From 70fdf22f76494a84b6cbef10598ed897a48f0798 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Wed, 28 Mar 2012 18:29:19 -0500 Subject: Replaced deprecated PK11PubKey.fromRaw(). The deprecated fromRaw() method in PK11PubKey has been replaced with fromSPKI(). Ticket #3 --- .../com/netscape/cms/authentication/CMCAuth.java | 50 +++++++++------------- .../cms/servlet/common/CMCOutputTemplate.java | 28 +++++------- .../cms/servlet/processors/CMCProcessor.java | 40 +++-------------- 3 files changed, 38 insertions(+), 80 deletions(-) (limited to 'base/common/src/com/netscape/cms') diff --git a/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/base/common/src/com/netscape/cms/authentication/CMCAuth.java index 06d4eaa0f..d15f445f3 100644 --- a/base/common/src/com/netscape/cms/authentication/CMCAuth.java +++ b/base/common/src/com/netscape/cms/authentication/CMCAuth.java @@ -28,7 +28,6 @@ package com.netscape.cms.authentication; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.io.OutputStream; import java.math.BigInteger; import java.security.MessageDigest; import java.security.PublicKey; @@ -52,7 +51,6 @@ import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.SEQUENCE; import org.mozilla.jss.asn1.SET; import org.mozilla.jss.crypto.DigestAlgorithm; -import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.pkcs10.CertificationRequest; import org.mozilla.jss.pkcs11.PK11PubKey; import org.mozilla.jss.pkix.cert.Certificate; @@ -100,7 +98,7 @@ import com.netscape.cmsutil.util.Utils; /** * UID/CMC authentication plug-in *

- * + * * @version $Revision$, $Date$ */ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, @@ -198,7 +196,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, /** * Initializes the CMCAuth authentication plug-in. *

- * + * * @param name The name for this authentication plug-in instance. * @param implName The name of the authentication plug-in. * @param config - The configuration store for this instance. @@ -217,12 +215,12 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, * Authenticates user by their CMC; * resulting AuthToken sets a TOKEN_SUBJECT for the subject name. *

- * + * *

- * + * * @param authCred Authentication credentials, CRED_UID and CRED_CMC. * @return an AuthToken * @exception com.netscape.certsrv.authentication.EMissingCredential @@ -246,7 +244,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, try { // get the CMC. - Object argblock = (Object) (authCred.getArgBlock()); + Object argblock = authCred.getArgBlock(); Object returnVal = null; if (argblock == null) { returnVal = authCred.get("cert_request"); @@ -682,7 +680,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, * The list is passed to the configuration console so instances of * this implementation can be configured through the console. *

- * + * * @return String array of configuration parameter names. */ public String[] getConfigParams() { @@ -693,7 +691,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, * gets the configuration substore used by this authentication * plug-in *

- * + * * @return configuration store */ public IConfigStore getConfigStore() { @@ -717,7 +715,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, /** * get the list of required credentials. *

- * + * * @return list of required credentials as strings. */ public String[] getRequiredCreds() { @@ -737,7 +735,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, /** * Activate the help system. *

- * + * * @return help messages */ public String[] getExtendedPluginInfo() { @@ -758,7 +756,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, /** * Logs a message for this class in the system log file. *

- * + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -807,13 +805,13 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); - byte[] digest = (byte[]) digs.get(name); + byte[] digest = digs.get(name); if (digest == null) { MessageDigest md = MessageDigest.getInstance(name); ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - pkiData.encode((OutputStream) ostream); + pkiData.encode(ostream); digest = md.digest(ostream.toByteArray()); } @@ -862,15 +860,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, si.verify(digest, id); } else { PublicKey signKey = cert.getPublicKey(); - PrivateKey.Type keyType = null; - String alg = signKey.getAlgorithm(); - - if (alg.equals("RSA")) { - keyType = PrivateKey.RSA; - } else if (alg.equals("DSA")) { - keyType = PrivateKey.DSA; - } - PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey()); + PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) signKey).getKey()); CMS.debug("CMCAuth: verifying signature with public key"); si.verify(digest, id, pubK); @@ -891,7 +881,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, IAuthToken tempToken = agentAuth.authenticate(agentCred); netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN(); - String CN = (String) tempPrincipal.getCommonName();//tempToken.get("userid"); + String CN = tempPrincipal.getCommonName(); //tempToken.get("userid"); BigInteger agentCertSerial = x509Certs[0].getSerialNumber(); authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT, agentCertSerial.toString()); @@ -905,7 +895,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, // find from certDB si.verify(digest, id); - } // + } // } } catch (InvalidBERException e) { CMS.debug("CMCAuth: " + e.toString()); @@ -914,7 +904,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, } catch (Exception e) { throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - return (IAuthToken) null; + return null; } @@ -979,10 +969,10 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, /** * Signed Audit Log - * + * * This method is called to store messages to the signed audit log. *

