// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
import java.util.*;
import java.security.cert.*;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import com.netscape.certsrv.apps.*;
import com.netscape.certsrv.base.*;
import com.netscape.certsrv.template.*;
import com.netscape.certsrv.profile.*;
import com.netscape.certsrv.request.*;
import com.netscape.certsrv.authentication.*;
import com.netscape.certsrv.authorization.*;
import com.netscape.certsrv.logging.*;
import com.netscape.cms.servlet.common.*;
import com.netscape.cms.servlet.common.AuthCredentials;
import org.mozilla.jss.asn1.*;
import org.mozilla.jss.pkix.cmc.*;
import netscape.security.x509.*;
/**
* This servlet submits end-user request into the profile framework.
*
* @version $Revision$, $Date$
*/
public class ProfileSubmitCMCServlet extends ProfileServlet {
private static final String ARG_AUTH_TOKEN = "auth_token";
private static final String PROP_PROFILE_ID = "profileId";
private static final String PROP_AUTHORITY_ID = "authorityId";
private String mOutputTemplateClassName = null;
private String mProfileId = null;
private String mProfileSubId = null;
private String mReqType = null;
private String mAuthorityId = null;
private String requestBinary = null;
private String requestB64 = null;
private final static String[]
SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
/* 0 */ "automated profile cert request rejection: "
+ "indeterminate reason for inability to process "
+ "cert request due to an EBaseException"
};
private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
"LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
public ProfileSubmitCMCServlet() {
}
/**
* initialize the servlet. And instance of this servlet can
* be set up to always issue certificates against a certain profile
* by setting the 'profileId' configuration in the servletConfig
* If not, the user must specify the profileID when submitting the request
*
* "ImportCert.template" to process the response.
*
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mAuthorityId = sc.getInitParameter(PROP_AUTHORITY_ID);
mProfileId = sc.getInitParameter(PROP_PROFILE_ID);
mOutputTemplateClassName = sc.getInitParameter("outputTemplateClass");
mRenderResult = false;
}
private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) {
// passing inputs into context
Enumeration inputIds = profile.getProfileInputIds();
if (inputIds != null) {
while (inputIds.hasMoreElements()) {
String inputId = (String) inputIds.nextElement();
IProfileInput profileInput = profile.getProfileInput(inputId);
Enumeration inputNames = profileInput.getValueNames();
while (inputNames.hasMoreElements()) {
String inputName = (String) inputNames.nextElement();
if (request.getParameter(inputName) != null) {
ctx.set(inputName, request.getParameter(inputName));
}
}
}
}
}
private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) {
Enumeration authIds = authenticator.getValueNames();
if (authIds != null) {
while (authIds.hasMoreElements()) {
String authName = (String) authIds.nextElement();
if (request.getParameter(authName) != null) {
ctx.set(authName, request.getParameter(authName));
}
}
}
}
public IAuthToken authenticate(IProfileAuthenticator authenticator,
HttpServletRequest request) throws EBaseException {
AuthCredentials credentials = new AuthCredentials();
// build credential
Enumeration authNames = authenticator.getValueNames();
if (authNames != null) {
while (authNames.hasMoreElements()) {
String authName = (String) authNames.nextElement();
if (authName.equals("cert_request"))
credentials.set(authName, requestB64);
else
credentials.set(authName, request.getParameter(authName));
}
}
IAuthToken authToken = authenticator.authenticate(credentials);
SessionContext sc = SessionContext.getContext();
if (sc != null) {
sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
String userid = authToken.getInString(IAuthToken.USER_ID);
if (userid != null) {
sc.put(SessionContext.USER_ID, userid);
}
}
return authToken;
}
private void setInputsIntoRequest(HttpServletRequest request, IProfile
profile, IRequest req) {
Enumeration inputIds = profile.getProfileInputIds();
if (inputIds != null) {
while (inputIds.hasMoreElements()) {
String inputId = (String) inputIds.nextElement();
IProfileInput profileInput = profile.getProfileInput(inputId);
Enumeration inputNames = profileInput.getValueNames();
if (inputNames != null) {
while (inputNames.hasMoreElements()) {
String inputName = (String) inputNames.nextElement();
if (request.getParameter(inputName) != null) {
req.setExtData(inputName, request.getParameter(inputName));
}
}
}
}
}
}
/**
* Process the HTTP request
*
*
* (Certificate Request Processed - either an automated "EE" profile based
* cert acceptance, or an automated "EE" profile based cert rejection)
*
*
*
* - http.param profileId ID of profile to use to process request
*
- signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
* certificate request has just been through the approval process
*
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest request = cmsReq.getHttpReq();
HttpServletResponse response = cmsReq.getHttpResp();
Locale locale = getLocale(request);
ArgSet args = new ArgSet();
String cert_request_type =
mServletConfig.getInitParameter("cert_request_type");
String outputFormat = mServletConfig.getInitParameter("outputFormat");
int reqlen = request.getContentLength();
InputStream is = null;
try {
is = request.getInputStream();
} catch (Exception ee) {
}
byte reqbuf[] = new byte[reqlen];
int bytesread = 0;
boolean partial = false;
while (bytesread < reqlen) {
try {
bytesread += is.read(reqbuf, bytesread, reqlen - bytesread);
} catch (Exception ee) {
}
if (partial == false) {
if (bytesread < reqlen)
partial = true;
}
}
requestB64 = com.netscape.osutil.OSUtil.BtoA(reqbuf);
