diff options
| author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
| commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
| tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/servlet/processors | |
| parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
| download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip | |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/processors')
6 files changed, 391 insertions, 395 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index 1e44dad1..2d3f1874 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Process CMC messages according to RFC 2797 - * See http://www.ietf.org/rfc/rfc2797.txt - * + * Process CMC messages according to RFC 2797 See + * http://www.ietf.org/rfc/rfc2797.txt + * * @version $Revision$, $Date$ */ public class CMCProcessor extends PKIProcessor { @@ -87,56 +85,56 @@ public class CMCProcessor extends PKIProcessor { super(); } - public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) { + public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, + boolean doEnforcePop) { super(cmsReq, servlet); enforcePop = doEnforcePop; } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { } - public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + public X509CertInfo[] fillCertInfoArray(String protocolString, + IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!"); String cmc = protocolString; try { byte[] cmcBlob = CMS.AtoB(cmc); - ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); + ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(cmcBlob); - org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo + .getTemplate().decode(cmcBlobIn); - if - (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); + if (!cmcReq.getContentType().equals( + org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) + || !cmcReq.hasContent()) + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); - SignedData cmcFullReq = (SignedData) - cmcReq.getInterpretedContent(); + SignedData cmcFullReq = (SignedData) cmcReq.getInterpretedContent(); EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); - if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { + if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) + || !ci.hasContent()) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); + ByteArrayInputStream s = new ByteArrayInputStream( + content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); SEQUENCE reqSequence = pkiData.getReqSequence(); @@ -144,10 +142,11 @@ public class CMCProcessor extends PKIProcessor { int numReqs = reqSequence.size(); X509CertInfo[] certInfoArray = new X509CertInfo[numReqs]; String[] reqIdArray = new String[numReqs]; - + for (int i = 0; i < numReqs; i++) { // decode message. - TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i); + TaggedRequest taggedRequest = (TaggedRequest) reqSequence + .elementAt(i); TaggedRequest.Type type = taggedRequest.getType(); @@ -157,35 +156,37 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(p10Id); - CertificationRequest p10 = - tcr.getCertificationRequest(); + CertificationRequest p10 = tcr.getCertificationRequest(); // transfer to sun class ByteArrayOutputStream ostream = new ByteArrayOutputStream(); p10.encode(ostream); - PKCS10Processor pkcs10Processor = new PKCS10Processor(mRequest, mServlet); + PKCS10Processor pkcs10Processor = new PKCS10Processor( + mRequest, mServlet); try { PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); - //xxx do we need to do anything else? + // xxx do we need to do anything else? X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); - pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams); + pkcs10Processor.fillCertInfo(pkcs10, certInfo, + authToken, httpParams); - /* fillPKCS10(pkcs10,certInfo, - authToken, httpParams); + /* + * fillPKCS10(pkcs10,certInfo, authToken, httpParams); */ certInfoArray[i] = certInfo; } catch (Exception e) { - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_PKCS10_ERROR", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_PKCS10_ERROR", e.toString())); } } else if (type.equals(TaggedRequest.CRMF)) { - CRMFProcessor crmfProc = new CRMFProcessor(mRequest, mServlet, enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(mRequest, + mServlet, enforcePop); CertReqMsg crm = taggedRequest.getCrm(); CertRequest certReq = crm.getCertReq(); @@ -195,10 +196,12 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(srcId); - certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); + certInfoArray[i] = crmfProc.processIndividualRequest(crm, + authToken, httpParams); } else { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); } } @@ -208,13 +211,11 @@ public class CMCProcessor extends PKIProcessor { Hashtable digs = new Hashtable(); for (int i = 0; i < numDig; i++) { - AlgorithmIdentifier dai = - (AlgorithmIdentifier) dais.elementAt(i); - String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); + AlgorithmIdentifier dai = (AlgorithmIdentifier) dais + .elementAt(i); + String name = DigestAlgorithm.fromOID(dai.getOID()).toString(); - MessageDigest