diff options
Diffstat (limited to 'pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java')
-rw-r--r-- | pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java | 500 |
1 files changed, 251 insertions, 249 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java b/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java index 2c3ba716a..f2539509c 100644 --- a/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java +++ b/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.kra; - import java.io.CharConversionException; import java.io.File; import java.io.FileInputStream; @@ -62,16 +61,15 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.security.Credential; import com.netscape.certsrv.security.IStorageKeyUnit; - /** * A class represents a storage key unit. Currently, this * is implemented with cryptix, the final implementation * should be built on JSS/HCL. - * + * * @author thomask * @version $Revision$, $Date$ */ -public class StorageKeyUnit extends EncryptionUnit implements +public class StorageKeyUnit extends EncryptionUnit implements ISubsystem, IStorageKeyUnit { private IConfigStore mConfig = null; @@ -89,7 +87,6 @@ public class StorageKeyUnit extends EncryptionUnit implements private byte mPrivateKeyData[] = null; private boolean mKeySplitting = false; - private static final String PROP_N = "n"; private static final String PROP_M = "m"; private static final String PROP_UID = "uid"; @@ -105,7 +102,7 @@ public class StorageKeyUnit extends EncryptionUnit implements * Constructs this token. */ public StorageKeyUnit() { - super(); + super(); } /** @@ -116,8 +113,8 @@ public class StorageKeyUnit extends EncryptionUnit implements } /** - * Sets subsystem identifier. Once the system is - * loaded, system identifier cannot be changed + * Sets subsystem identifier. Once the system is + * loaded, system identifier cannot be changed * dynamically. */ public void setId(String id) throws EBaseException { @@ -125,26 +122,31 @@ public class StorageKeyUnit extends EncryptionUnit implements } /** - * return true if byte arrays are equal, false otherwise + * return true if byte arrays are equal, false otherwise */ private boolean byteArraysMatch(byte a[], byte b[]) { - if (a==null || b==null) { return false; } - if (a.length != b.length) { return false; } - for (int i=0; i<a.length; i++) { - if (a[i] != b[i]) { return false; } - } - return true; + if (a == null || b == null) { + return false; + } + if (a.length != b.length) { + return false; + } + for (int i = 0; i < a.length; i++) { + if (a[i] != b[i]) { + return false; + } + } + return true; } - /** * Initializes this subsystem. */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { mKRA = (IKeyRecoveryAuthority) owner; mConfig = config; - + mKeySplitting = owner.getConfigStore().getBoolean("keySplitting", false); try { @@ -154,154 +156,154 @@ public class StorageKeyUnit extends EncryptionUnit implements mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_STORAGE_INIT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } - + if (mConfig.getString(PROP_HARDWARE, null) != null) { System.setProperty("cms.skip_token", mConfig.getString(PROP_HARDWARE)); -// The strategy here is to read all the certs in the token -// and cycle through them until we find one that matches the -// kra-cert.db file + // The strategy here is to read all the certs in the token + // and cycle through them until we find one that matches the + // kra-cert.db file - if (mKeySplitting) { + if (mKeySplitting) { - byte certFileData[] = null; - try { - File certFile = new File( - mConfig.getString(PROP_CERTDB)); + byte certFileData[] = null; + try { + File certFile = new File( + mConfig.getString(PROP_CERTDB)); - certFileData = new byte[ - (Long.valueOf(certFile.length())).intValue()]; - FileInputStream fi = new FileInputStream(certFile); + certFileData = new byte[ + (Long.valueOf(certFile.length())).intValue()]; + FileInputStream fi = new FileInputStream(certFile); - fi.read(certFileData); - fi.close(); + fi.read(certFileData); + fi.close(); - // pick up cert by nickName + // pick up cert by nickName - } catch (IOException e) { - mKRA.log(ILogger.LL_INFO, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); - } + } catch (IOException