request ID # RecoveryAgents must be a comma-separated list of # UIDs of the recovery agents approving this request # -LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_4=<type=KEY_RECOVERY_PROCESSED>:[AuditEvent=KEY_RECOVERY_PROCESSED][SubjectID={0}][Outcome={1}][RecoveryID={2}][RecoveryAgents={3}] key recovery request processed +LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_4=<type=KEY_RECOVERY_REQUEST_PROCESSED>:[AuditEvent=KEY_RECOVERY_REQUEST_PROCESSED][SubjectID={0}][Outcome={1}][RecoveryID={2}][RecoveryAgents={3}] key recovery request processed # -# LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC +# LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC # - used when key recovery request is processed # RequestID must be the recovery request ID # RecoveryAgents must be a comma-separated list of # UIDs of the recovery agents approving this request # -LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED_ASYNC_4=<type=KEY_RECOVERY_PROCESSED>:[AuditEvent=KEY_RECOVERY_PROCESSED][SubjectID={0}][Outcome={1}][ReQUESTID={2}][RecoveryAgents={3}] asynchronous key recovery request processed +LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED_ASYNC_4=<type=KEY_RECOVERY_REQUEST_PROCESSED_ASYNC>:[AuditEvent=KEY_RECOVERY_REQUEST_PROCESSED_ASYNC][SubjectID={0}][Outcome={1}][RequestID={2}][RecoveryAgents={3}] asynchronous key recovery request processed # # LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC # - used when asymmetric keys are generated diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java index 5c2da2d08..75dd7594a 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java @@ -104,7 +104,7 @@ public interface IKeyService { * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever * a user private key recovery request is made (this is when the DRM * receives the request) - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_PROCESSED used whenever + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever * a user private key recovery request is processed (this is when the DRM * processes the request) * </ul> diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index d5e6d1299..e36f5b385 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -1167,7 +1167,20 @@ public abstract class EnrollProfile extends BasicProfile public void populateInput(IProfileContext ctx, IRequest request) throws EProfileException { super.populateInput(ctx, request); + } + + public void populate(IRequest request) + throws EProfileException { + super.populate(request); + + } + /** + * Passes the request to the set of constraint policies + * that validate the request against the profile. + */ + public void validate(IRequest request) + throws ERejectException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); @@ -1230,34 +1243,8 @@ public abstract class EnrollProfile extends BasicProfile audit(auditMessage); } - // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // auditProfileID, - // auditCertificateSubjectName ); - // - // audit( auditMessage ); - // } - } - - public void populate(IRequest request) - throws EProfileException { - super.populate(request); - - } - /** - * Passes the request to the set of constraint policies - * that validate the request against the profile. - */ - public void validate(IRequest request) - throws ERejectException { super.validate(request); - X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); Object key = null; try { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index 63b0d6595..78c9837c2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -252,14 +252,19 @@ public class NamePanel extends WizardPanelBase { boolean done = config.getBoolean("preop.NamePanel.done"); c.setDN(dn); } catch (Exception e) { + String instanceId = config.getString("service.instanceID", ""); if (select.equals("clone") || dnUpdated) { c.setDN(dn); } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) { CMS.debug("NamePanel subsystemCount = "+count); - c.setDN(dn + " "+count+ ((o_sd)? (",O=" + domainname):"")); + c.setDN(dn + " "+count+ + ((!instanceId.equals(""))? (",OU=" + instanceId):"") + + ((o_sd)? (",O=" + domainname):"")); config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); } else { - c.setDN(dn + ((o_sd)? (",O=" + domainname):"")); + c.setDN(dn + + ((!instanceId.equals(""))? (",OU=" + instanceId):"") + + ((o_sd)? (",O=" + domainname):"")); config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java index 7882b815f..499c1a80c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java @@ -200,8 +200,12 @@ public class RecoverBySerial extends CMSServlet { int requiredNumber = mService.getNoOfRequiredAgents(); header.addIntegerValue("noOfRequiredAgents", requiredNumber); } else { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); + String recoveryID = req.getParameter("recoveryID"); + + if (recoveryID != null && !recoveryID.equals("")) { + ctx.put(SessionContext.RECOVERY_ID, + req.getParameter("recoveryID")); + } byte pkcs12[] = process(form, argSet, header, req.getParameter(IN_SERIALNO), req.getParameter("localAgents"), diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java index 0bce4b248..535adee2b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java @@ -50,7 +50,6 @@ public class ProfileProcessServlet extends ProfileServlet { private String mAuthorityId = null; private Nonces mNonces = null; - private final static byte EOL[] = { Character.LINE_SEPARATOR }; private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = "requestNotes"; private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = @@ -910,8 +909,8 @@ public class ProfileProcessServlet extends ProfileServlet { // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { - if (base64Data.substring(i, i).getBytes() != EOL) { - sb.append(base64Data.substring(i, i)); + if (!Character.isWhitespace(base64Data.charAt(i))) { + sb.append(base64Data.charAt(i)); } } cert = sb.toString(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index 841bd84ce..6e99f0baa 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -58,7 +58,6 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { private String requestBinary = null; private String requestB64 = null; - private final static byte EOL[] = { Character.LINE_SEPARATOR }; private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { @@ -824,8 +823,8 @@ profile, IRequest req) { // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { - if (base64Data.substring(i, i).getBytes() != EOL) { - sb.append(base64Data.substring(i, i)); + if (!Character.isWhitespace(base64Data.charAt(i))) { + sb.append(base64Data.charAt(i)); } } cert = sb.toString(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index c7a99de5e..1c6097f48 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -65,7 +65,6 @@ public class ProfileSubmitServlet extends ProfileServlet { private String mReqType = null; private String mAuthorityId = null; - private final static byte EOL[] = { Character.LINE_SEPARATOR }; private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { @@ -1504,8 +1503,9 @@ public class ProfileSubmitServlet extends ProfileServlet { // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { - if (base64Data.substring(i, i).getBytes() != EOL) { - sb.append(base64Data.substring(i, i)); + if (!Character.isWhitespace(base64Data.charAt(i))) { + sb.append(base64Data.charAt(i)); + } } cert = sb.toString(); |