md = - MessageDigest.getInstance(name); + MessageDigest md = MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); @@ -225,9 +226,8 @@ public class CMCProcessor extends PKIProcessor { int numSis = sis.size(); for (int i = 0; i < numSis; i++) { - org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo) - sis.elementAt(i); + org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis + .elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); @@ -243,9 +243,10 @@ public class CMCProcessor extends PKIProcessor { SignerIdentifier sid = si.getSignerIdentifier(); - if - (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { - IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber(); + if (sid.getType().equals( + SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + IssuerAndSerialNumber issuerAndSerialNumber = sid + .getIssuerAndSerialNumber(); // find from the certs in the signedData X509Certificate cert = null; @@ -254,21 +255,23 @@ public class CMCProcessor extends PKIProcessor { int numCerts = certs.size(); for (int j = 0; j < numCerts; j++) { - Certificate certJss = - (Certificate) certs.elementAt(j); - CertificateInfo certI = - certJss.getInfo(); + Certificate certJss = (Certificate) certs + .elementAt(j); + CertificateInfo certI = certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if ( - new String(issuerB).equals(new - String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) - && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { - ByteArrayOutputStream os = new - ByteArrayOutputStream(); + if (new String(issuerB) + .equals(new String(ASN1Util + .encode(issuerAndSerialNumber + .getIssuer()))) + && sn.toString().equals( + issuerAndSerialNumber + .getSerialNumber() + .toString())) { + ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -295,8 +298,7 @@ public class CMCProcessor extends PKIProcessor { keyType = PrivateKey.DSA; } else { } - PK11PubKey pubK = - PK11PubKey.fromRaw(keyType, + PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); @@ -309,21 +311,25 @@ public class CMCProcessor extends PKIProcessor { PublicKey signKey = null; while (signKey == null && j < numReqs) { - X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)).get(CertificateX509Key.KEY); + X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j] + .get(X509CertInfo.KEY)) + .get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(subjectKeyInfo.getEncoded()); byte[] skib = md.digest(); - if (new String(skib).equals(new String(ski.toByteArray()))) { + if (new String(skib).equals(new String(ski + .toByteArray()))) { signKey = subjectKeyInfo; } j++; } if (signKey == null) { - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", - "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); + throw new ECMSGWException( + CMS.getUserMessage( + "CMS_GW_CMC_ERROR", + "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); } else { PrivateKey.Type keyType = null; String alg = signKey.getAlgorithm(); @@ -334,8 +340,7 @@ public class CMCProcessor extends PKIProcessor { keyType = PrivateKey.DSA; } else { } - PK11PubKey pubK = PK11PubKey.fromRaw( - keyType, + PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); @@ -351,8 +356,8 @@ public class CMCProcessor extends PKIProcessor { int numControls = controls.size(); for (int i = 0; i < numControls; i++) { - TaggedAttribute control = - (TaggedAttribute) controls.elementAt(i); + TaggedAttribute control = (TaggedAttribute) controls + .elementAt(i); OBJECT_IDENTIFIER type = control.getType(); SET values = control.getValues(); int numVals = values.size(); @@ -363,10 +368,9 @@ public class CMCProcessor extends PKIProcessor { if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { - ANY val = (ANY) - values.elementAt(j); - INTEGER transId = (INTEGER) ((ANY) val).decodeWith( - INTEGER.getTemplate()); + ANY val = (ANY) values.elementAt(j); + INTEGER transId = (INTEGER) ((ANY) val) + .decodeWith(INTEGER.getTemplate()); if (transId != null) { vals[j] = transId.toString(); @@ -374,17 +378,15 @@ public class CMCProcessor extends PKIProcessor { } if (vals != null) req.setExtData(IRequest.CMC_TRANSID, vals); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { String[] vals = null; if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { - ANY val = (ANY) - values.elementAt(j); - OCTET_STRING nonce = (OCTET_STRING) - ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); + ANY val = (ANY) values.elementAt(j); + OCTET_STRING nonce = (OCTET_STRING) ((ANY) val) + .decodeWith(OCTET_STRING.getTemplate()); if (nonce != null) { vals[j] = new String(nonce.toByteArray()); @@ -409,27 +411,31 @@ public class CMCProcessor extends PKIProcessor { return certInfoArray; } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); - }catch (Exception e) { + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + } catch (Exception e) { + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", + e.