diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
| commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
| tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/ca/src/com/netscape/ca/CAService.java | |
| parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
| download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip | |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/ca/src/com/netscape/ca/CAService.java')
| -rw-r--r-- | pki/base/ca/src/com/netscape/ca/CAService.java | 1245 |
1 files changed, 667 insertions, 578 deletions
diff --git a/pki/base/ca/src/com/netscape/ca/CAService.java b/pki/base/ca/src/com/netscape/ca/CAService.java index 159539d4..44ab65bc 100644 --- a/pki/base/ca/src/com/netscape/ca/CAService.java +++ b/pki/base/ca/src/com/netscape/ca/CAService.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ca; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -92,7 +91,6 @@ import com.netscape.cmscore.dbs.CertificateRepository; import com.netscape.cmscore.dbs.RevocationInfo; import com.netscape.cmscore.util.Debug; - /** * Request Service for CertificateAuthority. */ @@ -113,56 +111,31 @@ public class CAService implements ICAService, IService { private Hashtable mCRLIssuingPoints = new Hashtable(); private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; public CAService(ICertificateAuthority ca) { mCA = ca; - // init services. - mServants.put( - IRequest.ENROLLMENT_REQUEST, - new serviceIssue(this)); - mServants.put( - IRequest.RENEWAL_REQUEST, - new serviceRenewal(this)); - mServants.put( - IRequest.REVOCATION_REQUEST, - new serviceRevoke(this)); - mServants.put( - IRequest.CMCREVOKE_REQUEST, - new serviceRevoke(this)); - mServants.put( - IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST, - new serviceCheckChallenge(this)); - mServants.put( - IRequest.GETCERTS_FOR_CHALLENGE_REQUEST, - new getCertsForChallenge(this)); - mServants.put( - IRequest.UNREVOCATION_REQUEST, - new serviceUnrevoke(this)); - mServants.put( - IRequest.GETCACHAIN_REQUEST, - new serviceGetCAChain(this)); - mServants.put( - IRequest.GETCRL_REQUEST, - new serviceGetCRL(this)); - mServants.put( - IRequest.GETREVOCATIONINFO_REQUEST, - new serviceGetRevocationInfo(this)); - mServants.put( - IRequest.GETCERTS_REQUEST, - new serviceGetCertificates(this)); - mServants.put( - IRequest.CLA_CERT4CRL_REQUEST, - new serviceCert4Crl(this)); - mServants.put( - IRequest.CLA_UNCERT4CRL_REQUEST, - new serviceUnCert4Crl(this)); - mServants.put( - IRequest.GETCERT_STATUS_REQUEST, - new getCertStatus(this)); + // init services. + mServants.put(IRequest.ENROLLMENT_REQUEST, new serviceIssue(this)); + mServants.put(IRequest.RENEWAL_REQUEST, new serviceRenewal(this)); + mServants.put(IRequest.REVOCATION_REQUEST, new serviceRevoke(this)); + mServants.put(IRequest.CMCREVOKE_REQUEST, new serviceRevoke(this)); + mServants.put(IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST, + new serviceCheckChallenge(this)); + mServants.put(IRequest.GETCERTS_FOR_CHALLENGE_REQUEST, + new getCertsForChallenge(this)); + mServants.put(IRequest.UNREVOCATION_REQUEST, new serviceUnrevoke(this)); + mServants.put(IRequest.GETCACHAIN_REQUEST, new serviceGetCAChain(this)); + mServants.put(IRequest.GETCRL_REQUEST, new serviceGetCRL(this)); + mServants.put(IRequest.GETREVOCATIONINFO_REQUEST, + new serviceGetRevocationInfo(this)); + mServants.put(IRequest.GETCERTS_REQUEST, new serviceGetCertificates( + this)); + mServants.put(IRequest.CLA_CERT4CRL_REQUEST, new serviceCert4Crl(this)); + mServants.put(IRequest.CLA_UNCERT4CRL_REQUEST, new serviceUnCert4Crl( + this)); + mServants.put(IRequest.GETCERT_STATUS_REQUEST, new getCertStatus(this)); } public void init(IConfigStore config) throws EBaseException { @@ -170,28 +143,32 @@ public class CAService implements ICAService, IService { try { // MOVED TO com.netscape.certsrv.apps.CMS - // java.security.Security.addProvider(new netscape.security.provider.CMS()); - // java.security.Provider pr = java.security.Security.getProvider("CMS"); - // if (pr != null) { - // ; - // } - // else - // Debug.trace("Something is wrong in CMS install !"); - java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509"); + // java.security.Security.addProvider(new + // netscape.security.provider.CMS()); + // java.security.Provider pr = + // java.security.Security.getProvider("CMS"); + // if (pr != null) { + // ; + // } + // else + // Debug.trace("Something is wrong in CMS install !"); + java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory + .getInstance("X.509"); Debug.trace("CertificateFactory Type : " + cf.getType()); - Debug.trace("CertificateFactory Provider : " + cf.getProvider().getInfo()); + Debug.trace("CertificateFactory Provider : " + + cf.getProvider().getInfo()); } catch (java.security.cert.CertificateException e) { - Debug.trace("Something is happen in install CMS provider !" + e.toString()); - } + Debug.trace("Something is happen in install CMS provider !" + + e.toString()); + } } public void startup() throws EBaseException { IConfigStore kraConfig = mConfig.getSubStore("KRA"); if (kraConfig != null) { - mArchivalRequired = kraConfig.getBoolean( - "archivalRequired", true); + mArchivalRequired = kraConfig.getBoolean("archivalRequired", true); mKRAConnector = getConnector(kraConfig); if (mKRAConnector != null) { if (Debug.ON) { @@ -228,8 +205,7 @@ public class CAService implements ICAService, IService { mKRAConnector = c; } - public IConnector getConnector(IConfigStore config) - throws EBaseException { + public IConnector getConnector(IConfigStore config) throws EBaseException { IConnector connector = null; if (config == null || config.size() <= 0) { @@ -241,13 +217,15 @@ public class CAService implements ICAService, IService { if (extConnector != null) { try { - connector = (IConnector) - Class.forName(extConnector).newInstance(); + connector = (IConnector) Class.forName(extConnector) + .newInstance(); // connector.start() will be called later on return connector; } catch (Exception e) { // ignore external class if error - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_LOAD_CONNECTOR", extConnector, e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_LOAD_CONNECTOR", + extConnector, e.toString())); } } @@ -263,7 +241,8 @@ public class CAService implements ICAService, IService { if (authority == null) { String msg = "local authority " + id + " not found."; - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_AUTHORITY_NOT_FOUND", id)); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_AUTHORITY_NOT_FOUND", id)); throw new EBaseException(msg); } connector = new LocalConnector((ICertAuthority) mCA, authority); @@ -278,25 +257,27 @@ public class CAService implements ICAService, IService { int timeout = config.getInteger("timeout", 0); // Insert end // Changed by beomsuk - //RemoteAuthority remauthority = - // new RemoteAuthority(host, port, uri); - RemoteAuthority remauthority = - new RemoteAuthority(host, port, uri, timeout); + // RemoteAuthority remauthority = + // new RemoteAuthority(host, port, uri); + RemoteAuthority remauthority = new RemoteAuthority(host, port, uri, + timeout); - // Change end - if (nickname == null) + // Change end + if (nickname == null) nickname = mCA.getNickname(); - // Changed by beomsuk - //connector = - // new HttpConnector(mCA, nickname, remauthority, resendInterval); + // Changed by beomsuk + // connector = + // new HttpConnector(mCA, nickname, remauthority, resendInterval); if (timeout == 0) - connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config); + connector = new HttpConnector((IAuthority) mCA, nickname, + remauthority, resendInterval, config); else - connector = new HttpConnector((IAuthority) mCA, nickname, remauthority, resendInterval, config, timeout); - // Change end + connector = new HttpConnector((IAuthority) mCA, nickname, + remauthority, resendInterval, config, timeout); + // Change end - // log(ILogger.LL_INFO, "remote authority "+ - // host+":"+port+" "+uri+" inited"); + // log(ILogger.LL_INFO, "remote authority "+ + // host+":"+port+" "+uri+" inited"); } return connector; } @@ -311,13 +292,12 @@ public class CAService implements ICAService, IService { } /** - * After population of defaults, and constraint validation, - * the profile request is processed here. + * After population of defaults, and constraint validation, the profile + * request is processed here. */ - public void serviceProfileRequest(IRequest request) - throws EBaseException { - CMS.debug("CAService: serviceProfileRequest requestId=" + - request.getRequestId().toString()); + public void serviceProfileRequest(IRequest request) throws EBaseException { + CMS.debug("CAService: serviceProfileRequest requestId=" + + request.getRequestId().toString()); String profileId = request.getExtDataInString("profileId"); @@ -325,8 +305,7 @@ public class CAService implements ICAService, IService { throw new EBaseException("profileId not found"); } - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem("profile"); + IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem("profile"); IProfile profile = null; try { @@ -340,25 +319,26 @@ public class CAService implements ICAService, IService { // assumed rejected request.setExtData("dbStatus", "NOT_UPDATED"); - // profile.populate(request); + // profile.populate(request); profile.validate(request); profile.execute(request); // This function is called