diff options
Diffstat (limited to 'pki/base/ocsp')
4 files changed, 248 insertions, 241 deletions
diff --git a/pki/base/ocsp/src/com/netscape/ocsp/EOCSPException.java b/pki/base/ocsp/src/com/netscape/ocsp/EOCSPException.java index 4b06a1aa8..231ab2867 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/EOCSPException.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/EOCSPException.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ocsp; - import com.netscape.certsrv.base.EBaseException; - /** * A class represents a OCSP exception. * <P> - * + * * @version $Revision$, $Date$ */ public class EOCSPException extends EBaseException { diff --git a/pki/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java b/pki/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java index c8b531429..f6dbc4853 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/OCSPAuthority.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ocsp; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.MessageDigest; @@ -67,21 +66,22 @@ import com.netscape.cmsutil.ocsp.OCSPResponse; import com.netscape.cmsutil.ocsp.ResponderID; import com.netscape.cmsutil.ocsp.ResponseData; - /** - * A class represents a Certificate Authority that is - * responsible for certificate specific operations. + * A class represents a Certificate Authority that is responsible for + * certificate specific operations. * <P> - * + * * @author lhsiao * @version $Revision$, $Date$ */ -public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, IAuthority { +public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, + IAuthority { private long mServedRequests = 0; private long mServedTime = 0; - public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2"); + public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER( + "1.3.6.1.5.5.7.48.1.2"); private Hashtable mStores = new Hashtable(); private String mId = "ocsp"; @@ -91,7 +91,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, private X509CertImpl mCert = null; private String[] mSigningAlgorithms = null; private X500Name mName = null; - private String mNickname = null; + private String mNickname = null; private String[] mOCSPSigningAlgorithms = null; private IOCSPStore mDefStore = null; @@ -106,7 +106,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Retrieves the name of this subsystem. */ - public String getId() { + public String getId() { return mId; } @@ -118,16 +118,15 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, } /** - * Initializes this subsystem with the given configuration - * store. + * Initializes this subsystem with the given configuration store. * <P> - * + * * @param owner owner of this subsystem * @param config configuration store * @exception EBaseException failed to initialize */ - public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + public void init(ISubsystem owner, IConfigStore config) + throws EBaseException { try { mConfig = config; @@ -146,8 +145,10 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, while (ids.hasMoreElements()) { String id = (String) ids.nextElement(); - String className = mConfig.getString(PROP_STORE + "." + id + ".class", null); - IOCSPStore store = (IOCSPStore) Class.forName(className).newInstance(); + String className = mConfig.getString(PROP_STORE + "." + id + + ".class", null); + IOCSPStore store = (IOCSPStore) Class.forName(className) + .newInstance(); store.init(this, mConfig.getSubStore(PROP_STORE + "." + id)); mStores.put(id, store); @@ -156,11 +157,17 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, } } } catch (ClassNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", + e.toString())); } catch (InstantiationException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", + e.toString())); } catch (IllegalAccessException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGNING_UNIT", + e.toString())); } } catch (EBaseException ee) { if (CMS.isPreOpMode()) @@ -185,7 +192,9 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, try { return mConfig.getString(PROP_STORE + "." + id + ".class", null); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_CLASSPATH", id, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_CLASSPATH", id, + e.toString())); return null; } } @@ -195,8 +204,9 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, X500Name name = getName(); Name.Template nameTemplate = new Name.Template(); - return new NameID((Name) nameTemplate.decode( - new ByteArrayInputStream(name.getEncoded()))); + return new NameID( + (Name) nameTemplate.decode(new ByteArrayInputStream(name + .getEncoded()))); } catch (IOException e) { return null; } catch (InvalidBERException e) { @@ -207,18 +217,18 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, public ResponderID getResponderIDByHash() { /* - KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - --(excluding the tag and length fields) + * KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + * --(excluding the tag and length fields) */ - PublicKey publicKey = getSigningUnit().getPublicKey(); + PublicKey publicKey = getSigningUnit().getPublicKey(); MessageDigest md = null; try { - md = MessageDigest.getInstance("SHA1"); + md = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { return null; } - md.update(publicKey.getEncoded()); + md.update(publicKey.getEncoded()); byte digested[] = md.digest(); return new KeyHashID(new OCTET_STRING(digested)); @@ -239,47 +249,47 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, X509Key caPubKey = null; try { - caPubKey = (X509Key) mCert.get(X509CertImpl.PUBLIC_KEY); + caPubKey = (X509Key) mCert.get(X509CertImpl.PUBLIC_KEY); } catch (CertificateParsingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_RETRIEVE_KEY", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_OCSP_RETRIEVE_KEY", e.toString())); } if (caPubKey == null) { - return null; // something seriously wrong. + return null; // something seriously wrong. } AlgorithmId alg = caPubKey.getAlgorithmId(); if (alg == null) { - return null; // something seriously wrong. + return null; // something seriously wrong. } mOCSPSigningAlgorithms = AlgorithmId.getSigningAlgorithms(alg); if (mOCSPSigningAlgorithms == null) { - CMS.debug( - "OCSP - no signing algorithms for " + alg.getName()); + CMS.debug("OCSP - no signing algorithms for " + alg.getName()); } else { CMS.debug("OCSP First signing algorithm "); } return mOCSPSigningAlgorithms; } - public static final OBJECT_IDENTIFIER MD2 = - new OBJECT_IDENTIFIER("1.2.840.113549.2.2"); - public static final OBJECT_IDENTIFIER MD5 = - new OBJECT_IDENTIFIER("1.2.840.113549.2.5"); - public static final OBJECT_IDENTIFIER SHA1 = - new OBJECT_IDENTIFIER("1.3.14.3.2.26"); + public static final OBJECT_IDENTIFIER MD2 = new OBJECT_IDENTIFIER( + "1.2.840.113549.2.2"); + public static final OBJECT_IDENTIFIER MD5 = new OBJECT_IDENTIFIER( + "1.2.840.113549.2.5"); + public static final OBJECT_IDENTIFIER SHA1 = new OBJECT_IDENTIFIER( + "1.3.14.3.2.26"); - public String getDigestName(AlgorithmIdentifier alg) { - if (alg == null) { - return null; - } else if (alg.getOID().equals(MD2)) { - return "MD2"; - } else if (alg.getOID().equals(MD5)) { - return "MD5"; - } else if (alg.getOID().equals(SHA1)) { - return "SHA1"; // 1.3.14.3.2.26 - } else { - return null; - } + public String getDigestName(AlgorithmIdentifier alg) { + if (alg == null) { + return null; + } else if (alg.getOID().equals(MD2)) { + return "MD2"; + } else if (alg.getOID().equals(MD5)) { + return "MD5"; + } else if (alg.getOID().equals(SHA1)) { + return "SHA1"; // 1.3.14.3.2.26 + } else { + return null; + } } /** @@ -302,12 +312,11 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, // init cert chain CryptoManager manager = CryptoManager.getInstance(); - org.mozilla.jss.crypto.X509Certificate[] chain = - manager.buildCertificateChain(mSigningUnit.getCert()); + org.mozilla.jss.crypto.X509Certificate[] chain = manager + .buildCertificateChain(mSigningUnit.getCert()); // XXX do this in case other subsyss expect a X509CertImpl // until JSS implements all methods of X509Certificate - java.security.cert.X509Certificate[] implchain = - new java.security.cert.X509Certificate[chain.length]; + java.security.cert.X509Certificate[] implchain = new java.security.cert.X509Certificate[chain.length]; for (int i = 0; i < chain.length; i++) { implchain[i] = new X509CertImpl(chain[i].getEncoded()); @@ -325,17 +334,17 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, } catch (CryptoManager.NotInitializedException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); + CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); } catch (CertificateException e) { if (Debug.ON) e.printStackTrace(); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_CHAIN", e.toString())); + CMS.getLogMessage("CMSCORE_OCSP_CHAIN", e.toString())); } catch (TokenException e) { if (Debug.ON) e.printStackTrace(); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_CHAIN", e.toString())); + CMS.getLogMessage("CMSCORE_OCSP_CHAIN", e.toString())); } } @@ -358,8 +367,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Process OCSPRequest. */ - public OCSPResponse validate(OCSPRequest request) - throws EBaseException { + public OCSPResponse validate(OCSPRequest request) throws EBaseException { long startTime = (CMS.getCurrentDate()).getTime(); OCSPResponse response = mDefStore.validate(request); long endTime = (CMS.getCurrentDate()).getTime(); @@ -387,8 +395,8 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, } /** - * Stops this system. The owner may call shutdown - * anytime after initialization. + * Stops this system. The owner may call shutdown anytime after + * initialization. * <P> */ public void shutdown() { @@ -397,7 +405,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Returns the root configuration storage of this system. * <P> - * + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { @@ -410,38 +418,35 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * logs a message in the CA area. + * * @param level the debug level. * @param msg the message to debug. */ public void log(int event, int level, String msg) { - mLogger.log(event, ILogger.S_OCSP, - level, msg); + mLogger.log(event, ILogger.S_OCSP, level, msg); } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OCSP, - level, msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OCSP, level, msg); } - public void setDefaultAlgorithm(String algorithm) - throws EBaseException { + public void setDefaultAlgorithm(String algorithm) throws EBaseException { mSigningUnit.setDefaultAlgorithm(algorithm); } /** * Signs the Response Data. */ - public BasicOCSPResponse sign(ResponseData rd) - throws EBaseException { + public BasicOCSPResponse sign(ResponseData rd) throws EBaseException { try { DerOutputStream out = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); - String algname = mSigningUnit.getDefaultAlgorithm(); + String algname = mSigningUnit.getDefaultAlgorithm(); byte rd_data[] = ASN1Util.encode(rd); if (rd_data != null) { - mTotalData += rd_data.length; + mTotalData += rd_data.length; } rd.encode(tmp); AlgorithmId.get(algname).encode(tmp); @@ -451,29 +456,30 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, tmp.putBitString(signature); // XXX - optional, put the certificate chains in also - DerOutputStream tmpChain = new DerOutputStream(); DerOutputStream tmp1 = new DerOutputStream(); DerOutputStream outChain = new DerOutputStream(); - java.security.cert.X509Certificate chains[] = - mCertChain.getChain(); + java.security.cert.X509Certificate chains[] = mCertChain.getChain(); for (int i = 0; i < chains.length; i++) { tmpChain.putDerValue(new DerValue(chains[i].getEncoded())); } tmp1.write(DerValue.tag_Sequence, tmpChain); tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), - tmp1); + tmp1); out.write(DerValue.tag_Sequence, tmp); - - BasicOCSPResponse response = new BasicOCSPResponse(out.toByteArray()); + + BasicOCSPResponse response = new BasicOCSPResponse( + out.toByteArray()); return response; } catch (Exception e) { e.printStackTrace(); // error e - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_SIGN_RESPONSE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_RESPONSE", + e.toString())); return null; } @@ -482,7 +488,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Returns default signing unit used by this CA * <P> - * + * * @return request identifier */ public ISigningUnit getSigningUnit() { @@ -492,6 +498,7 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, /** * Retrieves the request queue for the Authority. * <P> + * * @return the request queue. */ public IRequestQueue getRequestQueue() { @@ -541,115 +548,90 @@ public class OCSPAuthority implements IOCSPAuthority, IOCSPService, ISubsystem, */ /** - public OCSPResponse processOCSPRequest(OCSPRequest req, OCSPReqProcessor p) - throws EBaseException - { - try { - log(ILogger.LL_INFO, "start OCSP request"); - TBSRequest tbsReq = request.getTBSRequest(); - - Vector singleResponses = new Vector(); - for (int i = 0; i < tbsReq.getRequestCount(); i++) - { - com.netscape.certsrv.ocsp.asn1.Request req = - tbsReq.getRequestAt(i); - CertID cid = req.getCertID(); - SingleResponse sr = p.process(cid); - singleResponses.addElement(sr); - } - - - SingleResponse res[] = new SingleResponse[singleResponses.size()]; - singleResponses.copyInto(res); - - X500Name name = getName(); - Name.Template nameTemplate = new Name.Template(); - NameID rid = new NameID((Name)nameTemplate.decode( - new ByteArrayInputStream(name.getEncoded()))); - ResponseData rd = new ResponseData(rid, new GeneralizedTime( - CMS.getCurrentDate()), res); - - BasicOCSPResponse basicRes = sign(rd); - - OCSPResponse response = new OCSPResponse( - OCSPResponseStatus.SUCCESSFUL, - new ResponseBytes(ResponseBytes.OCSP_BASIC, - new OCTET_STRING(ASN1Util.encode(basicRes)))); - - log(ILogger.LL_INFO, "done OCSP request"); - return response; - } catch (Exception e) { - log(ILogger.LL_FAILURE, "request processing failure " + e); - return null; - } - } + * public OCSPResponse processOCSPRequest(OCSPRequest req, OCSPReqProcessor + * p) throws EBaseException { try { log(ILogger.LL_INFO, + * "start OCSP request"); TBSRequest tbsReq = request.getTBSRequest(); + * + * Vector singleResponses = new Vector(); for (int i = 0; i < + * tbsReq.getRequestCount(); i++) { com.netscape.certsrv.ocsp.asn1.Request + * req = tbsReq.getRequestAt(i); CertID cid = req.getCertID(); + * SingleResponse sr = p.process(cid); singleResponses.addElement(sr); } + * + * + * SingleResponse res[] = new SingleResponse[singleResponses.size()]; + * singleResponses.copyInto(res); + * + * X500Name name = getName(); Name.Template nameTemplate = new + * Name.Template(); NameID rid = new NameID((Name)nameTemplate.decode( new + * ByteArrayInputStream(name.getEncoded()))); ResponseData rd = new + * ResponseData(rid, new GeneralizedTime( CMS.getCurrentDate()), res); + * + * BasicOCSPResponse basicRes = sign(rd); + * + * OCSPResponse response = new OCSPResponse( OCSPResponseStatus.SUCCESSFUL, + * new ResponseBytes(ResponseBytes.OCSP_BASIC, new + * OCTET_STRING(ASN1Util.encode(basicRes)))); + * + * log(ILogger.LL_INFO, "done OCSP request"); return response; } catch + * (Exception e) { log(ILogger.LL_FAILURE, "request processing failure " + + * e); return null; } } **/ /** * Returns the in-memory count of the processed OCSP requests. - * + * * @return number of processed OCSP requests in memory */ - public long getNumOCSPRequest() - { + public long getNumOCSPRequest() { return mNumOCSPRequest; } /** - * Returns the in-memory time (in mini-second) of - * the processed time for OCSP requests. - * + * Returns the in-memory time (in mini-second) of the processed time for + * OCSP requests. + * * @return processed times for OCSP requests */ - public long getOCSPRequestTotalTime() - { - return mTotalTime; + public long getOCSPRequestTotalTime() { + return mTotalTime; } /** - * Returns the in-memory time (in mini-second) of - * the signing time for OCSP requests. - * + * Returns the in-memory time (in mini-second) of the signing time for OCSP + * requests. + * * @return processed times for OCSP requests */ - public long getOCSPTotalSignTime() - { - return mSignTime; + public long getOCSPTotalSignTime() { + return mSignTime; } - public long getOCSPTotalLookupTime() - { - return mLookupTime; + public long getOCSPTotalLookupTime() { + return mLookupTime; } /** - * Returns the total data signed - * for OCSP requests. - * + * Returns the total data signed for OCSP requests. + * * @return processed times for OCSP requests */ - public long getOCSPTotalData() - { - return mTotalData; + public long getOCSPTotalData() { + return mTotalData; } - public void incTotalTime(long inc) - { + public void incTotalTime(long inc) { mTotalTime += inc; } - public void incSignTime(long inc) - { + public void incSignTime(long inc) { mSignTime += inc; - } + } - public void incLookupTime(long inc) - { + public void incLookupTime(long inc) { mLookupTime += inc; - } + } - public void incNumOCSPRequest(long inc) - { + public void incNumOCSPRequest(long inc) { mNumOCSPRequest += inc; } } diff --git a/pki/base/ocsp/src/com/netscape/ocsp/OCSPResources.java b/pki/base/ocsp/src/com/netscape/ocsp/OCSPResources.java index 6c9032f11..5c3439c63 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/OCSPResources.