if (CMS.debugOn()) {
CMS.debug("Start of ProfileSubmitCMCServlet Input Parameters");
Enumeration paramNames = request.getParameterNames();
while (paramNames.hasMoreElements()) {
String paramName = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
// all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
if( paramName.startsWith("__") ||
paramName.endsWith("password") ||
paramName.endsWith("passwd") ||
paramName.endsWith("pwd") ||
paramName.equalsIgnoreCase("admin_password_again") ||
paramName.equalsIgnoreCase("directoryManagerPwd") ||
paramName.equalsIgnoreCase("bindpassword") ||
paramName.equalsIgnoreCase("bindpwd") ||
paramName.equalsIgnoreCase("passwd") ||
paramName.equalsIgnoreCase("password") ||
paramName.equalsIgnoreCase("pin") ||
paramName.equalsIgnoreCase("pwd") ||
paramName.equalsIgnoreCase("pwdagain") ||
paramName.equalsIgnoreCase("uPasswd") ) {
CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
paramName + "='(sensitive)'");
} else {
CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
paramName + "='" +
request.getParameter(paramName) + "'");
}
}
CMS.debug("End of ProfileSubmitCMCServlet Input Parameters");
}
CMS.debug("ProfileSubmitCMCServlet: start serving");
if (mProfileSubId == null || mProfileSubId.equals("")) {
mProfileSubId = IProfileSubsystem.ID;
}
CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId);
IProfileSubsystem ps = (IProfileSubsystem)
CMS.getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found");
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
// if we did not configure profileId in xml file,
// then accept the user-provided one
String profileId = null;
if (mProfileId == null) {
profileId = request.getParameter("profileId");
} else {
profileId = mProfileId;
}
IProfile profile = null;
try {
CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId);
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " +
profileId + " " + e.toString());
}
if (profile == null) {
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
if (!ps.isProfileEnable(profileId)) {
CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId +
" not enabled");
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
IProfileContext ctx = profile.createContext();
if (requestB64 != null) {
ctx.set("cert_request_type", cert_request_type);
ctx.set("cert_request", requestB64);
}
// passing auths into context
IProfileAuthenticator authenticator = null;
try {
authenticator = profile.getAuthenticator();
} catch (EProfileException e) {
// authenticator not installed correctly
}
if (authenticator == null) {
CMS.debug("ProfileSubmitCMCServlet: authenticator not found");
} else {
CMS.debug("ProfileSubmitCMCServlet: authenticator " +
authenticator.getName() + " found");
setCredentialsIntoContext(request, authenticator, ctx);
}
setInputsIntoContext(request, profile, ctx);
CMS.debug("ProfileSubmistServlet: set Inputs into Context");
// before creating the request, authenticate the request
IAuthToken authToken = null;
// for ssl authentication; pass in servlet for retrieving
// ssl client certificates
SessionContext context = SessionContext.getContext();
// insert profile context so that input parameter can be retrieved
context.put("profileContext", ctx);
context.put("sslClientCertProvider",
new SSLClientCertProvider(request));
CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider");
if (authenticator != null) {
try {
authToken = authenticate(authenticator, request);
// authentication success
} catch (EBaseException e) {
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String(e.toString());
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.BAD_REQUEST, s);
CMS.debug("ProfileSubmitCMCServlet: authentication error " +
e.toString());
return;
}
//authorization only makes sense when request is authenticated
AuthzToken authzToken = null;
if (authToken != null) {
CMS.debug("ProfileSubmitCMCServlet authToken not null");
try {
authzToken = authorize(mAclMethod, authToken,
mAuthzResourceName, "submit");
} catch (Exception e) {
CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString());
}
}
if (authzToken == null) {
CMS.debug("ProfileSubmitCMCServlet authorization failure: authzToken is null");
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String("ProfileSubmitCMCServlet authorization failure");
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.BAD_REQUEST, s);
return;
}
}
IRequest reqs[] = null;
///////////////////////////////////////////////
// create request
///////////////////////////////////////////////
try {
reqs = profile.createRequests(ctx, locale);
} catch (EProfileException e) {
CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString());
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String(e.toString());
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.INTERNAL_CA_ERROR, s);
return;
} catch (Throwable e) {
CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString());
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
TaggedAttribute attr =
(TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
if (attr != null) {
boolean verifyAllow = true;
try {
verifyAllow = CMS.getConfigStore().getBoolean(
"cmc.lraPopWitness.verify.allow", true);
} catch (EBaseException ee) {
}
if (!verifyAllow) {
LraPopWitness lraPop = null;
SET vals = attr.getValues();
if (vals.size() > 0) {
try {
lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(),
ASN1Util.encode(vals.elementAt(0))));
} catch (InvalidBERException e) {
CMS.debug(
CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
}
SEQUENCE bodyIds = lraPop.getBodyIds();
CMCOutputTemplate template = new CMCOutputTemplate();
template.createFullResponseWithFailedStatus(response, bodyIds,
OtherInfo.POP_FAILED, null);
return;
}
}
}
// for CMC, requests may be zero. Then check if controls exist.