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index 27648758..99b4c2b3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Process CRMF requests, according to RFC 2511 - * See http://www.ietf.org/rfc/rfc2511.txt - * + * Process CRMF requests, according to RFC 2511 See + * http://www.ietf.org/rfc/rfc2511.txt + * * @version $Revision$, $Date$ */ public class CRMFProcessor extends PKIProcessor { @@ -69,37 +67,36 @@ public class CRMFProcessor extends PKIProcessor { private boolean enforcePop = false; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; public CRMFProcessor() { super(); } - public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) { + public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, + boolean doEnforcePop) { super(cmsReq, servlet); enforcePop = doEnforcePop; mRequest = cmsReq; } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } /** * Verify Proof of Possession (POP) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof * of possession is checked during certificate enrollment * </ul> + * * @param certReqMsg the certificate request message * @exception EBaseException an error has occurred */ - private void verifyPOP(CertReqMsg certReqMsg) - throws EBaseException { + private void verifyPOP(CertReqMsg certReqMsg) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -118,59 +115,55 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, ILogger.SUCCESS); - audit( auditMessage ); + audit(auditMessage); } catch (Exception e) { CMS.debug("CRMFProcessor: Failed POP verify!"); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); } } } else { if (enforcePop == true) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); } } - } catch( EBaseException eAudit1 ) { + } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); } } - public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { CMS.debug("CRMFProcessor::processIndividualRequest!"); try { @@ -196,38 +189,39 @@ public class CRMFProcessor extends PKIProcessor { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 - if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null + || certTemplate.getNotAfter() != null) { + CertificateValidity certValidity = new CertificateValidity( + certTemplate.getNotBefore(), certTemplate.getNotAfter()); certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + subject)); + } else if (authToken == null + || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // No subject name - error! log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } // get extensions CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { @@ -242,35 +236,32 @@ public class CRMFProcessor extends PKIProcessor { int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = certTemplate + .extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext + .getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); - ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext + .getExtnValue(); + ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = - new Extension(oid, isCritical, extValue); + Extension ext = new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -282,8 +273,8 @@ public class CRMFProcessor extends PKIProcessor { // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + if (authToken != null + && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); @@ -300,31 +291,34 @@ public class CRMFProcessor extends PKIProcessor { } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); - } /* catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); - throw new ECMSGWException( - CMSGWResources.ERROR_CRMF_TO_CERTINFO); - } */ catch (InvalidKeyException e) { + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + } /* + * catch (InvalidBERException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); + * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO); + * } + */catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } - public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + public X509CertInfo[] fillCertInfoArray(String protocolString, + IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CRMFProcessor.fillCertInfoArray!"); @@ -332,11 +326,10 @@ public class CRMFProcessor extends PKIProcessor { try { byte[] crmfBlob = CMS.AtoB(crmf); - ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); + ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob); - SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( + new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -344,31 +337,33 @@ public class CRMFProcessor extends PKIProcessor { for (int i = 0; i < nummsgs; i++) { // decode message. CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); - + CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); int srcId = certReqId.intValue(); req.setExtData(IRequest.CRMF_REQID, String.valueOf(srcId)); - certInfoArray[i] = processIndividualRequest(certReqMsg, authToken, httpParams); + certInfoArray[i] = processIndividualRequest(certReqMsg, + authToken, httpParams); } - //do_testbed_hack(nummsgs, certInfoArray, httpParams); + // do_testbed_hack(nummsgs, certInfoArray, httpParams); return certInfoArray; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java index d021f653..6ecb87c8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java @@ -17,19 