only from ConnectorServlet - // serialize to request queue + // serialize to request queue } /** - * method interface for IService + * method interface for IService * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST used - * whenever a user private key archive request is made. This is an option - * in a cert enrollment request detected by an RA or a CA, so, if selected, - * it should be logged immediately following the certificate request. + * whenever a user private key archive request is made. This is an option in + * a cert enrollment request detected by an RA or a CA, so, if selected, it + * should be logged immediately following the certificate request. * </ul> + * * @param request a certificate enrollment request from an RA or CA * @return true or false */ @@ -373,23 +353,25 @@ public class CAService implements ICAService, IService { // short cut profile-based request if (isProfileRequest(request)) { try { - CMS.debug("CAServic: x0 requestStatus=" + request.getRequestStatus().toString() + " instance=" + request); + CMS.debug("CAServic: x0 requestStatus=" + + request.getRequestStatus().toString() + " instance=" + + request); serviceProfileRequest(request); request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS); - CMS.debug("CAServic: x1 requestStatus=" + request.getRequestStatus().toString()); + CMS.debug("CAServic: x1 requestStatus=" + + request.getRequestStatus().toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditArchiveID); audit(auditMessage); return true; } catch (EBaseException e) { - CMS.debug("CAServic: x2 requestStatus=" + request.getRequestStatus().toString()); + CMS.debug("CAServic: x2 requestStatus=" + + request.getRequestStatus().toString()); // need to put error into the request CMS.debug("CAService: serviceRequest " + e.toString()); request.setExtData(IRequest.RESULT, IRequest.RES_ERROR); @@ -397,11 +379,9 @@ public class CAService implements ICAService, IService { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditArchiveID); audit(auditMessage); @@ -413,17 +393,18 @@ public class CAService implements ICAService, IService { IServant servant = (IServant) mServants.get(type); if (servant == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_INVALID_REQUEST_TYPE", type)); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_INVALID_REQUEST_TYPE", type)); request.setExtData(IRequest.RESULT, IRequest.RES_ERROR); - request.setExtData(IRequest.ERROR, - new ECAException(CMS.getUserMessage("CMS_CA_UNRECOGNIZED_REQUEST_TYPE", type))); + request.setExtData( + IRequest.ERROR, + new ECAException(CMS.getUserMessage( + "CMS_CA_UNRECOGNIZED_REQUEST_TYPE", type))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditArchiveID); audit(auditMessage); @@ -432,8 +413,9 @@ public class CAService implements ICAService, IService { try { // send request to KRA first - if (type.equals(IRequest.ENROLLMENT_REQUEST) && - isPKIArchiveOptionPresent(request) && mKRAConnector != null) { + if (type.equals(IRequest.ENROLLMENT_REQUEST) + && isPKIArchiveOptionPresent(request) + && mKRAConnector != null) { if (Debug.ON) { Debug.trace("*** Sending enrollment request to KRA"); } @@ -441,36 +423,36 @@ public class CAService implements ICAService, IService { if (mArchivalRequired == true) { if (sendStatus == false) { - request.setExtData(IRequest.RESULT, - IRequest.RES_ERROR); - request.setExtData(IRequest.ERROR, - new ECAException(CMS.getUserMessage("CMS_CA_SEND_KRA_REQUEST"))); + request.setExtData(IRequest.RESULT, IRequest.RES_ERROR); + request.setExtData( + IRequest.ERROR, + new ECAException( + CMS.getUserMessage("CMS_CA_SEND_KRA_REQUEST"))); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditArchiveID); audit(auditMessage); return true; } else { if (request.getExtDataInString(IRequest.ERROR) != null) { - request.setExtData(IRequest.RESULT, IRequest.RES_SUCCESS); + request.setExtData(IRequest.RESULT, + IRequest.RES_SUCCESS); request.deleteExtData(IRequest.ERROR); } } if (request.getExtDataInString(IRequest.ERROR) != null) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditArchiveID); audit(auditMessage); @@ -479,7 +461,8 @@ public class CAService implements ICAService, IService { } } else { if (Debug.ON) { - Debug.trace("*** NOT Send to KRA type=" + type + " ENROLLMENT=" + IRequest.ENROLLMENT_REQUEST); + Debug.trace("*** NOT Send to KRA type=" + type + + " ENROLLMENT=" + IRequest.ENROLLMENT_REQUEST); } } @@ -491,11 +474,9 @@ public class CAService implements ICAService, IService { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditArchiveID); audit(auditMessage); @@ -506,16 +487,14 @@ public class CAService implements ICAService, IService { if (Debug.ON) Debug.trace("serviceRequest completed = " + completed); - if (!(type.equals(IRequest.REVOCATION_REQUEST) || - type.equals(IRequest.UNREVOCATION_REQUEST) || - type.equals(IRequest.CMCREVOKE_REQUEST))) { + if (!(type.equals(IRequest.REVOCATION_REQUEST) + || type.equals(IRequest.UNREVOCATION_REQUEST) || type + .equals(IRequest.CMCREVOKE_REQUEST))) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditArchiveID); + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditArchiveID); audit(auditMessage); } @@ -524,7 +503,7 @@ public class CAService implements ICAService, IService { } /** - * register CRL Issuing Point + * register CRL Issuing Point */ public void addCRLIssuingPoint(String id, ICRLIssuingPoint crlIssuingPoint) { mCRLIssuingPoints.put(id, crlIssuingPoint); @@ -541,8 +520,8 @@ public class CAService implements ICAService, IService { * Checks if PKIArchiveOption present in the request. */ private boolean isPKIArchiveOptionPresent(IRequest request) { - String crmfBlob = request.getExtDataInString( - IRequest.HTTP_PARAMS, CRMF_REQUEST); + String crmfBlob = request.getExtDataInString(IRequest.HTTP_PARAMS, + CRMF_REQUEST); if (crmfBlob == null) { if (Debug.ON) { @@ -550,7 +529,8 @@ public class CAService implements ICAService, IService { } } else { try { - PKIArchiveOptionsContainer opts[] = CRMFParser.getPKIArchiveOptions(crmfBlob); + PKIArchiveOptionsContainer opts[] = CRMFParser + .getPKIArchiveOptions(crmfBlob); if (opts != null) { return true; @@ -562,20 +542,19 @@ public class CAService implements ICAService, IService { return false; } - /// - /// CA related routines. - /// + // / + // / CA related routines. + // / - public X509CertImpl issueX509Cert(X509CertInfo certi) - throws EBaseException { + public X509CertImpl issueX509Cert(X509CertInfo certi) throws EBaseException { return issueX509Cert(certi, null, null); } /** * issue cert for enrollment. */ - public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid) - throws EBaseException { + public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, + String rid) throws EBaseException { CMS.debug("issueX509Cert"); X509CertImpl certImpl = issueX509Cert("", certi, false, null); @@ -586,7 +565,7 @@ public class CAService implements ICAService, IService { } X509CertImpl issueX509Cert(String rid, X509CertInfo certi) - throws EBaseException { + throws EBaseException { return issueX509Cert(rid, certi, false, null); } @@ -594,7 +573,7 @@ public class CAService implements ICAService, IService { * issue cert for enrollment. */ void storeX509Cert(String profileId, String rid, X509CertImpl cert) - throws EBaseException { + throws EBaseException { storeX509Cert(rid, cert, false, null, null, null, profileId); } @@ -602,28 +581,27 @@ public class CAService implements ICAService, IService { * issue cert for enrollment. */ void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId) - throws EBaseException { + throws EBaseException { storeX509Cert(rid, cert, false, null, crmfReqId, null, null); } - void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId, - String challengePassword) throws EBaseException { - storeX509Cert(rid, cert, false, null, crmfReqId, challengePassword, null); + void storeX509Cert(String rid, X509CertImpl cert, String crmfReqId, + String challengePassword) throws EBaseException { + storeX509Cert(rid, cert, false, null, crmfReqId, challengePassword, + null); } /** - * issue cert for enrollment and renewal. - * renewal is expected to have original cert serial no. in cert info - * field. + * issue cert for enrollment and renewal. renewal is expected to have + * original cert serial no. in cert info field. */ - X509CertImpl issueX509Cert(String rid, X509CertInfo certi, - boolean renewal, BigInteger oldSerialNo) - throws EBaseException { + X509CertImpl issueX509Cert(String rid, X509CertInfo certi, boolean renewal, + BigInteger oldSerialNo) throws EBaseException { String algname = null; X509CertImpl cert = null; - // NOTE: In this implementation, the "oldSerialNo" - // parameter is NOT used! + // NOTE: In this implementation, the "oldSerialNo" + // parameter is NOT used! boolean doUTF8 = mConfig.getBoolean("dnUTF8Encoding", false); @@ -631,11 +609,12 @@ public class CAService implements ICAService, IService { try { // check required fields in certinfo. - if (certi.get(X509CertInfo.SUBJECT) == null || - certi.get(X509CertInfo.KEY) == null) { + if (certi.get(X509CertInfo.SUBJECT) == null + || certi.get(X509CertInfo.KEY) == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_MISSING_ATTR")); - // XXX how do you reject a request in the service object ? + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_MISSING_ATTR")); + // XXX how do you reject a request in the service object ? throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_REQD_FIELDS_IN_CERTISSUE")); } @@ -647,34 +626,31 @@ public class CAService implements ICAService, IService { } // set default validity if not set. - // validity would normally be set by policies or by - // agent or by authentication module. - CertificateValidity validity = (CertificateValidity) - certi.get(X509CertInfo.VALIDITY); + // validity would normally be set by policies or by + // agent or by authentication module. + CertificateValidity validity = (CertificateValidity) certi + .get(X509CertInfo.VALIDITY); Date begin = null, end = null; if (validity != null) { - begin = (Date) - validity.get(CertificateValidity.NOT_BEFORE); - end = (Date) - validity.get(CertificateValidity.NOT_AFTER); + begin = (Date) validity.get(CertificateValidity.NOT_BEFORE); + end = (Date) validity.get(CertificateValidity.NOT_AFTER); } - if (validity == null || - (begin.getTime() == 0 && end.getTime() == 0)) { + if (validity == null + || (begin.getTime() == 0 && end.getTime() == 0)) { if (Debug.ON) { Debug.trace("setting default validity"); } - + begin = CMS.getCurrentDate(); end = new Date(begin.getTime() + mCA.getDefaultValidity()); - certi.set(CertificateValidity.NAME, - new CertificateValidity(begin, end)); + certi.set(CertificateValidity.NAME, new CertificateValidity( + begin, end)); } /* - * For non-CA certs, check if validity exceeds CA time. - * If so, set to CA's not after if default validity - * exceeds ca's not after. + * For non-CA certs, check if validity exceeds CA time. If so, set + * to CA's not after if default validity exceeds ca's not after. */ // First find out if it is a CA cert @@ -683,21 +659,26 @@ public class CAService implements ICAService, IService { BasicConstraintsExtension bc_ext = null; try { - exts = (CertificateExtensions) - certi.get(X509CertInfo.EXTENSIONS); + exts = (CertificateExtensions) certi + .get(X509CertInfo.EXTENSIONS); if (exts != null) { Enumeration e = exts.getElements(); while (e.hasMoreElements()) { - netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e.nextElement(); + netscape.security.x509.Extension ext = (netscape.security.x509.Extension) e + .nextElement(); - if (ext.getExtensionId().toString().equals(PKIXExtensions.BasicConstraints_Id.toString())) { + if (ext.getExtensionId() + .toString() + .equals(PKIXExtensions.BasicConstraints_Id + .toString())) { bc_ext = (BasicConstraintsExtension) ext; } } - if(bc_ext != null) { - Boolean isCA = (Boolean) bc_ext.get(BasicConstraintsExtension.IS_CA); + if (bc_ext != null) { + Boolean isCA = (Boolean) bc_ext + .get(BasicConstraintsExtension.IS_CA); is_ca = isCA.booleanValue(); } } // exts != null @@ -705,95 +686,108 @@ public class CAService implements ICAService, IService { CMS.debug("EnrollDefault: getExtension " + e.toString()); } - Date caNotAfter = - mCA.getSigningUnit().getCertImpl().getNotAfter(); + Date caNotAfter = mCA.getSigningUnit().getCertImpl().getNotAfter(); if (begin.after(caNotAfter)) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_PAST_VALIDITY")); - throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_BEGIN_AFTER_CA_VALIDITY")); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_PAST_VALIDITY")); + throw new ECAException( + CMS.getUserMessage("CMS_CA_CERT_BEGIN_AFTER_CA_VALIDITY")); } if (end.after(caNotAfter)) { - if(!is_ca) { + if (!is_ca) { if (!mCA.isEnablePastCATime()) { end = caNotAfter; - certi.set(CertificateValidity.NAME, - new CertificateValidity(begin, caNotAfter)); + certi.set(CertificateValidity.NAME, + new CertificateValidity(begin, caNotAfter)); CMS.debug("CAService: issueX509Cert: cert past CA's NOT_AFTER...ca.enablePastCATime != true...resetting"); } else { CMS.debug("CAService: issueX509Cert: cert past CA's NOT_AFTER...ca.enablePastCATime = true...not resetting"); } } else { CMS.debug("CAService: issueX509Cert: CA cert issuance past CA's NOT_AFTER."); - } //!is_ca - mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_PAST_NOT_AFTER")); + } // !is_ca + mCA.log(ILogger.LL_INFO, + CMS.getLogMessage("CMSCORE_CA_PAST_NOT_AFTER")); } // check algorithm in certinfo. AlgorithmId algid = null; - CertificateAlgorithmId algor = (CertificateAlgorithmId) - certi.get(X509CertInfo.ALGORITHM_ID); + CertificateAlgorithmId algor = (CertificateAlgorithmId) certi + .get(X509CertInfo.ALGORITHM_ID); - if (algor == null || algor.toString().equals(CertInfo.SERIALIZE_ALGOR.toString())) { + if (algor == null + || algor.toString().equals( + CertInfo.SERIALIZE_ALGOR.toString())) { algname = mCA.getSigningUnit().getDefaultAlgorithm(); algid = AlgorithmId.get(algname); - certi.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algid)); + certi.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(algid)); } else { - algid = (AlgorithmId) - algor.get(CertificateAlgorithmId.ALGORITHM); + algid = (AlgorithmId) algor + .get(CertificateAlgorithmId.ALGORITHM); algname = algid.getName(); } } catch (CertificateException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString())); if (Debug.ON) { e.printStackTrace(); } throw new ECAException( CMS.getUserMessage("CMS_CA_ERROR_GETTING_FIELDS_IN_ISSUE")); } catch (IOException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_BAD_FIELD", e.toString())); if (Debug.ON) { e.printStackTrace(); } throw new ECAException( CMS.getUserMessage("CMS_CA_ERROR_GETTING_FIELDS_IN_ISSUE")); } catch (NoSuchAlgorithmException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname)); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_SIGNING_ALG_NOT_SUPPORTED", algname)); if (Debug.ON) { e.printStackTrace(); } - throw new ECAException( - CMS.getUserMessage("CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname)); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_SIGNING_ALGOR_NOT_SUPPORTED", algname)); } // get old cert serial number if renewal if (renewal) { try { - CertificateSerialNumber serialno = (CertificateSerialNumber) - certi.get(X509CertInfo.SERIAL_NUMBER); + CertificateSerialNumber serialno = (CertificateSerialNumber) certi + .get(X509CertInfo.SERIAL_NUMBER); if (serialno == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER")); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER")); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } - SerialNumber serialnum = (SerialNumber) - serialno.get(CertificateSerialNumber.NUMBER); + SerialNumber serialnum = (SerialNumber) serialno + .get(CertificateSerialNumber.NUMBER); if (serialnum == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER")); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER")); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } } catch (CertificateException e) { - // not possible - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL", e.getMessage())); + // not possible + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL", + e.getMessage())); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } catch (IOException e) { - // not possible. - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL", e.getMessage())); + // not possible. + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_NO_ORG_SERIAL", + e.getMessage())); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } @@ -801,34 +795,43 @@ public class CAService implements ICAService, IService { // set issuer, serial number try { - BigInteger serialNo = - mCA.getCertificateRepository().getNextSerialNumber(); - - certi.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(serialNo)); - mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_SIGN_SERIAL", serialNo.toString(16))); + BigInteger serialNo = mCA.getCertificateRepository() + .getNextSerialNumber(); + + certi.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( + serialNo)); + mCA.log(ILogger.LL_INFO, + CMS.getLogMessage("CMSCORE_CA_SIGN_SERIAL", + serialNo.toString(16))); } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_NEXT_SERIAL", e.toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_NO_NEXT_SERIAL", e.toString())); throw new ECAException(CMS.getUserMessage("CMS_CA_NOSERIALNO", rid)); } catch (CertificateException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString())); - throw new ECAException( - CMS.getUserMessage("CMS_CA_SET_SERIALNO_FAILED", rid)); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString())); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_SET_SERIALNO_FAILED", rid)); } catch (IOException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString())); - throw new ECAException( - CMS.getUserMessage("CMS_CA_SET_SERIALNO_FAILED", rid)); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_SET_SERIAL", e.toString())); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_SET_SERIALNO_FAILED", rid)); } try { - certi.set(X509CertInfo.ISSUER, - new CertificateIssuerName(mCA.getX500Name())); + certi.set(X509CertInfo.ISSUER, + new CertificateIssuerName(mCA.getX500Name())); } catch (CertificateException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid)); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString())); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_SET_ISSUER_FAILED", rid)); } catch (IOException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid)); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString())); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_SET_ISSUER_FAILED", rid)); } byte[] utf8_encodingOrder = { DerValue.tag_UTF8String }; @@ -837,20 +840,28 @@ public class CAService implements ICAService, IService { try { CMS.debug("doUTF8 true, updating subject."); - CertificateSubjectName sName = (CertificateSubjectName) certi.get(X509CertInfo.SUBJECT); + CertificateSubjectName sName = (CertificateSubjectName) certi + .get(X509CertInfo.SUBJECT); String subject = certi.get(X509CertInfo.SUBJECT).toString(); certi.