if (reqs == null) {
Integer nums = (Integer)(context.get("numOfControls"));
CMCOutputTemplate template = new CMCOutputTemplate();
// if there is only one control GetCert, then simple response
// must be returned.
if (nums != null && nums.intValue() == 1) {
TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
if (attr1 != null) {
template.createSimpleResponse(response, reqs);
} else
template.createFullResponse(response, reqs,
cert_request_type, null);
} else
template.createFullResponse(response, reqs,
cert_request_type, null);
return;
}
String errorCode = null;
String errorReason = null;
///////////////////////////////////////////////
// populate request
///////////////////////////////////////////////
for (int k = 0; k < reqs.length; k++) {
// adding parameters to request
setInputsIntoRequest(request, profile, reqs[k]);
// serial auth token into request
if (authToken != null) {
Enumeration tokenNames = authToken.getElements();
while (tokenNames.hasMoreElements()) {
String tokenName = (String)tokenNames.nextElement();
String[] vals = authToken.getInStringArray(tokenName);
if (vals != null) {
for (int i = 0; i < vals.length; i++) {
reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
tokenName + "[" + i + "]", vals[i]);
}
} else {
String val = authToken.getInString(tokenName);
if (val != null) {
reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
val);
}
}
}
}
// put profile framework parameters into the request
reqs[k].setExtData(ARG_PROFILE, "true");
reqs[k].setExtData(ARG_PROFILE_ID, profileId);
reqs[k].setExtData(ARG_PROFILE_APPROVED_BY, profile.getApprovedBy());
String setId = profile.getPolicySetId(reqs[k]);
if (setId == null) {
// no profile set found
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String(CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
CMS.debug("ProfileSubmitCMCServlet profileSetid=" + setId);
reqs[k].setExtData(ARG_PROFILE_SET_ID, setId);
reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
CMS.debug("ProfileSubmitCMCServlet: request " +
reqs[k].getRequestId().toString());
try {
CMS.debug("ProfileSubmitCMCServlet: populating request inputs");
// give authenticator a chance to populate the request
if (authenticator != null) {
authenticator.populate(authToken, reqs[k]);
}
profile.populateInput(ctx, reqs[k]);
profile.populate(reqs[k]);
} catch (EProfileException e) {
CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString());
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String(e.toString());
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.BAD_REQUEST, s);
return;
} catch (Throwable e) {
CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString());
// throw new IOException("Profile " + profileId +
// " cannot populate");
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
s = new UTF8String(e.toString());
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
}
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = ILogger.UNIDENTIFIED;
String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
int responseType = 0;
try {
///////////////////////////////////////////////
// submit request
///////////////////////////////////////////////
int error_codes[] = null;
if (reqs != null && reqs.length > 0)
error_codes = new int[reqs.length];
for (int k = 0; k < reqs.length; k++) {
try {
// reset the "auditRequesterID"
auditRequesterID = auditRequesterID(reqs[k]);
// print request debug
if (reqs[k] != null) {
Enumeration reqKeys = reqs[k].getExtDataKeys();
while (reqKeys.hasMoreElements()) {
String reqKey = (String)reqKeys.nextElement();
String reqVal = reqs[k].getExtDataInString(reqKey);
if (reqVal != null) {
CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal);
}
}
}
profile.submit(authToken, reqs[k]);
reqs[k].setRequestStatus(RequestStatus.COMPLETE);
// reset the "auditInfoCertValue"
auditInfoCertValue = auditInfoCertValue(reqs[k]);
if (auditInfoCertValue != null) {
if (!(auditInfoCertValue.equals(
ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
auditSubjectID,
ILogger.SUCCESS,
auditRequesterID,
ILogger.SIGNED_AUDIT_ACCEPTANCE,
auditInfoCertValue);
audit(auditMessage);
}
}
} catch (EDeferException e) {
// return defer message to the user
reqs[k].setRequestStatus(RequestStatus.PENDING);
// need to notify
INotify notify = profile.getRequestQueue().getPendingNotify();
if (notify != null) {
notify.notify(reqs[k]);
}
CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
errorCode = "2";
errorReason = CMS.getUserMessage(locale,
"CMS_PROFILE_DEFERRED",
e.toString());
} catch (ERejectException e) {
// return error to the user