- * + * * @param msg signed audit log message */ private void audit(String msg) { @@ -1002,11 +992,11 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo, /** * Signed Audit Log Subject ID - * + * * This method is called to obtain the "SubjectID" for * a signed audit log message. *

- * + * * @return id string containing the signed audit log message SubjectID */ private String auditSubjectID() { diff --git a/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index 38fcf24f9..f1320f44a 100644 --- a/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -53,7 +53,6 @@ import org.mozilla.jss.asn1.SEQUENCE; import org.mozilla.jss.asn1.SET; import org.mozilla.jss.asn1.UTF8String; import org.mozilla.jss.crypto.DigestAlgorithm; -import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.crypto.SignatureAlgorithm; import org.mozilla.jss.pkcs11.PK11PubKey; import org.mozilla.jss.pkix.cert.Certificate; @@ -93,7 +92,7 @@ import com.netscape.certsrv.request.RequestStatus; /** * Utility CMCOutputTemplate - * + * * @version $ $, $Date$ */ public class CMCOutputTemplate { @@ -420,7 +419,7 @@ public class CMCOutputTemplate { ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - respBody.encode((OutputStream) ostream); + respBody.encode(ostream); digest = msgDigest.digest(ostream.toByteArray()); SignerInfo signInfo = new @@ -532,7 +531,7 @@ public class CMCOutputTemplate { CMCCertId cmcCertId = (CMCCertId) (ASN1Util.decode(CMCCertId.getTemplate(), ASN1Util.encode(values.elementAt(0)))); - BigInteger serialno = (BigInteger) (cmcCertId.getSerial()); + BigInteger serialno = cmcCertId.getSerial(); SEQUENCE issuers = cmcCertId.getIssuer(); //ANY issuer = (ANY)issuers.elementAt(0); ANY issuer = @@ -546,8 +545,7 @@ public class CMCOutputTemplate { boolean confirmAccepted = false; if (n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal"); - ICertificateRepository repository = - (ICertificateRepository) ca.getCertificateRepository(); + ICertificateRepository repository = ca.getCertificateRepository(); try { repository.getX509Certificate(serialno); } catch (EBaseException ee) { @@ -590,8 +588,8 @@ public class CMCOutputTemplate { GetCert getCert = (GetCert) (ASN1Util.decode(GetCert.getTemplate(), ASN1Util.encode(vals.elementAt(0)))); - BigInteger serialno = (BigInteger) (getCert.getSerialNumber()); - ANY issuer = (ANY) getCert.getIssuer(); + BigInteger serialno = getCert.getSerialNumber(); + ANY issuer = getCert.getIssuer(); byte b[] = issuer.getEncoded(); X500Name n = new X500Name(b); ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); @@ -601,7 +599,7 @@ public class CMCOutputTemplate { throw new EBaseException("Certificate is not found"); } ICertificateRepository repository = - (ICertificateRepository) ca.getCertificateRepository(); + ca.getCertificateRepository(); X509CertImpl impl = repository.getX509Certificate(serialno); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); @@ -795,7 +793,7 @@ public class CMCOutputTemplate { } revoke = true; - // check shared secret + // check shared secret } else { ISharedToken tokenClass = null; boolean sharedSecretFound = true; @@ -878,7 +876,7 @@ public class CMCOutputTemplate { if (revoke) { ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca"); - ICertificateRepository repository = (ICertificateRepository) ca.getCertificateRepository(); + ICertificateRepository repository = ca.getCertificateRepository(); ICertRecord record = null; try { record = repository.readCertificateRecord(revokeSerial); @@ -1060,7 +1058,7 @@ public class CMCOutputTemplate { if (digest == null) { MessageDigest md = MessageDigest.getInstance(name); ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - revRequest.encode((OutputStream) ostream); + revRequest.encode(ostream); digest = md.digest(ostream.toByteArray()); } SignerIdentifier sid = si.getSignerIdentifier(); @@ -1092,11 +1090,7 @@ public class CMCOutputTemplate { if (cert != null) { PublicKey pbKey = cert.getPublicKey(); - String type = ((X509Key) pbKey).getAlgorithm(); - PrivateKey.Type kType = PrivateKey.RSA; - if (type.equals("DSA")) - kType = PrivateKey.DSA; - PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey()); + PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) pbKey).getKey()); si.verify(digest, ci.getContentType(), pubK); return true; } diff --git a/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index 53c13510d..f9b5b3f0f 100644 --- a/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -20,7 +20,6 @@ package com.netscape.cms.servlet.processors; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.io.OutputStream; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.PublicKey; @@ -43,7 +42,6 @@ import org.mozilla.jss.asn1.OCTET_STRING; import org.mozilla.jss.asn1.SEQUENCE; import org.mozilla.jss.asn1.SET; import org.mozilla.jss.crypto.DigestAlgorithm; -import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.pkcs10.CertificationRequest; import org.mozilla.jss.pkcs11.PK11PubKey; import org.mozilla.jss.pkix.cert.Certificate; @@ -74,7 +72,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Process CMC messages according to RFC 2797 * See http://www.ietf.org/rfc/rfc2797.txt - * + * * @version $Revision$, $Date$ */ public class CMCProcessor extends PKIProcessor { @@ -228,13 +226,13 @@ public class CMCProcessor extends PKIProcessor { sis.elementAt(i); String name = si.getDigestAlgorithm().toString(); - byte[] digest = (byte[]) digs.get(name); + byte[] digest = digs.get(name); if (digest == null) { MessageDigest md = MessageDigest.getInstance(name); ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - pkiData.encode((OutputStream) ostream); + pkiData.encode(ostream); digest = md.digest(ostream.toByteArray()); } @@ -282,19 +280,7 @@ public class CMCProcessor extends PKIProcessor { si.verify(digest, id); } else { PublicKey signKey = cert.getPublicKey(); - PrivateKey.Type keyType = null; - String alg = signKey.getAlgorithm(); - - if (alg.equals("RSA")) { - keyType = PrivateKey.RSA; - } else if (alg.equals("DSA")) { - keyType = PrivateKey.DSA; - } else { - } - PK11PubKey pubK = - PK11PubKey.fromRaw(keyType, - ((X509Key) signKey).getKey()); - + PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) signKey).getKey()); si.verify(digest, id, pubK); } @@ -322,19 +308,7 @@ public class CMCProcessor extends PKIProcessor { throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); } else { - PrivateKey.Type keyType = null; - String alg = signKey.getAlgorithm(); - - if (alg.equals("RSA")) { - keyType = PrivateKey.RSA; - } else if (alg.equals("DSA")) { - keyType = PrivateKey.DSA; - } else { - } - PK11PubKey pubK = PK11PubKey.fromRaw( - keyType, - ((X509Key) signKey).getKey()); - + PK11PubKey pubK = PK11PubKey.fromSPKI(((X509Key) signKey).getKey()); si.verify(digest, id, pubK); } } @@ -362,7 +336,7 @@ public class CMCProcessor extends PKIProcessor { for (int j = 0; j < numVals; j++) { ANY val = (ANY) values.elementAt(j); - INTEGER transId = (INTEGER) ((ANY) val).decodeWith( + INTEGER transId = (INTEGER) val.decodeWith( INTEGER.getTemplate()); if (transId != null) { @@ -380,7 +354,7 @@ public class CMCProcessor extends PKIProcessor { ANY val = (ANY) values.elementAt(j); OCTET_STRING nonce = (OCTET_STRING) - ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); + val.decodeWith(OCTET_STRING.getTemplate()); if (nonce != null) { vals[j] = new String(nonce.toByteArray()); -- cgit