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - new X500Name(subject, - new LdapV3DNStrConverter(X500NameAttrMap.getDirDefault(), true), utf8_encodingOrder))); + new X500Name(subject, new LdapV3DNStrConverter( + X500NameAttrMap.getDirDefault(), true), + utf8_encodingOrder))); } catch (CertificateException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT", e.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid)); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT", + e.toString())); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_SET_ISSUER_FAILED", rid)); } catch (IOException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT", e.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid)); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_SET_SUBJECT", + e.toString())); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_SET_ISSUER_FAILED", rid)); } } @@ -859,22 +870,21 @@ public class CAService implements ICAService, IService { return cert; } - void storeX509Cert(String rid, X509CertImpl cert, - boolean renewal, BigInteger oldSerialNo) - throws EBaseException { + void storeX509Cert(String rid, X509CertImpl cert, boolean renewal, + BigInteger oldSerialNo) throws EBaseException { storeX509Cert(rid, cert, renewal, oldSerialNo, null, null, null); } - void storeX509Cert(String rid, X509CertImpl cert, - boolean renewal, BigInteger oldSerialNo, String crmfReqId, - String challengePassword, String profileId) throws EBaseException { + void storeX509Cert(String rid, X509CertImpl cert, boolean renewal, + BigInteger oldSerialNo, String crmfReqId, String challengePassword, + String profileId) throws EBaseException { // now store in repository. - // if renewal, set the old serial number in the new cert, - // set the new serial number in the old cert. + // if renewal, set the old serial number in the new cert, + // set the new serial number in the old cert. CMS.debug("In storeX509Cert"); try { - BigInteger newSerialNo = cert.getSerialNumber(); + BigInteger newSerialNo = cert.getSerialNumber(); MetaInfo metaInfo = new MetaInfo(); if (profileId != null) @@ -884,34 +894,37 @@ public class CAService implements ICAService, IService { if (challengePassword != null && !challengePassword.equals("")) metaInfo.set("challengePhrase", challengePassword); if (crmfReqId != null) { - //System.out.println("Adding crmf reqid "+crmfReqId); + // System.out.println("Adding crmf reqid "+crmfReqId); metaInfo.set(CertRecord.META_CRMF_REQID, crmfReqId); } if (renewal) metaInfo.set(CertRecord.META_OLD_CERT, oldSerialNo.toString()); mCA.getCertificateRepository().addCertificateRecord( - new CertRecord(newSerialNo, cert, metaInfo)); + new CertRecord(newSerialNo, cert, metaInfo)); - mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_STORE_SERIAL", cert.getSerialNumber().toString(16))); + mCA.log(ILogger.LL_INFO, CMS.getLogMessage( + "CMSCORE_CA_STORE_SERIAL", + cert.getSerialNumber().toString(16))); if (renewal) { /* - mCA.getCertificateRepository().markCertificateAsRenewed( - BigIntegerMapper.BigIntegerToDB(oldSerialNo)); - mCA.mCertRepot.markCertificateAsRenewed(oldSerialNo); + * mCA.getCertificateRepository().markCertificateAsRenewed( + * BigIntegerMapper.BigIntegerToDB(oldSerialNo)); + * mCA.mCertRepot.markCertificateAsRenewed(oldSerialNo); */ MetaInfo oldMeta = null; - CertRecord oldCertRec = (CertRecord) - mCA.getCertificateRepository().readCertificateRecord(oldSerialNo); + CertRecord oldCertRec = (CertRecord) mCA + .getCertificateRepository().readCertificateRecord( + oldSerialNo); if (oldCertRec == null) { - Exception e = - new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Cannot read cert record for " + oldSerialNo)); + Exception e = new EBaseException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", + "Cannot read cert record for " + oldSerialNo)); e.printStackTrace(); } - if (oldCertRec != null) + if (oldCertRec != null) oldMeta = oldCertRec.getMetaInfo(); if (oldMeta == null) { if (Debug.ON) { @@ -926,25 +939,29 @@ public class CAService implements ICAService, IService { while (n.hasMoreElements()) { String name = (String) n.nextElement(); - System.out.println("name " + name + " value " + - oldMeta.get(name)); + System.out.println("name " + name + " value " + + oldMeta.get(name)); } } } - oldMeta.set(CertRecord.META_RENEWED_CERT, - newSerialNo.toString()); + oldMeta.set(CertRecord.META_RENEWED_CERT, + newSerialNo.toString()); ModificationSet modSet = new ModificationSet(); - modSet.add(CertRecord.ATTR_AUTO_RENEW, - Modification.MOD_REPLACE, - CertRecord.AUTO_RENEWAL_DONE); - modSet.add(ICertRecord.ATTR_META_INFO, - Modification.MOD_REPLACE, oldMeta); - mCA.getCertificateRepository().modifyCertificateRecord(oldSerialNo, modSet); - mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_MARK_SERIAL", oldSerialNo.toString(16), newSerialNo.toString(16))); + modSet.add(CertRecord.ATTR_AUTO_RENEW, + Modification.MOD_REPLACE, CertRecord.AUTO_RENEWAL_DONE); + modSet.add(ICertRecord.ATTR_META_INFO, + Modification.MOD_REPLACE, oldMeta); + mCA.getCertificateRepository().modifyCertificateRecord( + oldSerialNo, modSet); + mCA.log(ILogger.LL_INFO, + CMS.getLogMessage("CMSCORE_CA_MARK_SERIAL", + oldSerialNo.toString(16), + newSerialNo.toString(16))); if (Debug.ON) { - CertRecord check = (CertRecord) - mCA.getCertificateRepository().readCertificateRecord(oldSerialNo); + CertRecord check = (CertRecord) mCA + .getCertificateRepository().readCertificateRecord( + oldSerialNo); MetaInfo meta = check.getMetaInfo(); Enumeration n = oldMeta.getElements(); @@ -956,7 +973,9 @@ public class CAService implements ICAService, IService { } } } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_STORE_SERIAL", cert.getSerialNumber().toString(16))); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_NO_STORE_SERIAL", cert.getSerialNumber() + .toString(16))); if (Debug.ON) e.printStackTrace(); throw e; @@ -966,23 +985,25 @@ public class CAService implements ICAService, IService { /** * revoke cert, check fields in crlentry, etc. */ - public void revokeCert(RevokedCertImpl crlentry) - throws EBaseException { + public void revokeCert(RevokedCertImpl crlentry) throws EBaseException { revokeCert(crlentry, null); } public void revokeCert(RevokedCertImpl crlentry, String requestId) - throws EBaseException { + throws EBaseException { BigInteger serialno = crlentry.getSerialNumber(); Date revdate = crlentry.getRevocationDate(); CRLExtensions crlentryexts = crlentry.getExtensions(); - CertRecord certRec = (CertRecord) mCA.getCertificateRepository().readCertificateRecord(serialno); + CertRecord certRec = (CertRecord) mCA.getCertificateRepository() + .readCertificateRecord(serialno); if (certRec == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", serialno.toString(16))); - throw new ECAException( - CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL", + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", + serialno.toString(16))); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_CANT_FIND_CERT_SERIAL", "0x" + serialno.toString(16))); } RevocationInfo revInfo = (RevocationInfo) certRec.getRevocationInfo(); @@ -993,8 +1014,8 @@ public class CAService implements ICAService, IService { exts = revInfo.getCRLEntryExtensions(); if (exts != null) { try { - reasonext = (CRLReasonExtension) - exts.get(CRLReasonExtension.NAME); + reasonext = (CRLReasonExtension) exts + .get(CRLReasonExtension.NAME); } catch (X509ExtensionException e) { // this means no crl reason extension set. } @@ -1002,16 +1023,18 @@ public class CAService implements ICAService, IService { // allow revoking certs that are on hold. String certStatus = certRec.getStatus(); - if (certStatus.equals(ICertRecord.STATUS_REVOKED) || - certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { - throw new ECAException(CMS.getUserMessage("CMS_CA_CERT_ALREADY_REVOKED", + if (certStatus.equals(ICertRecord.STATUS_REVOKED) + || certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { + throw new ECAException(CMS.getUserMessage( + "CMS_CA_CERT_ALREADY_REVOKED", "0x" + Long.toHexString(serialno.longValue()))); } try { - mCA.getCertificateRepository().markAsRevoked(serialno, - new RevocationInfo(revdate, crlentryexts)); - mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_REVOKED", - serialno.toString(16))); + mCA.getCertificateRepository().markAsRevoked(serialno, + new RevocationInfo(revdate, crlentryexts)); + mCA.log(ILogger.LL_INFO, + CMS.getLogMessage("CMSCORE_CA_CERT_REVOKED", + serialno.toString(16))); // inform all CRLIssuingPoints about revoked certificate Enumeration eIPs = mCRLIssuingPoints.elements(); @@ -1024,23 +1047,28 @@ public class CAService implements ICAService, IService { if (ip.isCACertsOnly()) { X509CertImpl cert = certRec.getCertificate(); - if (cert != null) b = cert.getBasicConstraintsIsCA(); + if (cert != null) + b = cert.getBasicConstraintsIsCA(); } if (ip.isProfileCertsOnly()) { MetaInfo metaInfo = certRec.getMetaInfo(); if (metaInfo != null) { - String profileId = (String)metaInfo.get("profileId"); + String