reqs[k].setRequestStatus(RequestStatus.REJECTED);
CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
errorCode = "3";
errorReason = CMS.getUserMessage(locale,
"CMS_PROFILE_REJECTED",
e.toString());
} catch (Throwable e) {
// return error to the user
CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
errorCode = "1";
errorReason = CMS.getUserMessage(locale,
"CMS_INTERNAL_ERROR");
}
try {
if (errorCode == null) {
profile.getRequestQueue().markAsServiced(reqs[k]);
} else {
profile.getRequestQueue().updateRequest(reqs[k]);
}
} catch (EBaseException e) {
CMS.debug("ProfileSubmitCMCServlet: updateRequest " +
e.toString());
}
if (errorCode != null) {
if (errorCode.equals("1")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
auditSubjectID,
ILogger.FAILURE,
auditRequesterID,
ILogger.SIGNED_AUDIT_REJECTION,
errorReason);
audit(auditMessage);
} else if (errorCode.equals("2")) {
// do NOT store a message in the signed audit log file
// as this errorCode indicates that a process has been
// deferred for manual acceptance/cancellation/rejection
} else if (errorCode.equals("3")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
auditSubjectID,
ILogger.FAILURE,
auditRequesterID,
ILogger.SIGNED_AUDIT_REJECTION,
errorReason);
audit(auditMessage);
}
error_codes[k] = Integer.parseInt(errorCode);
} else
error_codes[k] = 0;
}
if (errorCode != null) {
// create the CMC full enrollment response
CMCOutputTemplate template = new CMCOutputTemplate();
template.createFullResponse(response, reqs, cert_request_type, error_codes);
return;
}
///////////////////////////////////////////////
// output output list
///////////////////////////////////////////////
CMS.debug("ProfileSubmitCMCServlet: done serving");
CMCOutputTemplate template = new CMCOutputTemplate();
if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) {
if (outputFormat != null &&outputFormat.equals("pkcs7")) {
byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]);
response.setContentType("application/pkcs7-mime");
response.setContentLength(pkcs7.length);
try {
OutputStream os = response.getOutputStream();
os.write(pkcs7);
os.flush();
} catch (Exception ee) {
}
return;
}
template.createSimpleResponse(response, reqs);
} else if (cert_request_type.equals("cmc")) {
Integer nums = (Integer)(context.get("numOfControls"));
if (nums != null && nums.intValue() == 1) {
TaggedAttribute attr1 =
(TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
if (attr1 != null) {
template.createSimpleResponse(response, reqs);
return;
}
}
template.createFullResponse(response, reqs, cert_request_type,
error_codes);
}
} finally {
context.releaseContext();
}
}
/**
* Signed Audit Log Requester ID
*
* This method is called to obtain the "RequesterID" for
* a signed audit log message.
*
*
* @param request the actual request
* @return id string containing the signed audit log message RequesterID
*/
private String auditRequesterID(IRequest request) {
// if no signed audit object exists, bail
if (mSignedAuditLogger == null) {
return null;
}
String requesterID = ILogger.UNIDENTIFIED;
if (request != null) {
// overwrite "requesterID" if and only if "id" != null
String id = request.getRequestId().toString();
if (id != null) {
requesterID = id.trim();
}
}
return requesterID;
}
/**
* Signed Audit Log Info Certificate Value
*
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
*
*
* @param request request containing an X509CertImpl
* @return cert string containing the certificate
*/
private String auditInfoCertValue(IRequest request) {
// if no signed audit object exists, bail
if (mSignedAuditLogger == null) {
return null;
}
X509CertImpl x509cert = request.getExtDataInCert(
IEnrollProfile.REQUEST_ISSUED_CERT);
if (x509cert == null) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
byte rawData[] = null;
try {
rawData = x509cert.getEncoded();
} catch (CertificateEncodingException e) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
String cert = null;
// convert "rawData" into "base64Data"
if (rawData != null) {
String base64Data = null;
base64Data = com.netscape.osutil.OSUtil.BtoA(rawData).trim();
// extract all line separators from the "base64Data"
StringBuffer sb = new StringBuffer();
for (int i = 0; i < base64Data.length(); i++) {
if (!Character.isWhitespace(base64Data.charAt(i))) {
sb.append(base64Data.charAt(i));
}
}
cert = sb.toString();
}
if (cert != null) {
cert = cert.trim();
if (cert.equals("")) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
} else {
return cert;
}
} else {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
}
}