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/OCSPResources.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ocsp; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for OCSP subsystem. * <P> - * + * * @version $Revision$ $Date$ */ public class OCSPResources extends ListResourceBundle { @@ -37,8 +35,7 @@ public class OCSPResources extends ListResourceBundle { } /** - * Constants. The suffix represents the number of - * possible parameters. + * Constants. The suffix represents the number of possible parameters. */ static final Object[][] contents = {}; } diff --git a/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java b/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java index d1447de27..65990a5ee 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ocsp; - import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; @@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert; /** * OCSP signing unit based on JSS. - * + * * $Revision$ $Date$ */ @@ -76,8 +75,8 @@ public final class SigningUnit implements ISigningUnit { private ISubsystem mOwner = null; - private String mDefSigningAlgname = null; - private SignatureAlgorithm mDefSigningAlgorithm = null; + private String mDefSigningAlgname = null; + private SignatureAlgorithm mDefSigningAlgorithm = null; public SigningUnit() { } @@ -124,8 +123,8 @@ public final class SigningUnit implements ISigningUnit { } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { - mOwner = owner; + throws EBaseException { + mOwner = owner; mConfig = config; String tokenname = null; @@ -138,8 +137,8 @@ public final class SigningUnit implements ISigningUnit { CMS.debug("OCSP nickname " + mNickname); tokenname = config.getString(PROP_TOKEN_NAME); - if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - tokenname.equalsIgnoreCase("Internal Key Storage Token")) { + if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) + || tokenname.equalsIgnoreCase("Internal Key Storage Token")) { mToken = mManager.getInternalKeyStorageToken(); } else { mToken = mManager.getTokenByName(tokenname); @@ -149,12 +148,13 @@ public final class SigningUnit implements ISigningUnit { CMS.debug(config.getName() + " Signing Unit nickname " + mNickname); CMS.debug("Got token " + tokenname + " by name"); - PasswordCallback cb = JssSubsystem.getInstance().getPWCB(); + PasswordCallback cb = JssSubsystem.getInstance().getPWCB(); mToken.login(cb); // ONE_TIME by default. mCert = mManager.findCertByNickname(mNickname); - CMS.debug("Found cert by nickname: '"+mNickname+"' with serial number: "+mCert.getSerialNumber()); + CMS.debug("Found cert by nickname: '" + mNickname + + "' with serial number: " + mCert.getSerialNumber()); mCertImpl = new X509CertImpl(mCert.getEncoded()); CMS.debug("converted to x509CertImpl"); @@ -167,32 +167,42 @@ public final class SigningUnit implements ISigningUnit { // get def alg and check if def sign alg is valid for token. mDefSigningAlgname = config.getString(PROP_DEFAULT_SIGNALG); - mDefSigningAlgorithm = - checkSigningAlgorithmFromName(mDefSigningAlgname); - CMS.debug( - "got signing algorithm " + mDefSigningAlgorithm); + mDefSigningAlgorithm = checkSigningAlgorithmFromName(mDefSigningAlgname); + CMS.debug("got signing algorithm " + mDefSigningAlgorithm); mInited = true; } catch (java.security.cert.CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_CONVERT_X509", e.getMessage())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_CONVERT_X509", + e.getMessage())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (CryptoManager.NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (IncorrectPasswordException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_INCORRECT_PWD", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_INCORRECT_PWD", + e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (NoSuchTokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_TOKEN_NOT_FOUND", tokenname, e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_OCSP_TOKEN_NOT_FOUND", tokenname, e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (ObjectNotFoundException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_OBJECT_NOT_FOUND", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_OBJECT_NOT_FOUND", + e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (TokenException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } } @@ -206,41 +216,44 @@ public final class SigningUnit implements ISigningUnit { * @exception EBaseException if signing algorithm is not supported. */ public SignatureAlgorithm checkSigningAlgorithmFromName(String algname) - throws EBaseException { + throws EBaseException { try { SignatureAlgorithm sigalg = null; sigalg = mapAlgorithmToJss(algname); if (sigalg == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", "")); } Signature signer = mToken.getSignatureContext(sigalg); signer.initSign(mPrivk); return sigalg; } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (TokenException e) { // from get signature context or from initSign - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } } /** * @param algname is expected to be one of JCA's algorithm names. */ - public byte[] sign(byte[] data, String algname) - throws EBaseException { + public byte[] sign(byte[] data, String algname) throws EBaseException { if (!mInited) { throw new EBaseException("OCSPSigningUnit not initialized!"); } @@ -253,10 +266,10 @@ public final class SigningUnit implements ISigningUnit { signAlg = checkSigningAlgorithmFromName(algname); } - // XXX use a pool of signers based on alg ? + // XXX use a pool of signers based on alg ? // XXX Map algor. name to id. hack: use hardcoded define for now. - CMS.debug( - "Getting algorithm context for " + algname + " " + signAlg); + CMS.debug("Getting algorithm context for " + algname + " " + + signAlg); Signature signer = mToken.getSignatureContext(signAlg); signer.initSign(mPrivk); @@ -264,23 +277,31 @@ public final class SigningUnit implements ISigningUnit { CMS.debug("Signing OCSP Response"); return signer.sign(); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (TokenException e) { // from get signature context or from initSign - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (SignatureException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } } public boolean verify(byte[] data, byte[] signature, String algname) - throws EBaseException { + throws EBaseException { if (!mInited) { throw new EBaseException("OCSPSigningUnit not initialized!"); } @@ -288,9 +309,10 @@ public final class SigningUnit implements ISigningUnit { SignatureAlgorithm signAlg = mapAlgorithmToJss(algname); if (signAlg == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", "")); } // XXX make this configurable. hack: use hardcoded for now. Signature signer = mToken.getSignatureContext(signAlg); @@ -299,26 +321,34 @@ public final class SigningUnit implements ISigningUnit { signer.update(data); return signer.verify(signature); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (TokenException e) { // from get signature context or from initSign - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (SignatureException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } } private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OCSP, - level, "OCSPSigningUnit: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OCSP, level, + "OCSPSigningUnit: " + msg); } /** @@ -336,15 +366,14 @@ public final class SigningUnit implements ISigningUnit { } public void setDefaultAlgorithm(String algorithm) throws EBaseException { - mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm); + mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm); mDefSigningAlgname = algorithm; - log(ILogger.LL_INFO, - "Default signing algorithm is set to " + algorithm); + log(ILogger.LL_INFO, "Default signing algorithm is set to " + algorithm); } /** * get all possible algorithms for the OCSP signing key type. - */ + */ public String[] getAllAlgorithms() throws EBaseException { byte[] keybytes = mPubk.getEncoded(); X509Key key = new X509Key(); @@ -354,8 +383,10 @@ public final class SigningUnit implements ISigningUnit { } catch (java.security.InvalidKeyException e) { String msg = "Invalid encoding in OCSP signing key."; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_INVALID_ENCODING")); - throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_INVALID_ENCODING")); + throw new EOCSPException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", msg)); } if (key.getAlgorithmId().getOID().equals(AlgorithmId.DSA_oid)) { @@ -369,4 +400,3 @@ public final class SigningUnit implements ISigningUnit { return Cert.mapAlgorithmToJss(algname); } } - |