profileId = (String) metaInfo + .get("profileId"); if (profileId != null) { b = ip.checkCurrentProfile(profileId); } } } - if (b) ip.addRevokedCert(serialno, crlentry, requestId); + if (b) + ip.addRevokedCert(serialno, crlentry, requestId); } } } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_REVOCATION", serialno.toString(), e.toString())); - //e.printStackTrace(); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ERROR_REVOCATION", + serialno.toString(), e.toString())); + // e.printStackTrace(); throw e; } return; @@ -1049,19 +1077,21 @@ public class CAService implements ICAService, IService { /** * unrevoke cert, check serial number, etc. */ - void unrevokeCert(BigInteger serialNo) - throws EBaseException { + void unrevokeCert(BigInteger serialNo) throws EBaseException { unrevokeCert(serialNo, null); } void unrevokeCert(BigInteger serialNo, String requestId) - throws EBaseException { - CertRecord certRec = (CertRecord) mCA.getCertificateRepository().readCertificateRecord(serialNo); + throws EBaseException { + CertRecord certRec = (CertRecord) mCA.getCertificateRepository() + .readCertificateRecord(serialNo); if (certRec == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", serialNo.toString(16))); - throw new ECAException( - CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL", + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT_NOT_FOUND", + serialNo.toString(16))); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_CANT_FIND_CERT_SERIAL", "0x" + serialNo.toString(16))); } RevocationInfo revInfo = (RevocationInfo) certRec.getRevocationInfo(); @@ -1069,34 +1099,42 @@ public class CAService implements ICAService, IService { CRLReasonExtension reasonext = null; if (revInfo == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD", + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", + serialNo.toString())); + throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD", serialNo.toString())); } exts = revInfo.getCRLEntryExtensions(); if (exts != null) { try { - reasonext = (CRLReasonExtension) - exts.get(CRLReasonExtension.NAME); + reasonext = (CRLReasonExtension) exts + .get(CRLReasonExtension.NAME); } catch (X509ExtensionException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD", - serialNo.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", + serialNo.toString())); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_IS_NOT_ON_HOLD", serialNo.toString())); } } else { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD", + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", + serialNo.toString())); + throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD", serialNo.toString())); } // allow unrevoking certs that are on hold. - if ((certRec.getStatus().equals(ICertRecord.STATUS_REVOKED) || - certRec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED)) && - reasonext != null && - reasonext.getReason() == RevocationReason.CERTIFICATE_HOLD) { + if ((certRec.getStatus().equals(ICertRecord.STATUS_REVOKED) || certRec + .getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED)) + && reasonext != null + && reasonext.getReason() == RevocationReason.CERTIFICATE_HOLD) { try { mCA.getCertificateRepository().unmarkRevoked(serialNo, revInfo, - certRec.getRevokedOn(), certRec.getRevokedBy()); - mCA.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CA_CERT_UNREVOKED", serialNo.toString(16))); + certRec.getRevokedOn(), certRec.getRevokedBy()); + mCA.log(ILogger.LL_INFO, + CMS.getLogMessage("CMSCORE_CA_CERT_UNREVOKED", + serialNo.toString(16))); // inform all CRLIssuingPoints about unrevoked certificate Enumeration eIPs = mCRLIssuingPoints.elements(); @@ -1109,27 +1147,34 @@ public class CAService implements ICAService, IService { if (ip.isCACertsOnly()) { X509CertImpl cert = certRec.getCertificate(); - if (cert != null) b = cert.getBasicConstraintsIsCA(); + if (cert != null) + b = cert.getBasicConstraintsIsCA(); } if (ip.isProfileCertsOnly()) { MetaInfo metaInfo = certRec.getMetaInfo(); if (metaInfo != null) { - String profileId = (String)metaInfo.get("profileId"); + String profileId = (String) metaInfo + .get("profileId"); if (profileId != null) { b = ip.checkCurrentProfile(profileId); } } } - if (b) ip.addUnrevokedCert(serialNo, requestId); + if (b) + ip.addUnrevokedCert(serialNo, requestId); } } } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ERROR_UNREVOKE", serialNo.toString(16))); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT_ERROR_UNREVOKE", + serialNo.toString(16))); throw e; } } else { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", serialNo.toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD", + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_CERT_ON_HOLD", + serialNo.toString())); + throw new ECAException(CMS.getUserMessage("CMS_CA_IS_NOT_ON_HOLD", "0x" + serialNo.toString(16))); } @@ -1138,10 +1183,10 @@ public class CAService implements ICAService, IService { /** * Signed Audit Log - * + * * This method is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ private void audit(String msg) { @@ -1152,20 +1197,17 @@ public class CAService implements ICAService, IService { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Subject ID - * - * This method is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is called to obtain the "SubjectID" for a signed audit log + * message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ private String auditSubjectID() { @@ -1180,8 +1222,7 @@ public class CAService implements ICAService, IService { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); + subjectID = (String) auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -1197,11 +1238,11 @@ public class CAService implements ICAService, IService { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @return id string containing the signed audit log message RequesterID */ private String auditRequesterID() { @@ -1216,8 +1257,8 @@ public class CAService implements ICAService, IService { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - requesterID = (String) - auditContext.get(SessionContext.REQUESTER_ID); + requesterID = (String) auditContext + .get(SessionContext.REQUESTER_ID); if (requesterID != null) { requesterID = requesterID.trim(); @@ -1232,16 +1273,14 @@ public class CAService implements ICAService, IService { } } - -/// -/// servant classes -/// +// / +// / servant classes +// / interface IServant { public boolean service(IRequest request) throws EBaseException; } - class serviceIssue implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1251,9 +1290,8 @@ class serviceIssue implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { - // XXX This is ugly. should associate attributes with + public boolean service(IRequest request) throws EBaseException { + // XXX This is ugly. should associate attributes with // request types, not policy. // XXX how do we know what to look for in request ? @@ -1262,21 +1300,23 @@ class serviceIssue implements IServant { else return false; // Don't know what it is ????? } - - public boolean serviceX509(IRequest request) - throws EBaseException { - // XXX This is ugly. should associate attributes with + + public boolean serviceX509(IRequest request) throws EBaseException { + // XXX This is ugly. should associate attributes with // request types, not policy. // XXX how do we know what to look for in request ? - X509CertInfo certinfos[] = - request.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certinfos[] = request + .getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certinfos == null || certinfos[0] == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_ISSUEREQ")); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId() + .toString())); + throw new ECAException( + CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_ISSUEREQ")); } - String challengePassword = - request.getExtDataInString(CAService.CHALLENGE_PHRASE); + String challengePassword = request + .getExtDataInString(CAService.CHALLENGE_PHRASE); X509CertImpl[] certs = new X509CertImpl[certinfos.length]; String rid = request.getRequestId().toString(); @@ -1286,7 +1326,9 @@ class serviceIssue implements IServant { try { certs[i] = mService.issueX509Cert(rid, certinfos[i]); } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ISSUE_ERROR", Integer.toString(i), rid, e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ISSUE_ERROR", + Integer.toString(i), rid, e.toString())); throw e; } } @@ -1295,25 +1337,31 @@ class serviceIssue implements IServant { for (i = 0; i < certs.length; i++) { try { - mService.storeX509Cert(rid, certs[i], crmfReqId, challengePassword); + mService.storeX509Cert(rid, certs[i], crmfReqId, + challengePassword); } catch (EBaseException e) { e.printStackTrace(); - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_STORE_ERROR", Integer.toString(i), rid, e.toString())); - ex = e; // save to throw later. + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_STORE_ERROR", + Integer.toString(i), rid, e.toString())); + ex = e; // save to throw later. break; } } if (ex != null) { for (int j = 0; j < i; j++) { - // delete the stored cert records from the database. - // we issue all or nothing. - BigInteger serialNo = - ((X509Certificate) certs[i]).getSerialNumber(); + // delete the stored cert records from the database. + // we issue all or nothing. + BigInteger serialNo = ((X509Certificate) certs[i]) + .getSerialNumber(); try { - mCA.getCertificateRepository().deleteCertificateRecord(serialNo); + mCA.getCertificateRepository().deleteCertificateRecord( + serialNo); } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", serialNo.toString(), e.toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_DELETE_CERT_ERROR", + serialNo.toString(), e.toString())); } } throw ex; @@ -1325,7 +1373,6 @@ class serviceIssue implements IServant { } } - class serviceRenewal implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1335,14 +1382,15 @@ class serviceRenewal implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { + public boolean service(IRequest request) throws EBaseException { // XXX if one fails should all fail ? - can't backtrack. - X509CertInfo certinfos[] = - request.