1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
import java.io.IOException;
import java.security.cert.CertificateException;
import netscape.security.x509.CertificateX509Key;
import netscape.security.x509.X509CertInfo;
import netscape.security.x509.X509Key;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.AuthToken;
import com.netscape.certsrv.authentication.IAuthSubsystem;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.base.KeyGenInfo;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
/**
* KeyGenProcess parses Certificate request matching the
* KEYGEN tag format used by Netscape Communicator 4.x
*
* @version $Revision$, $Date$
*/
public class KeyGenProcessor extends PKIProcessor {
public KeyGenProcessor() {
super();
}
public KeyGenProcessor(CMSRequest cmsReq, CMSServlet servlet) {
super(cmsReq, servlet);
}
public void process(CMSRequest cmsReq)
throws EBaseException {
}
public void fillCertInfo(
String protocolString, X509CertInfo certInfo,
IAuthToken authToken, IArgBlock httpParams)
throws EBaseException {
CMS.debug("KeyGenProcessor: fillCertInfo");
if (mServlet == null) {
return;
}
KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo(
PKIProcessor.SUBJECT_KEYGEN_INFO, null);
// fill key
X509Key key = null;
key = keyGenInfo.getSPKI();
if (key == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO"));
throw new ECMSGWException(
CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
}
try {
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
"Could not set key into certInfo from keygen. Error " + e);
throw new ECMSGWException(
CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
throw new ECMSGWException(
CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
}
String authMgr = mServlet.getAuthMgr();
// if not authenticated, fill subject name, validity & extensions
// from authtoken.
if (authToken == null) {
fillCertInfoFromForm(certInfo, httpParams);
} else {
if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
// allow special case for agent gateway in admin enroll
// and bulk issuance.
if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) &&
!authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
fillCertInfoFromForm(certInfo, httpParams);
} else {
fillCertInfoFromAuthToken(certInfo, authToken);
}
}
}
}
|