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import com.netscape.certsrv.base.EBaseException; import com.netscape.cms.servlet.common.CMSRequest; - /** * This represents the request parser. - * + * * @version $Revision$, $Date$ */ public interface IPKIProcessor { - public void process(CMSRequest cmsReq) - throws EBaseException; + public void process(CMSRequest cmsReq) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java index cc035033..c78e0b7b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -37,11 +36,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * KeyGenProcess parses Certificate request matching the - * KEYGEN tag format used by Netscape Communicator 4.x - * + * KeyGenProcess parses Certificate request matching the KEYGEN tag format used + * by Netscape Communicator 4.x + * * @version $Revision$, $Date$ */ public class KeyGenProcessor extends PKIProcessor { @@ -55,14 +53,11 @@ public class KeyGenProcessor extends PKIProcessor { } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { CMS.debug("KeyGenProcessor: fillCertInfo"); @@ -72,28 +67,30 @@ public class KeyGenProcessor extends PKIProcessor { KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( PKIProcessor.SUBJECT_KEYGEN_INFO, null); - + // fill key X509Key key = null; key = keyGenInfo.getSPKI(); if (key == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); + CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); } try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - "Could not set key into certInfo from keygen. Error " + e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + "Could not set key into certInfo from keygen. Error " + e); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } String authMgr = mServlet.getAuthMgr(); @@ -106,12 +103,13 @@ public class KeyGenProcessor extends PKIProcessor { if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // allow special case for agent gateway in admin enroll // and bulk issuance. - if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && - !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { + if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) + && !authMgr + .equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } fillCertInfoFromForm(certInfo, httpParams); } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java index 53d38455..19e343e6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -46,12 +45,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * PKCS10Processor process Certificate Requests in - * PKCS10 format, as defined here: - * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html - * + * PKCS10Processor process Certificate Requests in PKCS10 format, as defined + * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html + * * @version $Revision$, $Date$ */ public class PKCS10Processor extends PKIProcessor { @@ -61,7 +58,7 @@ public class PKCS10Processor extends PKIProcessor { private final String USE_INTERNAL_PKCS10 = "internal"; public PKCS10Processor() { - + super(); } @@ -70,25 +67,20 @@ public class PKCS10Processor extends PKIProcessor { } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - public void fillCertInfo( - PKCS10 pkcs10, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(PKCS10 pkcs10, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { mPkcs10 = pkcs10; - - fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); + + fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); } - public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { PKCS10 p10 = null; @@ -99,12 +91,13 @@ public class PKCS10Processor extends PKIProcessor { } else if (protocolString.equals(USE_INTERNAL_PKCS10)) { p10 = mPkcs10; } else { - CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" ); - throw new EBaseException( "p10 is null" ); + CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!"); + throw new EBaseException("p10 is null"); } if (mServlet == null) { - EBaseException ex = new ECMSGWException("Servlet property of PKCS10Processor is null."); + EBaseException ex = new ECMSGWException( + "Servlet property of PKCS10Processor is null."); throw ex; @@ -114,22 +107,24 @@ public class PKCS10Processor extends PKIProcessor { X509Key key = p10.getSubjectPublicKeyInfo(); if (key == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10")); } CertificateX509Key certKey = new CertificateX509Key(key); try { certInfo.set(X509CertInfo.KEY, certKey); } catch (CertificateException e) { - EBaseException ex = new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + EBaseException ex = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; } catch (IOException e) { - EBaseException ex = new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + EBaseException ex = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; @@ -139,33 +134,34 @@ public class PKCS10Processor extends PKIProcessor { if (subject != null) { try { - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - log(ILogger.LL_INFO, - "Setting subject name " + subject + " from p10."); + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + subject)); + log(ILogger.LL_INFO, "Setting subject name " + subject + + " from p10."); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in X500 name parsing, // this will catch it. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + } else if (authToken == null + || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); } // fill extensions from pkcs 10 attributes if any. @@ -176,45 +172,49 @@ public class PKCS10Processor extends PKIProcessor { PKCS10Attributes p10Attrs = p10.getAttributes(); if (p10Attrs != null) { - PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); - - if (p10Attr != null && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { - Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs + .getAttribute(CertificateExtensions.NAME)); + + if (p10Attr != null + && p10Attr.getAttributeId().equals( + PKCS9Attribute.EXTENSION_REQUEST_OID)) { + Extensions exts0 = (Extensions) (p10Attr + .getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); byte[] extB = extOut.toByteArray(); DerInputStream extIn = new DerInputStream(extB); - CertificateExtensions exts = new CertificateExtensions(extIn); + CertificateExtensions exts = new CertificateExtensions( + extIn); if (exts != null) { certInfo.set(X509CertInfo.EXTENSIONS, exts); } } } - CMS.debug( - "PKCS10Processor: Seted cert extensions from pkcs10. "); + CMS.debug("PKCS10Processor: Seted cert extensions from pkcs10. "); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in extensions parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } // override pkcs10 attributes with authtoken attributes @@ -222,9 +222,9 @@ public class PKCS10Processor extends PKIProcessor { // adminEnroll is an exception String authMgr = mServlet.getAuthMgr(); - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && - !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { + if (authToken != null + && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null + && !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { fillCertInfoFromAuthToken(certInfo, authToken); } @@ -233,12 +233,11 @@ public class PKCS10Processor extends PKIProcessor { // from the http parameters. if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) { fillValidityFromForm(certInfo, httpParams); - } - + } + } - private PKCS10 getPKCS10(IArgBlock httpParams) - throws EBaseException { + private PKCS10 getPKCS10(IArgBlock httpParams) throws EBaseException { PKCS10 pkcs10 = null; @@ -246,17 +245,20 @@ public class PKCS10Processor extends PKIProcessor { // support Enterprise 3.5.1 server where CERT_TYPE=csrCertType // instead of certType - certType = httpParams.getValueAsString(PKIProcessor.OLD_CERT_TYPE, null); + certType = httpParams + .getValueAsString(PKIProcessor.OLD_CERT_TYPE, null); if (certType == null) { - certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, "client"); + certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, + "client"); } else { // some policies may rely on the fact that // CERT_TYPE is set. So for 3.5.1 or eariler - // we need to set CERT_TYPE but not here. + // we need to set CERT_TYPE but not here. } if (certType.equals("client")) { // coming from MSIE - String p10b64 = httpParams.getValueAsString(PKIProcessor.PKCS10_REQUEST, null); + String p10b64 = httpParams.getValueAsString( + PKIProcessor.PKCS10_REQUEST, null); if (p10b64 != null) { try { @@ -266,18 +268,20 @@ public class PKCS10Processor extends PKIProcessor { } catch (Exception e) { // ok, if the above fails, it could // be a PKCS10 with header - pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); + pkcs10 = httpParams.getValueAsPKCS10( + PKIProcessor.PKCS10_REQUEST, false, null); // e.printStackTrace(); } } - //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { // coming from server cut & paste blob. - pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); - }catch (Exception ex) { + pkcs10 = httpParams.getValueAsPKCS10( + PKIProcessor.PKCS10_REQUEST, false, null); + } catch (Exception ex) { ex.printStackTrace(); } } @@ -286,4 +290,4 @@ public class PKCS10Processor extends PKIProcessor { } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java index 625808d7..b81b6831 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Date; @@ -42,10 +41,9 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Process Certificate Requests - * + * * @version $Revision$, $Date$ */ public class PKIProcessor implements IPKIProcessor { @@ -57,7 +55,7 @@ public class PKIProcessor implements IPKIProcessor { public static final String PKCS10_REQUEST = "pkcs10Request"; public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo"; - protected CMSRequest mRequest = null; + protected CMSRequest mRequest = null; protected HttpServletRequest httpReq = null; protected String mServletId = null; @@ -83,31 +81,27 @@ public class PKIProcessor implements IPKIProcessor { } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - protected void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + protected void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { } - protected X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + protected X509CertInfo[] fillCertInfoArray(String protocolString, + IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { return null; } /** - * fill subject name, validity, extensions from authoken if any, - * overriding what was in pkcs10. - * fill subject name, extensions from http input if not authenticated. - * requests not authenticated will need to be approved by an agent. + * fill subject name, validity, extensions from authoken if any, overriding + * what was in pkcs10. fill subject name, extensions from http input if not + * authenticated. requests not authenticated will need to be approved by an + * agent. */ - public static void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + public static void fillCertInfoFromAuthToken(X509CertInfo certInfo, + IAuthToken authToken) throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. // take key from keygen, cmc, pkcs10 or crmf. @@ -115,61 +109,62 @@ public class PKIProcessor implements IPKIProcessor { CMS.debug("PKIProcessor: fillCertInfoFromAuthToken"); // subject name. try { - String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + String subjectname = authToken + .getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { - CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName( + new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + log(ILogger.LL_INFO, "cert subject set to " + certSubject + + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = authToken + .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + log(ILogger.LL_INFO, "cert validity set to " + validity + + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } // extensions try { - CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = authToken + .getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -177,73 +172,78 @@ public class PKIProcessor implements IPKIProcessor { } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } /** - * fill subject name, extension from form. - * this is done for unauthenticated requests. - * unauthenticated requests must be approved by agents so these will - * all be seen by and agent. + * fill subject name, extension from form. this is done for unauthenticated + * requests. unauthenticated requests must be approved by agents so these + * will all be seen by and agent. */ - public static void fillCertInfoFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + public static void fillCertInfoFromForm(X509CertInfo certInfo, + IArgBlock httpParams) throws EBaseException { CMS.debug("PKIProcessor: fillCertInfoFromForm"); // subject name. try { - String subject = httpParams.getValueAsString(PKIProcessor.SUBJECT_NAME, null); + String subject = httpParams.getValueAsString( + PKIProcessor.SUBJECT_NAME, null); if (subject == null) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); } X500Name x500name = new X500Name(subject); - certInfo.set( - X509CertInfo.SUBJECT, new CertificateSubjectName(x500name)); + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + x500name)); fillValidityFromForm(certInfo, httpParams); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IllegalArgumentException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); + CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); + CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); } // requested extensions. // let polcies form extensions from http input. } - public static void fillValidityFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + public static void fillValidityFromForm(X509CertInfo certInfo, + IArgBlock httpParams) throws EBaseException { CMS.debug("PKIProcessor: fillValidityFromForm!"); try { - String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null); - String notValidAfterStr = httpParams.getValueAsString("notValidAfter", null); + String notValidBeforeStr = httpParams.getValueAsString( + "notValidBefore", null); + String notValidAfterStr = httpParams.getValueAsString( + "notValidAfter", null); if (notValidBeforeStr != null && notValidAfterStr != null) { long notValidBefore = 0; @@ -266,44 +266,46 @@ public class PKIProcessor implements IPKIProcessor { if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + log(ILogger.LL_INFO, "cert validity set to " + validity + + " from authtoken"); } } } } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } } /** * log according to authority category. */ - public static void log(int event, int level, String msg) { + public static void log(int event, int level, String msg) { CMS.getLogger().log(event, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } public static void log(int level, String msg) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -314,21 +316,17 @@ public class PKIProcessor implements IPKIProcessor { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -343,8 +341,7 @@ public class PKIProcessor implements IPKIProcessor { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); + subjectID = (String) auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -358,4 +355,3 @@ public class PKIProcessor implements IPKIProcessor { return subjectID; } } - |