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certinfos[] = request + .getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certinfos == null || certinfos[0] == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_CERT_REQUEST_NOT_FOUND", request.getRequestId() + .toString())); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } @@ -1362,31 +1410,37 @@ class serviceRenewal implements IServant { SerialNumber serialnum = null; try { - CertificateSerialNumber serialno = (CertificateSerialNumber) - certinfos[i].get(X509CertInfo.SERIAL_NUMBER); + CertificateSerialNumber serialno = (CertificateSerialNumber) certinfos[i] + .get(X509CertInfo.SERIAL_NUMBER); if (serialno == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER")); + mCA.log(ILogger.LL_FAILURE, CMS + .getLogMessage("CMSCORE_CA_NULL_SERIAL_NUMBER")); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } - serialnum = (SerialNumber) - serialno.get(CertificateSerialNumber.NUMBER); + serialnum = (SerialNumber) serialno + .get(CertificateSerialNumber.NUMBER); } catch (IOException e) { if (Debug.ON) e.printStackTrace(); - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", + e.toString())); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } catch (CertificateException e) { if (Debug.ON) e.printStackTrace(); - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", + e.toString())); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } if (serialnum == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", "")); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_ERROR_GET_CERT", "")); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_RENEWREQ")); } @@ -1394,26 +1448,30 @@ class serviceRenewal implements IServant { BigInteger oldSerialNo = serialnumBigInt.toBigInteger(); // get cert record - CertRecord certRecord = (CertRecord) - mCA.getCertificateRepository().readCertificateRecord(oldSerialNo); + CertRecord certRecord = (CertRecord) mCA + .getCertificateRepository().readCertificateRecord( + oldSerialNo); if (certRecord == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA", oldSerialNo.toString())); - svcerrors[i] = new ECAException( - CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL", - oldSerialNo.toString())).toString(); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_NOT_FROM_CA", oldSerialNo.toString())); + svcerrors[i] = new ECAException(CMS.getUserMessage( + "CMS_CA_CANT_FIND_CERT_SERIAL", + oldSerialNo.toString())).toString(); continue; } - // check if cert has been revoked. + // check if cert has been revoked. String certStatus = certRecord.getStatus(); - if (certStatus.equals(ICertRecord.STATUS_REVOKED) || - certStatus.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_RENEW_REVOKED", oldSerialNo.toString())); - svcerrors[i] = new ECAException( - CMS.getUserMessage("CMS_CA_CANNOT_RENEW_REVOKED_CERT", - "0x" + oldSerialNo.toString(16))).toString(); + if (certStatus.equals(ICertRecord.STATUS_REVOKED) + || certStatus + .equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_RENEW_REVOKED", oldSerialNo.toString())); + svcerrors[i] = new ECAException(CMS.getUserMessage( + "CMS_CA_CANNOT_RENEW_REVOKED_CERT", "0x" + + oldSerialNo.toString(16))).toString(); continue; } @@ -1421,75 +1479,87 @@ class serviceRenewal implements IServant { MetaInfo metaInfo = certRecord.getMetaInfo(); if (metaInfo != null) { - String renewed = (String) - metaInfo.get(ICertRecord.META_RENEWED_CERT); + String renewed = (String) metaInfo + .get(ICertRecord.META_RENEWED_CERT); if (renewed != null) { BigInteger serial = new BigInteger(renewed); - X509CertImpl cert = (X509CertImpl) - mCA.getCertificateRepository().getX509Certificate(serial); + X509CertImpl cert = (X509CertImpl) mCA + .getCertificateRepository().getX509Certificate( + serial); if (cert == null) { - // something wrong - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_MISSING_RENEWED", serial.toString())); - svcerrors[i] = new ECAException( - CMS.getUserMessage("CMS_CA_ERROR_GETTING_RENEWED_CERT", - oldSerialNo.toString(), serial.toString())).toString(); + // something wrong + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_MISSING_RENEWED", + serial.toString())); + svcerrors[i] = new ECAException(CMS.getUserMessage( + "CMS_CA_ERROR_GETTING_RENEWED_CERT", + oldSerialNo.toString(), serial.toString())) + .toString(); continue; } // get cert record - CertRecord cRecord = (CertRecord) - mCA.getCertificateRepository().readCertificateRecord(serial); + CertRecord cRecord = (CertRecord) mCA + .getCertificateRepository() + .readCertificateRecord(serial); if (cRecord == null) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA", serial.toString())); - svcerrors[i] = new ECAException( - CMS.getUserMessage("CMS_CA_CANT_FIND_CERT_SERIAL", - serial.toString())).toString(); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_NOT_FROM_CA", + serial.toString())); + svcerrors[i] = new ECAException(CMS.getUserMessage( + "CMS_CA_CANT_FIND_CERT_SERIAL", + serial.toString())).toString(); continue; } // Check renewed certificate already REVOKED or EXPIRED String status = cRecord.getStatus(); - if (status.equals(ICertRecord.STATUS_REVOKED) || - status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { + if (status.equals(ICertRecord.STATUS_REVOKED) + || status + .equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { Debug.trace("It is already revoked or Expired !!!"); - } // it is still new ... So just return this certificate to user - else { + } // it is still new ... So just return this certificate + // to user + else { Debug.trace("It is still new !!!"); issuedCerts[i] = cert; continue; - } + } } } // issue the cert. - issuedCerts[i] = - mService.issueX509Cert(rid, certinfos[i], true, oldSerialNo); + issuedCerts[i] = mService.issueX509Cert(rid, certinfos[i], + true, oldSerialNo); mService.storeX509Cert(rid, issuedCerts[i], true, oldSerialNo); } catch (ECAException e) { svcerrors[i] = e.toString(); - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_RENEW", Integer.toString(i), request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_CANNOT_RENEW", Integer.toString(i), request + .getRequestId().toString())); } } - + // always set issued certs regardless of error. request.setExtData(IRequest.ISSUED_CERTS, issuedCerts); // set and throw error if any. int l; - for (l = svcerrors.length - 1; l >= 0 && svcerrors[l] == null; l--); + for (l = svcerrors.length - 1; l >= 0 && svcerrors[l] == null; l--) + ; if (l >= 0) { request.setExtData(IRequest.SVCERRORS, svcerrors); - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_NO_RENEW", request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_NO_RENEW", request.getRequestId().toString())); throw new ECAException(CMS.getUserMessage("CMS_CA_RENEW_FAILED")); } return true; } } - class getCertsForChallenge implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1499,21 +1569,20 @@ class getCertsForChallenge implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { - BigInteger[] serialNoArray = - request.getExtDataInBigIntegerArray(CAService.SERIALNO_ARRAY); - X509CertImpl[] certs = new X509CertImpl[serialNoArray.length]; + public boolean service(IRequest request) throws EBaseException { + BigInteger[] serialNoArray = request + .getExtDataInBigIntegerArray(CAService.SERIALNO_ARRAY); + X509CertImpl[] certs = new X509CertImpl[serialNoArray.length]; for (int i = 0; i < serialNoArray.length; i++) { - certs[i] = mCA.getCertificateRepository().getX509Certificate(serialNoArray[i]); + certs[i] = mCA.getCertificateRepository().getX509Certificate( + serialNoArray[i]); } request.setExtData(IRequest.OLD_CERTS, certs); return true; } } - class getCertStatus implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1526,8 +1595,8 @@ class getCertStatus implements IServant { public boolean service(IRequest request) throws EBaseException { BigInteger serialno = request.getExtDataInBigInteger("serialNumber"); String issuerDN = request.getExtDataInString("issuerDN"); - CertificateRepository certDB = (CertificateRepository) - mCA.getCertificateRepository(); + CertificateRepository certDB = (CertificateRepository) mCA + .getCertificateRepository(); String status = null; @@ -1552,13 +1621,12 @@ class getCertStatus implements IServant { } } } - + request.setExtData(IRequest.CERT_STATUS, status); return true; } } - class serviceCheckChallenge implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1570,18 +1638,18 @@ class serviceCheckChallenge implements IServant { try { mSHADigest = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("OPERATION_ERROR", e.toString())); } } - public boolean service(IRequest