e) { + mKRA.log(ILogger.LL_INFO, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + } + + try { + X509Certificate certs[] = + getToken().getCryptoStore().getCertificates(); + for (int i = 0; i < certs.length; i++) { + if (byteArraysMatch(certs[i].getEncoded(), certFileData)) { + mCert = certs[i]; + } + } + if (mCert == null) { + mKRA.log(ILogger.LL_FAILURE, "Storage Cert could not be initialized. No cert in token matched kra-cert file"); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "mCert == null")); + } else { + mKRA.log(ILogger.LL_INFO, "Using Storage Cert " + mCert.getSubjectDN()); + } + } catch (CertificateEncodingException e) { + mKRA.log(ILogger.LL_FAILURE, "Error encoding cert "); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + } catch (TokenException e) { + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + } + } - try { - X509Certificate certs[] = - getToken().getCryptoStore().getCertificates(); - for (int i=0;i <certs.length;i++) { - if (byteArraysMatch(certs[i].getEncoded(),certFileData)) { - mCert = certs[i]; - } - } - if (mCert == null) { - mKRA.log(ILogger.LL_FAILURE, "Storage Cert could not be initialized. No cert in token matched kra-cert file"); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", "mCert == null")); - } else { - mKRA.log(ILogger.LL_INFO, "Using Storage Cert "+mCert.getSubjectDN()); - } - } catch (CertificateEncodingException e) { - mKRA.log(ILogger.LL_FAILURE, "Error encoding cert "); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); - } catch (TokenException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); - } - } - } else { // read certificate from file byte certData[] = null; try { - if (mKeySplitting) { - File certFile = new File( - mConfig.getString(PROP_CERTDB)); + if (mKeySplitting) { + File certFile = new File( + mConfig.getString(PROP_CERTDB)); - certData = new byte[ - (Long.valueOf(certFile.length())).intValue()]; - FileInputStream fi = new FileInputStream(certFile); + certData = new byte[ + (Long.valueOf(certFile.length())).intValue()]; + FileInputStream fi = new FileInputStream(certFile); - fi.read(certData); - fi.close(); + fi.read(certData); + fi.close(); - // pick up cert by nickName - mCert = mManager.findCertByNickname( + // pick up cert by nickName + mCert = mManager.findCertByNickname( config.getString(PROP_NICKNAME)); - } else { - mCert = mManager.findCertByNickname( + } else { + mCert = mManager.findCertByNickname( config.getString(PROP_NICKNAME)); - } + } } catch (IOException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (TokenException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); } catch (ObjectNotFoundException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); // XXX - this import wont work try { - mCert = mManager.importCertPackage(certData, + mCert = mManager.importCertPackage(certData, "kraStorageCert"); } catch (Exception ex) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_IMPORT_CERT", e.toString())); + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_IMPORT_CERT", e.toString())); throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ex.toString())); } } - - if (mKeySplitting) { - // read private key from the file - try { - File priFile = new File(mConfig.getString(PROP_KEYDB)); - - mPrivateKeyData = new byte[ - (Long.valueOf(priFile.length())).intValue()]; - FileInputStream fi = new FileInputStream(priFile); - fi.read(mPrivateKeyData); - fi.close(); - } catch (IOException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_PRIVATE", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); + if (mKeySplitting) { + // read private key from the file + try { + File priFile = new File(mConfig.getString(PROP_KEYDB)); + + mPrivateKeyData = new byte[ + (Long.valueOf(priFile.length())).intValue()]; + FileInputStream fi = new FileInputStream(priFile); + + fi.read(mPrivateKeyData); + fi.close(); + } catch (IOException e) { + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_PRIVATE", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); + } } - } - + } - if (mKeySplitting) { - // open internal data storage configuration - mTokenFile = mConfig.getString(PROP_MN); - try { - // read m, n and no of identifier - mStorageConfig = CMS.createFileConfigStore(mTokenFile); - } catch (EBaseException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_MN", - e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + if (mKeySplitting) { + // open internal data storage configuration + mTokenFile = mConfig.getString(PROP_MN); + try { + // read m, n and no of identifier + mStorageConfig = CMS.createFileConfigStore(mTokenFile); + } catch (EBaseException e) { + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_MN", + e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION")); + } } - } - try { - if (mCert == null) { - CMS.debug("mCert is null...retrieving "+ config.getString(PROP_NICKNAME)); - mCert = mManager.findCertByNickname( - config.getString(PROP_NICKNAME)); - CMS.debug("mCert = "+mCert); - } - } catch (Exception e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); - } + try { + if (mCert == null) { + CMS.debug("mCert is null...retrieving " + config.getString(PROP_NICKNAME)); + mCert = mManager.findCertByNickname( + config.getString(PROP_NICKNAME)); + CMS.debug("mCert = " + mCert); + } + } catch (Exception e) { + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_READ_CERT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + } } @@ -316,7 +318,7 @@ public class StorageKeyUnit extends EncryptionUnit implements */ public void shutdown() { } - + /** * Returns the configuration store of this token. */ @@ -325,7 +327,7 @@ public class StorageKeyUnit extends EncryptionUnit implements } public static SymmetricKey buildSymmetricKeyWithInternalStorage( - String pin) throws EBaseException { + String pin) throws EBaseException { try { return buildSymmetricKey(CryptoManager.getInstance().getInternalKeyStorageToken(), pin); } catch (Exception e) { @@ -336,8 +338,8 @@ public class StorageKeyUnit extends EncryptionUnit implements /** * Builds symmetric key from the given password. */ - public static SymmetricKey buildSymmetricKey(CryptoToken token, - String pin) throws EBaseException { + public static SymmetricKey buildSymmetricKey(CryptoToken token, + String pin) throws EBaseException { try { Password pass = new Password(pin.toCharArray()); @@ -345,8 +347,8 @@ public class StorageKeyUnit extends EncryptionUnit implements kg = token.getKeyGenerator( PBEAlgorithm.PBE_SHA1_DES3_CBC); - byte salt[] = {0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01}; + byte salt[] = { 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01 }; PBEKeyGenParams kgp = new PBEKeyGenParams(pass, salt, 5); @@ -354,21 +356,21 @@ public class StorageKeyUnit extends EncryptionUnit implements kg.initialize(kgp); return kg.generate(); } catch (TokenException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "buildSymmetricKey:" + - e.toString())); + e.toString())); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "buildSymmetricKey:" + - e.toString())); + e.toString())); } catch (InvalidAlgorithmParameterException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "buildSymmetricKey:" + - e.toString())); + e.toString())); } catch (CharConversionException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "buildSymmetricKey:" + - e.toString())); + e.toString())); } } @@ -376,49 +378,49 @@ public class StorageKeyUnit extends EncryptionUnit implements * Unwraps the storage key with the given symmetric key. */ public PrivateKey unwrapStorageKey(CryptoToken token, - SymmetricKey sk, byte wrapped[], - PublicKey pubKey) - throws EBaseException { + SymmetricKey sk, byte wrapped[], + PublicKey pubKey) + throws EBaseException { try { CMS.debug("StorageKeyUnit.unwrapStorageKey."); KeyWrapper wrapper = token.getKeyWrapper( KeyWrapAlgorithm.DES3_CBC_PAD); - - wrapper.initUnwrap(sk, IV); + + wrapper.initUnwrap(sk, IV); // XXX - it does not like the public key that is // not a crypto X509Certificate - PrivateKey pk = wrapper.unwrapTemporaryPrivate(wrapped, + PrivateKey pk = wrapper.unwrapTemporaryPrivate(wrapped, PrivateKey.RSA, pubKey); return pk; } catch (TokenException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "unwrapStorageKey:" + - e.toString())); + e.toString())); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "unwrapStorageKey:" + - e.toString())); + e.toString())); } catch (InvalidKeyException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "unwrapStorageKey:" + - e.toString())); + e.toString())); } catch (InvalidAlgorithmParameterException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "unwrapStorageKey:" + - e.toString())); + e.toString())); } } - + /** * Used by config-cert. */ public byte[] wrapStorageKey(CryptoToken token, - SymmetricKey sk, PrivateKey pri) - throws EBaseException { + SymmetricKey sk, PrivateKey pri) + throws EBaseException { CMS.debug("StorageKeyUnit.wrapStorageKey."); try { // move public & private to config/storage.dat @@ -432,21 +434,21 @@ public class StorageKeyUnit extends EncryptionUnit implements wrapper.initWrap(sk, IV); return wrapper.wrap(pri); } catch (TokenException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "wrapStorageKey:" + - e.toString())); + e.toString())); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "wrapStorageKey:" + - e.toString())); + e.toString())); } catch (InvalidKeyException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "wrapStorageKey:" + - e.toString())); + e.toString())); } catch (InvalidAlgorithmParameterException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", "wrapStorageKey:" + - e.toString())); + e.toString())); } } @@ -460,7 +462,7 @@ public class StorageKeyUnit extends EncryptionUnit implements PrivateKey pk[] = getToken().getCryptoStore().getPrivateKeys(); for (int i = 0; i < pk.length; i++) { - if (arraysEqual(pk[i].getUniqueID(), + if (arraysEqual(pk[i].getUniqueID(), ((TokenCertificate) mCert).getUniqueID())) { mPrivateKey = pk[i]; } @@ -473,7 +475,7 @@ public class StorageKeyUnit extends EncryptionUnit implements try { SymmetricKey sk = buildSymmetricKey(mToken, pin); - mPrivateKey = unwrapStorageKey(mToken, sk, + mPrivateKey = unwrapStorageKey(mToken, sk, mPrivateKeyData, getPublicKey()); } catch (Exception e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_STORAGE_LOGIN", e.toString())); @@ -487,8 +489,8 @@ public class StorageKeyUnit extends EncryptionUnit implements /** * Logins to this token. */ - public void login(Credential creds[]) - throws EBaseException { + public void login(Credential creds[]) + throws EBaseException { String pwd = constructPassword(creds); login(pwd); @@ -500,9 +502,9 @@ public class StorageKeyUnit extends EncryptionUnit implements public void logout() { try { if (mConfig.getString(PROP_HARDWARE, null) != null) { - if (mConfig.getBoolean(PROP_LOGOUT, false)) { - getToken().logout(); - } + if (mConfig.getBoolean(PROP_LOGOUT, false)) { + getToken().logout(); + } } } catch (Exception e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_STORAGE_LOGOUT", e.toString())); @@ -519,8 +521,8 @@ public class StorageKeyUnit extends EncryptionUnit implements for (int i = 0;; i++) { try { - String uid = - mStorageConfig.getString(PROP_UID + i); + String uid = + mStorageConfig.getString(PROP_UID + i); if (uid == null) break; @@ -535,13 +537,13 @@ public class StorageKeyUnit extends EncryptionUnit implements /** * Changes agent password. */ - public boolean changeAgentPassword(String id, String oldpwd, - String newpwd) throws EBaseException { + public boolean changeAgentPassword(String id, String oldpwd, + String newpwd) throws EBaseException { // locate the id(s) for (int i = 0;; i++) { try { - String uid = - mStorageConfig.getString(PROP_UID + i); + String uid = + mStorageConfig.getString(PROP_UID + i); if (uid == null) break; @@ -549,8 +551,8 @@ public class StorageKeyUnit extends EncryptionUnit implements byte share[] = decryptShareWithInternalStorage(mStorageConfig.getString(PROP_SHARE + i), oldpwd); mStorageConfig.putString(PROP_SHARE + i, - encryptShareWithInternalStorage( - share, newpwd)); + encryptShareWithInternalStorage( + share, newpwd)); mStorageConfig.commit(false); return true; } @@ -564,10 +566,10 @@ public class StorageKeyUnit extends EncryptionUnit implements /** * Changes the m out of n recovery schema. */ - public boolean changeAgentMN(int new_n, int new_m, - Credential oldcreds[], - Credential newcreds[]) - throws EBaseException { + public boolean changeAgentMN(int new_n, int new_m, + Credential oldcreds[], + Credential newcreds[]) + throws EBaseException { if (new_n != newcreds.length) { throw new EKRAException(CMS.getUserMessage("CMS_KRA_INVALID_N")); @@ -587,22 +589,22 @@ public class StorageKeyUnit extends EncryptionUnit implements IShare s = null; try { - String className = mConfig.getString("share_class", + String className = mConfig.getString("share_class", "com.netscape.cms.shares.OldShare"); - s = (IShare)Class.forName(className).newInstance(); + s = (IShare) Class.forName(className).newInstance(); } catch (Exception e) { - CMS.debug("Loading Shares error " + e); + CMS.debug("Loading Shares error " + e); } if (s == null) { - CMS.debug("Share plugin is not found"); - return false; + CMS.debug("Share plugin is not found"); + return false; } try { - s.initialize(secret.getBytes(), new_m); + s.initialize(secret.getBytes(), new_m); } catch (Exception e) { - CMS.debug("Failed to initialize Share plugin"); - return false; + CMS.debug("Failed to initialize Share plugin"); + return false; } for (int i = 0; i < newcreds.length; i++) { @@ -615,20 +617,20 @@ public class StorageKeyUnit extends EncryptionUnit implements mStorageConfig.putInteger(PROP_N, new_n); mStorageConfig.putInteger(PROP_M, new_m); for (int i = 0; i < newcreds.length; i++) { - mStorageConfig.putString(PROP_UID + i, - newcreds[i].getIdentifier()); + mStorageConfig.putString(PROP_UID + i, + newcreds[i].getIdentifier()); // use password to encrypt shares... - mStorageConfig.putString(PROP_SHARE + i, - encryptShareWithInternalStorage(shares[i], - newcreds[i].getPassword())); + mStorageConfig.putString(PROP_SHARE + i, + encryptShareWithInternalStorage(shares[i], + newcreds[i].getPassword())); } try { mStorageConfig.commit(false); return true; } catch (EBaseException e) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_CHANGE_MN", e.toString())); + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_CHANGE_MN", e.toString())); } return false; } @@ -683,33 +685,33 @@ public class StorageKeyUnit extends EncryptionUnit implements public PrivateKey getPrivateKey() { if (!mKeySplitting) { - try { - PrivateKey pk[] = getToken().getCryptoStore().getPrivateKeys(); - for (int i = 0; i < pk.length; i++) { - if (arraysEqual(pk[i].getUniqueID(), + try { + PrivateKey pk[] = getToken().getCryptoStore().getPrivateKeys(); + for (int i = 0; i < pk.length; i++) { + if (arraysEqual(pk[i].getUniqueID(), ((TokenCertificate) mCert).getUniqueID())) { return pk[i]; } - } - } catch (TokenException e) { - } - return null; - } else { - return mPrivateKey; - } + } + } catch (TokenException e) { + } + return null; + } else { + return mPrivateKey; + } } /** * Verifies the integrity of the given key pairs. */ public void verify(byte publicKey[], PrivateKey privateKey) - throws EBaseException { + throws EBaseException { // XXX } public String encryptShareWithInternalStorage( - byte share[], String pwd) - throws EBaseException { + byte share[], String pwd) + throws EBaseException { try { return encryptShare(CryptoManager.getInstance().getInternalKeyStorageToken(), share, pwd); } catch (Exception e) { @@ -721,8 +723,8 @@ public class StorageKeyUnit extends EncryptionUnit implements * Protectes the share with the given password. */ public String encryptShare(CryptoToken token, - byte share[], String pwd) - throws EBaseException { + byte share[], String pwd) + throws EBaseException { try { CMS.debug("StorageKeyUnit.encryptShare"); Cipher cipher = token.getCipherContext( @@ -737,22 +739,22 @@ public class StorageKeyUnit extends EncryptionUnit implements // configuration return com.netscape.osutil.OSUtil.BtoA(enc).trim(); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); } catch (TokenException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); } catch (InvalidKeyException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); } catch (InvalidAlgorithmParameterException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); } catch (BadPaddingException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); } catch (IllegalBlockSizeException e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", e.toString())); } } @@ -798,21 +800,21 @@ public class StorageKeyUnit extends EncryptionUnit implements } if (uid.equals(userid)) { byte data[] = decryptShareWithInternalStorage( - mStorageConfig.getString(PROP_SHARE + i), - pwd); - if (data == null) { - throw new EBaseException(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + mStorageConfig.getString(PROP_SHARE + i), + pwd); + if (data == null) { + throw new EBaseException(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } return; } } throw new EBaseException(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - + } public byte[] decryptShareWithInternalStorage( - String encoding, String pwd) - throws EBaseException { + String encoding, String pwd) + throws EBaseException { try { return decryptShare(CryptoManager.getInstance().getInternalKeyStorageToken(), encoding, pwd); } catch (Exception e) { @@ -824,8 +826,8 @@ public class StorageKeyUnit extends EncryptionUnit implements * Decrypts shares with the given password. */ public byte[] decryptShare(CryptoToken token, - String encoding, String pwd) - throws EBaseException { + String encoding, String pwd) + throws EBaseException { try { CMS.debug("StorageKeyUnit.decryptShare"); byte share[] = CMS.AtoB(encoding); @@ -851,25 +853,25 @@ public class StorageKeyUnit extends EncryptionUnit implements // // e.printStackTrace(); // - throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", e.toString())); } catch (TokenException e) { - throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", e.toString())); } catch (NoSuchAlgorithmException e) { - throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", e.toString())); } catch (InvalidKeyException e) { - throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", e.toString())); } catch (InvalidAlgorithmParameterException e) { - throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", e.toString())); } catch (IllegalBlockSizeException e) { - throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", e.toString())); } catch (BadPaddingException e) { - throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", e.toString())); } } @@ -877,8 +879,8 @@ public class StorageKeyUnit extends EncryptionUnit implements /** * Reconstructs password from recovery agents. */ - private String constructPassword(Credential creds[]) - throws EBaseException { + private String constructPassword(Credential creds[]) + throws EBaseException { // sort the credential according to the order in // configuration file Hashtable v = new Hashtable(); @@ -897,7 +899,7 @@ public class StorageKeyUnit extends EncryptionUnit implements if (uid.equals(creds[j].getIdentifier())) { byte pwd[] = decryptShareWithInternalStorage( mStorageConfig.getString( - PROP_SHARE + i), + PROP_SHARE + i), creds[j].getPassword()); if (pwd == null) { throw new EBaseException(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); @@ -918,11 +920,11 @@ public class StorageKeyUnit extends EncryptionUnit implements IJoinShares j = null; try { - String className = mConfig.getString("joinshares_class", + String className = mConfig.getString("joinshares_class", "com.netscape.cms.shares.OldJoinShares"); - j = (IJoinShares)Class.forName(className).newInstance(); + j = (IJoinShares) Class.forName(className).newInstance(); } catch (Exception e) { - CMS.debug("JoinShares error " + e); + CMS.debug("JoinShares error " + e); } if (j == null) { CMS.debug("JoinShares plugin is not found"); @@ -930,7 +932,7 @@ public class StorageKeyUnit extends EncryptionUnit implements } try { - j.initialize(v.size()); + j.initialize(v.size()); } catch (Exception e) { CMS.debug("Failed to initialize JoinShares"); throw new EBaseException(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); @@ -940,8 +942,8 @@ public class StorageKeyUnit extends EncryptionUnit implements while (e.hasMoreElements()) { String next = (String) e.nextElement(); - j.addShare(Integer.parseInt(next) + 1, - (byte[]) v.get(next)); + j.addShare(Integer.parseInt(next) + 1, + (byte[]) v.get(next)); } try { byte secret[] = j.recoverSecret(); @@ -949,9 +951,9 @@ public class StorageKeyUnit extends EncryptionUnit implements return pwd; } catch (Exception ee) { - mKRA.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_KRA_STORAGE_RECONSTRUCT", e.toString())); - throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", + mKRA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_KRA_STORAGE_RECONSTRUCT", e.toString())); + throw new EBaseException(CMS.getUserMessage("CMS_KRA_INVALID_PASSWORD", ee.toString())); } } |