request) - throws EBaseException { - // note: some request attributes used below are set in - // authentication/ChallengePhraseAuthentication.java :( + public boolean service(IRequest request) throws EBaseException { + // note: some request attributes used below are set in + // authentication/ChallengePhraseAuthentication.java :( BigInteger serialno = request.getExtDataInBigInteger("serialNumber"); - String pwd = request.getExtDataInString( - CAService.CHALLENGE_PHRASE); - CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository(); + String pwd = request.getExtDataInString(CAService.CHALLENGE_PHRASE); + CertificateRepository certDB = (CertificateRepository) mCA + .getCertificateRepository(); BigInteger[] bigIntArray = null; if (serialno != null) { @@ -1605,14 +1673,16 @@ class serviceCheckChallenge implements IServant { } else { bigIntArray = new BigInteger[0]; } - } else + } else bigIntArray = new BigInteger[0]; } else { String subjectName = request.getExtDataInString("subjectName"); if (subjectName != null) { - String filter = "(&(x509cert.subject=" + subjectName + ")(certStatus=VALID))"; - ICertRecordList list = certDB.findCertRecordsInList(filter, null, 10); + String filter = "(&(x509cert.subject=" + subjectName + + ")(certStatus=VALID))"; + ICertRecordList list = certDB.findCertRecordsInList(filter, + null, 10); int size = list.getSize(); Enumeration en = list.getCertRecords(0, size - 1); @@ -1637,7 +1707,7 @@ class serviceCheckChallenge implements IServant { } } - if (bigIntArray == null) + if (bigIntArray == null) bigIntArray = new BigInteger[0]; request.setExtData(CAService.SERIALNO_ARRAY, bigIntArray); @@ -1645,18 +1715,19 @@ class serviceCheckChallenge implements IServant { } private boolean compareChallengePassword(CertRecord record, String pwd) - throws EBaseException { + throws EBaseException { MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO); if (metaInfo == null) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "metaInfo")); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INVALID_ATTRIBUTE", "metaInfo")); } String hashpwd = hashPassword(pwd); // got metaInfo - String challengeString = - (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE); + String challengeString = (String) metaInfo + .get(CertRecord.META_CHALLENGE_PHRASE); if (!challengeString.equals(hashpwd)) { return false; @@ -1673,7 +1744,6 @@ class serviceCheckChallenge implements IServant { } } - class serviceRevoke implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1683,32 +1753,35 @@ class serviceRevoke implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { + public boolean service(IRequest request) throws EBaseException { boolean sendStatus = true; // XXX Need to think passing as array. - // XXX every implemented according to servlet. - RevokedCertImpl crlentries[] = - request.getExtDataInRevokedCertArray(IRequest.CERT_INFO); - - if (crlentries == null || - crlentries.length == 0 || - crlentries[0] == null) { - // XXX should this be an error ? - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CRL_NOT_FOUND", request.getRequestId().toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_REVREQ")); + // XXX every implemented according to servlet. + RevokedCertImpl crlentries[] = request + .getExtDataInRevokedCertArray(IRequest.CERT_INFO); + + if (crlentries == null || crlentries.length == 0 + || crlentries[0] == null) { + // XXX should this be an error ? + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_CRL_NOT_FOUND", request.getRequestId() + .toString())); + throw new ECAException( + CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_REVREQ")); } - RevokedCertImpl revokedCerts[] = - new RevokedCertImpl[crlentries.length]; + RevokedCertImpl revokedCerts[] = new RevokedCertImpl[crlentries.length]; String svcerrors[] = null; for (int i = 0; i < crlentries.length; i++) { try { - mService.revokeCert(crlentries[i], request.getRequestId().toString()); + mService.revokeCert(crlentries[i], request.getRequestId() + .toString()); revokedCerts[i] = crlentries[i]; } catch (ECAException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CANNOT_REVOKE", Integer.toString(i), request.getRequestId().toString(), e.toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_CANNOT_REVOKE", Integer.toString(i), + request.getRequestId().toString(), e.toString())); revokedCerts[i] = null; if (svcerrors == null) { svcerrors = new String[revokedCerts.length]; @@ -1723,8 +1796,7 @@ class serviceRevoke implements IServant { // if clone ca, send revoked cert records to CLA if (CAService.mCLAConnector != null) { CMS.debug(CMS.getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED")); - BigInteger revokedCertIds[] = - new BigInteger[revokedCerts.length]; + BigInteger revokedCertIds[] = new BigInteger[revokedCerts.length]; for (int i = 0; i < revokedCerts.length; i++) { revokedCertIds[i] = revokedCerts[i].getSerialNumber(); @@ -1732,16 +1804,18 @@ class serviceRevoke implements IServant { request.deleteExtData(IRequest.CERT_INFO); request.deleteExtData(IRequest.OLD_CERTS); request.setExtData(IRequest.REVOKED_CERT_RECORDS, revokedCertIds); - - CMS.debug(CMS.getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED_CONNECTOR")); + + CMS.debug(CMS + .getLogMessage("CMSCORE_CA_CLONE_READ_REVOKED_CONNECTOR")); request.setRequestType(IRequest.CLA_CERT4CRL_REQUEST); sendStatus = CAService.mCLAConnector.send(request); if (sendStatus == false) { - request.setExtData(IRequest.RESULT, - IRequest.RES_ERROR); - request.setExtData(IRequest.ERROR, - new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST"))); + request.setExtData(IRequest.RESULT, IRequest.RES_ERROR); + request.setExtData( + IRequest.ERROR, + new ECAException(CMS + .getUserMessage("CMS_CA_SEND_CLA_REQUEST"))); return sendStatus; } else { if (request.getExtDataInString(IRequest.ERROR) != null) { @@ -1767,7 +1841,6 @@ class serviceRevoke implements IServant { } } - class serviceUnrevoke implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1777,21 +1850,22 @@ class serviceUnrevoke implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { + public boolean service(IRequest request) throws EBaseException { boolean sendStatus = true; - BigInteger oldSerialNo[] = - request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); + BigInteger oldSerialNo[] = request + .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); if (oldSerialNo == null || oldSerialNo.length < 1) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL")); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL")); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_SERIAL_NUMBER")); } String svcerrors[] = null; boolean needOldCerts = false; - X509CertImpl oldCerts[] = request.getExtDataInCertArray(IRequest.OLD_CERTS); + X509CertImpl oldCerts[] = request + .getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCerts == null || oldCerts.length < 1) { needOldCerts = true; @@ -1801,19 +1875,25 @@ class serviceUnrevoke implements IServant { for (int i = 0; i < oldSerialNo.length; i++) { try { if (oldSerialNo[i].compareTo(new BigInteger("0")) < 0) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL")); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL")); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_SERIAL_NUMBER")); } if (needOldCerts) { - CertRecord certRec = (CertRecord) - mCA.getCertificateRepository().readCertificateRecord(oldSerialNo[i]); + CertRecord certRec = (CertRecord) mCA + .getCertificateRepository().readCertificateRecord( + oldSerialNo[i]); oldCerts[i] = certRec.getCertificate(); } - mService.unrevokeCert(oldSerialNo[i], request.getRequestId().toString()); + mService.unrevokeCert(oldSerialNo[i], request.getRequestId() + .toString()); } catch (ECAException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_FAILED", oldSerialNo[i].toString(), request.getRequestId().toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_UNREVOKE_FAILED", + oldSerialNo[i].toString(), request.getRequestId() + .toString())); if (svcerrors == null) { svcerrors = new String[oldSerialNo.length]; } @@ -1826,10 +1906,11 @@ class serviceUnrevoke implements IServant { request.setRequestType(IRequest.CLA_UNCERT4CRL_REQUEST); sendStatus = CAService.mCLAConnector.send(request); if (sendStatus == false) { - request.setExtData(IRequest.RESULT, - IRequest.RES_ERROR); - request.setExtData(IRequest.ERROR, - new ECAException(CMS.getUserMessage("CMS_CA_SEND_CLA_REQUEST"))); + request.setExtData(IRequest.RESULT, IRequest.RES_ERROR); + request.setExtData( + IRequest.ERROR, + new ECAException(CMS + .getUserMessage("CMS_CA_SEND_CLA_REQUEST"))); return sendStatus; } else { if (request.getExtDataInString(IRequest.ERROR) != null) { @@ -1853,7 +1934,6 @@ class serviceUnrevoke implements IServant { } } - class serviceGetCAChain implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1877,7 +1957,6 @@ class serviceGetCAChain implements IServant { } } - class serviceGetCRL implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1887,33 +1966,37 @@ class serviceGetCRL implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { + public boolean service(IRequest request) throws EBaseException { try { - ICRLIssuingPointRecord crlRec = - (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(ICertificateAuthority.PROP_MASTER_CRL); + ICRLIssuingPointRecord crlRec = (ICRLIssuingPointRecord) mCA + .getCRLRepository().readCRLIssuingPointRecord( + ICertificateAuthority.PROP_MASTER_CRL); X509CRLImpl crl = new X509CRLImpl(crlRec.getCRL()); request.setExtData(IRequest.CRL, crl.getEncoded()); } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_FIND_CRL")); - throw new ECAException( - CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_NOT_FOUND", e.toString())); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_GETCRL_FIND_CRL")); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_CRL_ISSUEPT_NOT_FOUND", e.toString())); } catch (CRLException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_INST_CRL", ICertificateAuthority.PROP_MASTER_CRL)); - throw new ECAException( - CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_NOGOOD", ICertificateAuthority.PROP_MASTER_CRL)); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_GETCRL_INST_CRL", + ICertificateAuthority.PROP_MASTER_CRL)); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_CRL_ISSUEPT_NOGOOD", + ICertificateAuthority.PROP_MASTER_CRL)); } catch (X509ExtensionException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_GETCRL_NO_ISSUING_REC")); - throw new ECAException( - CMS.getUserMessage("CMS_CA_CRL_ISSUEPT_EXT_NOGOOD", + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_GETCRL_NO_ISSUING_REC")); + throw new ECAException(CMS.getUserMessage( + "CMS_CA_CRL_ISSUEPT_EXT_NOGOOD", ICertificateAuthority.PROP_MASTER_CRL)); } return true; } } - class serviceGetRevocationInfo implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1923,20 +2006,20 @@ class serviceGetRevocationInfo implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { + public boolean service(IRequest request) throws EBaseException { Enumeration enum1 = request.getExtDataKeys(); while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); if (name.equals(IRequest.ISSUED_CERTS)) { - X509CertImpl certsToCheck[] = - request.getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl certsToCheck[] = request + .getExtDataInCertArray(IRequest.ISSUED_CERTS); - CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository(); - RevocationInfo info = - certDB.isCertificateRevoked(certsToCheck[0]); + CertificateRepository certDB = (CertificateRepository) mCA + .getCertificateRepository(); + RevocationInfo info = certDB + .isCertificateRevoked(certsToCheck[0]); if (info != null) { RevokedCertImpl revokedCerts[] = new RevokedCertImpl[1]; @@ -1954,7 +2037,6 @@ class serviceGetRevocationInfo implements IServant { } } - class serviceGetCertificates implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1964,17 +2046,18 @@ class serviceGetCertificates implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { + public boolean service(IRequest request) throws EBaseException { Enumeration enum1 = request.getExtDataKeys(); while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); if (name.equals(IRequest.CERT_FILTER)) { - String filter = request.getExtDataInString(IRequest.CERT_FILTER); + String filter = request + .getExtDataInString(IRequest.CERT_FILTER); - CertificateRepository certDB = (CertificateRepository) mCA.getCertificateRepository(); + CertificateRepository certDB = (CertificateRepository) mCA + .getCertificateRepository(); X509CertImpl[] certs = certDB.getX509Certificates(filter); if (certs != null) { @@ -1986,7 +2069,6 @@ class serviceGetCertificates implements IServant { } } - class serviceCert4Crl implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -1996,42 +2078,44 @@ class serviceCert4Crl implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { + public boolean service(IRequest request) throws EBaseException { // XXX Need to think passing as array. - // XXX every implemented according to servlet. - BigInteger revokedCertIds[] = request.getExtDataInBigIntegerArray( - IRequest.REVOKED_CERT_RECORDS); - if (revokedCertIds == null || - revokedCertIds.length == 0) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ")); + // XXX every implemented according to servlet. + BigInteger revokedCertIds[] = request + .getExtDataInBigIntegerArray(IRequest.REVOKED_CERT_RECORDS); + if (revokedCertIds == null || revokedCertIds.length == 0) { + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId() + .toString())); + throw new ECAException( + CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ")); } CertRecord revokedCertRecs[] = new CertRecord[revokedCertIds.length]; for (int i = 0; i < revokedCertIds.length; i++) { - revokedCertRecs[i] = (CertRecord) - mCA.getCertificateRepository().readCertificateRecord( - revokedCertIds[i]); + revokedCertRecs[i] = (CertRecord) mCA.getCertificateRepository() + .readCertificateRecord(revokedCertIds[i]); } - if (revokedCertRecs == null || - revokedCertRecs.length == 0 || - revokedCertRecs[0] == null) { - // XXX should this be an error ? - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId().toString())); - throw new ECAException(CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ")); + if (revokedCertRecs == null || revokedCertRecs.length == 0 + || revokedCertRecs[0] == null) { + // XXX should this be an error ? + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_CERT4CRL_NO_ENTRY", request.getRequestId() + .toString())); + throw new ECAException( + CMS.getUserMessage("CMS_CA_MISSING_INFO_IN_CLAREQ")); } - CertRecord recordedCerts[] = - new CertRecord[revokedCertRecs.length]; + CertRecord recordedCerts[] = new CertRecord[revokedCertRecs.length]; String svcerrors[] = null; for (int i = 0; i < revokedCertRecs.length; i++) { try { // for CLA, record it into cert repost - ((CertificateRepository) mCA.getCertificateRepository()).addRevokedCertRecord(revokedCertRecs[i]); - // mService.revokeCert(crlentries[i]); + ((CertificateRepository) mCA.getCertificateRepository()) + .addRevokedCertRecord(revokedCertRecs[i]); + // mService.revokeCert(crlentries[i]); recordedCerts[i] = revokedCertRecs[i]; // inform all CRLIssuingPoints about revoked certificate Hashtable hips = mService.getCRLIssuingPoints(); @@ -2040,17 +2124,20 @@ class serviceCert4Crl implements IServant { while (eIPs.hasMoreElements()) { ICRLIssuingPoint ip = (ICRLIssuingPoint) eIPs.nextElement(); // form RevokedCertImpl - RevokedCertImpl rci = - new RevokedCertImpl(revokedCertRecs[i].getSerialNumber(), + RevokedCertImpl rci = new RevokedCertImpl( + revokedCertRecs[i].getSerialNumber(), revokedCertRecs[i].getRevokedOn()); if (ip != null) { - ip.addRevokedCert(revokedCertRecs[i].getSerialNumber(), rci); + ip.addRevokedCert(revokedCertRecs[i].getSerialNumber(), + rci); } } } catch (ECAException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_CERT4CRL_NO_REC", Integer.toString(i), request.getRequestId().toString(), e.toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_CERT4CRL_NO_REC", Integer.toString(i), + request.getRequestId().toString(), e.toString())); recordedCerts[i] = null; if (svcerrors == null) { svcerrors = new String[recordedCerts.length]; @@ -2058,8 +2145,8 @@ class serviceCert4Crl implements IServant { svcerrors[i] = e.toString(); } } - //need to record which gets recorded and which failed...cfu - // request.set(IRequest.REVOKED_CERTS, revokedCerts); + // need to record which gets recorded and which failed...cfu + // request.set(IRequest.REVOKED_CERTS, revokedCerts); if (svcerrors != null) { request.setExtData(IRequest.SVCERRORS, svcerrors); throw new ECAException(CMS.getUserMessage("CMS_CA_CERT4CRL_FAILED")); @@ -2069,7 +2156,6 @@ class serviceCert4Crl implements IServant { } } - class serviceUnCert4Crl implements IServant { private ICertificateAuthority mCA; private CAService mService; @@ -2079,13 +2165,13 @@ class serviceUnCert4Crl implements IServant { mCA = mService.getCA(); } - public boolean service(IRequest request) - throws EBaseException { - BigInteger oldSerialNo[] = - request.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); + public boolean service(IRequest request) throws EBaseException { + BigInteger oldSerialNo[] = request + .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); if (oldSerialNo == null || oldSerialNo.length < 1) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL")); + mCA.log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_CA_UNREVOKE_MISSING_SERIAL")); throw new ECAException( CMS.getUserMessage("CMS_CA_MISSING_SERIAL_NUMBER")); } @@ -2094,7 +2180,8 @@ class serviceUnCert4Crl implements IServant { for (int i = 0; i < oldSerialNo.length; i++) { try { - mCA.getCertificateRepository().deleteCertificateRecord(oldSerialNo[i]); + mCA.getCertificateRepository().deleteCertificateRecord( + oldSerialNo[i]); // inform all CRLIssuingPoints about unrevoked certificate Hashtable hips = mService.getCRLIssuingPoints(); Enumeration eIPs = hips.elements(); @@ -2107,7 +2194,9 @@ class serviceUnCert4Crl implements IServant { } } } catch (EBaseException e) { - mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_DELETE_CERT_ERROR", oldSerialNo[i].toString(), e.toString())); + mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSCORE_CA_DELETE_CERT_ERROR", + oldSerialNo[i].toString(), e.toString())); if (svcerrors == null) { svcerrors = new String[oldSerialNo.length]; } @@ -2118,10 +2207,10 @@ class serviceUnCert4Crl implements IServant { if (svcerrors != null) { request.setExtData(IRequest.SVCERRORS, svcerrors); - throw new ECAException(CMS.getUserMessage("CMS_CA_UNCERT4CRL_FAILED")); + throw new ECAException( + CMS.getUserMessage("CMS_CA_UNCERT4CRL_FAILED")); } return true; } } - |