diff options
author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/servlet | |
parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet')
204 files changed, 26314 insertions, 27178 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java index c4fa440d..0087375c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,10 +44,9 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; - /** * Manage Access Control List configuration - * + * * @version $Revision$, $Date$ */ public class ACLAdminServlet extends AdminServlet { @@ -63,8 +61,7 @@ public class ACLAdminServlet extends AdminServlet { private final static String INFO = "ACLAdminServlet"; private IAuthzManager mAuthzMgr = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL = - "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL = "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3"; /** * Constructs servlet. @@ -74,17 +71,18 @@ public class ACLAdminServlet extends AdminServlet { mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); } - /** - * initialize the servlet. + /** + * initialize the servlet. * <ul> * <li>http.param OP_TYPE = OP_SEARCH, * <li>http.param OP_SCOPE - the scope of the request operation: - * <ul><LI>"impl" ACL implementations - * <LI>"acls" ACL rules - * <LI>"evaluatorTypes" ACL evaluators. - * </ul> + * <ul> + * <LI>"impl" ACL implementations + * <LI>"acls" ACL rules + * <LI>"evaluatorTypes" ACL evaluators. * </ul> - * + * </ul> + * * @param config servlet configuration, read from the web.xml file */ public void init(ServletConfig config) throws ServletException { @@ -99,24 +97,24 @@ public class ACLAdminServlet extends AdminServlet { return INFO; } - /** + /** * Process the HTTP request. - * + * * @param req the object holding the request information * @param resp the object holding the response information */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = super.getParameter(req, Constants.OP_SCOPE); String op = super.getParameter(req, Constants.OP_TYPE); if (op == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); return; } @@ -125,9 +123,10 @@ public class ACLAdminServlet extends AdminServlet { try { super.authenticate(req); } catch (IOException e) { - log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); return; } @@ -136,13 +135,11 @@ public class ACLAdminServlet extends AdminServlet { try { SessionContext mSC = SessionContext.getContext(); - user = (IUser) - mSC.get(SessionContext.USER); + user = (IUser) mSC.get(SessionContext.USER); } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); return; } @@ -152,9 +149,8 @@ public class ACLAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -170,9 +166,8 @@ public class ACLAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -182,9 +177,8 @@ public class ACLAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_ACL)) { @@ -194,9 +188,8 @@ public class ACLAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -206,9 +199,8 @@ public class ACLAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_ACL_IMPLS)) { @@ -216,41 +208,37 @@ public class ACLAdminServlet extends AdminServlet { return; } } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); - sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); return; } log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); return; } /** * list acls resources by name */ - private void listResources(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private void listResources(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -260,7 +248,7 @@ public class ACLAdminServlet extends AdminServlet { ACL acl = (ACL) res.nextElement(); String desc = acl.getDescription(); - if (desc == null) + if (desc == null) params.add(acl.getName(), ""); else params.add(acl.getName(), desc); @@ -272,19 +260,17 @@ public class ACLAdminServlet extends AdminServlet { /** * get acls information for a resource */ - private void getResourceACL(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + private void getResourceACL(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - //get resource id first + // get resource id first String resourceId = super.getParameter(req, Constants.RS_ID); if (resourceId == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -329,10 +315,10 @@ public class ACLAdminServlet extends AdminServlet { return; } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_RESOURCE_NOT_FOUND"), - null, resp); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND")); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ACL_RESOURCE_NOT_FOUND"), null, resp); return; } } @@ -340,19 +326,20 @@ public class ACLAdminServlet extends AdminServlet { /** * modify acls information for a resource * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private void updateResources(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void updateResources(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -365,27 +352,25 @@ public class ACLAdminServlet extends AdminServlet { String resourceId = super.getParameter(req, Constants.RS_ID); if (resourceId == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // get resource acls String resourceACLs = super.getParameter(req, Constants.PR_ACI); String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS); - String desc = super.getParameter(req, Constants.PR_ACL_DESC); + String desc = super.getParameter(req, Constants.PR_ACL_DESC); try { mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc); @@ -394,10 +379,8 @@ public class ACLAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -408,62 +391,56 @@ public class ACLAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_UPDATE_FAIL"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ACL_UPDATE_FAIL"), null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - + /** * list access evaluators by types and class paths */ - private void listACLsEvaluators(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + private void listACLsEvaluators(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration res = mAuthzMgr.aclEvaluatorElements(); @@ -479,7 +456,7 @@ public class ACLAdminServlet extends AdminServlet { } private void listACLsEvaluatorTypes(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, + HttpServletResponse resp) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration res = mAuthzMgr.aclEvaluatorElements(); @@ -490,7 +467,7 @@ public class ACLAdminServlet extends AdminServlet { StringBuffer str = new StringBuffer(); for (int i = 0; i < operators.length; i++) { - if (str.length() > 0) + if (str.length() > 0) str.append(","); str.append(operators[i]); } @@ -504,22 +481,23 @@ public class ACLAdminServlet extends AdminServlet { /** * add access evaluators * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -533,35 +511,30 @@ public class ACLAdminServlet extends AdminServlet { if (type == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // is the evaluator type unique? /* - if (!mACLs.isTypeUnique(type)) { - String infoMsg = "replacing existing type: "+ type; - log(ILogger.LL_WARN, infoMsg); - } + * if (!mACLs.isTypeUnique(type)) { String infoMsg = + * "replacing existing type: "+ type; log(ILogger.LL_WARN, infoMsg); + * } */ // get class String classPath = super.getParameter(req, Constants.PR_ACL_CLASS); - IConfigStore destStore = - mConfig.getSubStore(PROP_EVAL); - IConfigStore mStore = - destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); + IConfigStore destStore = mConfig.getSubStore(PROP_EVAL); + IConfigStore mStore = destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); // Does the class exist? Class newImpl = null; @@ -575,60 +548,54 @@ public class ACLAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_CLASS_LOAD_FAIL"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ACL_CLASS_LOAD_FAIL"), null, resp); return; } // is the class an IAccessEvaluator? try { - if - (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) { - String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + - classPath; + if (Class.forName( + "com.netscape.certsrv.evaluators.IAccessEvaluator") + .isAssignableFrom(newImpl) == false) { + String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + + classPath; log(ILogger.LL_FAILURE, errMsg); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ACL_ILL_CLASS"), null, resp); return; } } catch (Exception e) { - String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + - classPath; + String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" + + classPath; log(ILogger.LL_FAILURE, errMsg); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"), - null, resp); + sendResponse( + ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"), + null, resp); return; } @@ -640,20 +607,18 @@ public class ACLAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ACL_COMMIT_FAIL"), null, resp); return; } @@ -661,22 +626,20 @@ public class ACLAdminServlet extends AdminServlet { IAccessEvaluator evaluator = null; try { - evaluator = (IAccessEvaluator) Class.forName(classPath).newInstance(); + evaluator = (IAccessEvaluator) Class.forName(classPath) + .newInstance(); } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_INST_CLASS_FAIL"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ACL_INST_CLASS_FAIL"), null, resp); return; } @@ -687,76 +650,71 @@ public class ACLAdminServlet extends AdminServlet { mAuthzMgr.registerEvaluator(type, evaluator); } - //... + // ... NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * remove access evaluators * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring * Access Control List (ACL) information * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this ACL evaluator's - * substore + * substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void deleteACLsEvaluator(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void deleteACLsEvaluator(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -769,20 +727,18 @@ public class ACLAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -790,20 +746,18 @@ public class ACLAdminServlet extends AdminServlet { Hashtable mEvaluators = mAuthzMgr.getAccessEvaluators(); if (mEvaluators.containsKey(id) == false) { - log(ILogger.LL_FAILURE, "evaluator attempted to be removed not found"); + log(ILogger.LL_FAILURE, + "evaluator attempted to be removed not found"); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_EVAL_NOT_FOUND"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ACL_EVAL_NOT_FOUND"), null, resp); return; } @@ -812,116 +766,100 @@ public class ACLAdminServlet extends AdminServlet { mEvaluators.remove((Object) id); try { - IConfigStore destStore = - mConfig.getSubStore(PROP_EVAL); - IConfigStore mStore = - destStore.getSubStore(ScopeDef.SC_ACL_IMPLS); + IConfigStore destStore = mConfig.getSubStore(PROP_EVAL); + IConfigStore mStore = destStore + .getSubStore(ScopeDef.SC_ACL_IMPLS); mStore.removeSubStore(id); } catch (Exception eeee) { - //CMS.debugStackTrace(eeee); + // CMS.debugStackTrace(eeee); } // commiting try { mConfig.commit(true); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ACL_COMMIT_FAIL"), null, resp); return; } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ACL, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ACL, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ACL, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - + /** * Searchs for certificate requests. */ - + /* - private void getACLs(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { - NameValuePairs params = new NameValuePairs(); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - ObjectOutputStream oos = new ObjectOutputStream(bos); - String names = getParameter(req, Constants.PT_NAMES); - StringTokenizer st = new StringTokenizer(names, ","); - while (st.hasMoreTokens()) { - String target = st.nextToken(); - ACL acl = AccessManager.getInstance().getACL(target); - oos.writeObject(acl); - } - // BASE64Encoder encoder = new BASE64Encoder(); - // params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray())); - params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray())); - sendResponse(SUCCESS, null, params, resp); - } + * private void getACLs(HttpServletRequest req, HttpServletResponse resp) + * throws ServletException, IOException, EBaseException { NameValuePairs + * params = new NameValuePairs(); ByteArrayOutputStream bos = new + * ByteArrayOutputStream(); ObjectOutputStream oos = new + * ObjectOutputStream(bos); String names = getParameter(req, + * Constants.PT_NAMES); StringTokenizer st = new StringTokenizer(names, + * ","); while (st.hasMoreTokens()) { String target = st.nextToken(); ACL + * acl = AccessManager.getInstance().getACL(target); oos.writeObject(acl); } + * // BASE64Encoder encoder = new BASE64Encoder(); // + * params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray())); + * params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray())); + * sendResponse(SUCCESS, null, params, resp); } */ private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "ACLAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level, + "ACLAdminServlet: " + msg); } -} - +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java index 2024e496..038355f0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for the remote admin. - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ @@ -37,8 +35,7 @@ public class AdminResources extends ListResourceBundle { } /** - * Constants. The suffix represents the number of - * possible parameters. + * Constants. The suffix represents the number of possible parameters. */ static final Object[][] contents = {}; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index 08996734..a6fb0bfd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.IOException; @@ -56,32 +55,27 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.servlet.base.UserInfo; - /** - * A class represents an administration servlet that - * is responsible to serve administrative - * operation such as configuration parameter updates. - * - * Since each administration servlet needs to perform - * authentication information parsing and response - * formulation, it makes sense to encapsulate the + * A class represents an administration servlet that is responsible to serve + * administrative operation such as configuration parameter updates. + * + * Since each administration servlet needs to perform authentication information + * parsing and response formulation, it makes sense to encapsulate the * commonalities into this class. - * - * By extending this serlvet, the subclass does not - * need to re-implement the request parsing code - * (i.e. authentication information parsing). - * - * If a subsystem needs to expose configuration - * parameters management, it should create an - * administration servlet (i.e. CAAdminServlet) - * and register it to RemoteAdmin subsystem. - * + * + * By extending this serlvet, the subclass does not need to re-implement the + * request parsing code (i.e. authentication information parsing). + * + * If a subsystem needs to expose configuration parameters management, it should + * create an administration servlet (i.e. CAAdminServlet) and register it to + * RemoteAdmin subsystem. + * * <code> * public class CAAdminServlet extends AdminServlet { * ... * } * </code> - * + * * @version $Revision$, $Date$ */ public class AdminServlet extends HttpServlet { @@ -117,8 +111,7 @@ public class AdminServlet extends HttpServlet { public final static String AUTHZ_SRC_TYPE = "sourceType"; public final static String AUTHZ_SRC_LDAP = "ldap"; public final static String AUTHZ_SRC_XML = "web.xml"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = "javax.servlet.request.X509Certificate"; public final static String SIGNED_AUDIT_SCOPE = "Scope"; public final static String SIGNED_AUDIT_OPERATION = "Operation"; @@ -129,20 +122,13 @@ public class AdminServlet extends HttpServlet { public final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; - private final static String CERTUSERDB = - IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; - private final static String PASSWDUSERDB = - IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private final static String CERTUSERDB = IAuthSubsystem.CERTUSERDB_AUTHMGR_ID; + private final static String PASSWDUSERDB = IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID; /** * Constructs generic administration servlet. @@ -165,18 +151,20 @@ public class AdminServlet extends HttpServlet { srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP); } catch (EBaseException e) { - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE")); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE")); } - mAuthz = - (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); + mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); mServletID = getSCparam(sc, PROP_ID, "servlet id unknown"); - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID)); if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) { - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); - // get authz mgr from xml file; if not specified, use - // ldap by default + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); + // get authz mgr from xml file; if not specified, use + // ldap by default mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP); if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { @@ -185,72 +173,79 @@ public class AdminServlet extends HttpServlet { if (aclInfo != null) { try { addACLInfo(aclInfo); - //mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); + // mAuthz.authzMgrAccessInit(mAclMethod, aclInfo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); - throw new ServletException("failed to init authz info from xml config file"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL")); + throw new ServletException( + "failed to init authz info from xml config file"); } - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", mServletID)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage( + "ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", + mServletID)); } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage( + "ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, + mServletID, AUTHZ_MGR_LDAP)); } } else { // PROP_AUTHZ_MGR not specified, use default authzmgr - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", + PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP)); } } else { mAclMethod = AUTHZ_MGR_LDAP; - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", mServletID)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", + mServletID)); } } - public void outputHttpParameters(HttpServletRequest httpReq) - { + public void outputHttpParameters(HttpServletRequest httpReq) { CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || pn.endsWith("password") + || pn.endsWith("passwd") || pn.endsWith("pwd") + || pn.equalsIgnoreCase("admin_password_again") + || pn.equalsIgnoreCase("directoryManagerPwd") + || pn.equalsIgnoreCase("bindpassword") + || pn.equalsIgnoreCase("bindpwd") + || pn.equalsIgnoreCase("passwd") + || pn.equalsIgnoreCase("password") + || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") + || pn.equalsIgnoreCase("pwdagain") + || pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("AdminServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - + /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException( - "CMS server is not ready to serve."); + throw new IOException("CMS server is not ready to serve."); if (CMS.debugOn()) { - outputHttpParameters(req); + outputHttpParameters(req); } } @@ -274,22 +269,21 @@ public class AdminServlet extends HttpServlet { } /** - * Authenticates to the identity scope with the given - * userid and password via identity manager. + * Authenticates to the identity scope with the given userid and password + * via identity manager. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the - * SSL violation; CMS authMgr can pick up cert mis-match, so this event - * is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication - * succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the SSL + * violation; CMS authMgr can pick up cert mis-match, so this event is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when + * authentication succeeded * </ul> + * * @exception IOException an input/output error has occurred */ - protected void authenticate(HttpServletRequest req) throws - IOException { + protected void authenticate(HttpServletRequest req) throws IOException { String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; @@ -306,22 +300,20 @@ public class AdminServlet extends HttpServlet { } catch (EBaseException e) { // do nothing for now. } - IAuthSubsystem auth = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem auth = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); X509Certificate cert = null; if (authType.equals("sslclientauth")) { - X509Certificate[] allCerts = - (X509Certificate[]) req.getAttribute(CERT_ATTR); + X509Certificate[] allCerts = (X509Certificate[]) req + .getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, + auditUID); audit(auditMessage); @@ -358,25 +350,25 @@ public class AdminServlet extends HttpServlet { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - log(ILogger.LL_DEBUG, CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH", - mServletID)); + log(ILogger.LL_DEBUG, + CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH", mServletID)); try { if (authType.equals("sslclientauth")) { - IAuthManager - authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); - IAuthCredentials authCreds = - getAuthCreds(authMgr, cert); + IAuthManager authMgr = auth + .get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + IAuthCredentials authCreds = getAuthCreds(authMgr, cert); token = (AuthToken) authMgr.authenticate(authCreds); } else { String authToken = req.getHeader(HDR_AUTHORIZATION); - String b64s = authToken.substring( - authToken.lastIndexOf(' ') + 1); - String authCode = new String(com.netscape.osutil.OSUtil.AtoB(b64s)); + String b64s = authToken.substring(authToken + .lastIndexOf(' ') + 1); + String authCode = new String( + com.netscape.osutil.OSUtil.AtoB(b64s)); String userid = authCode.substring(0, authCode.lastIndexOf(':')); - String password = authCode.substring( - authCode.lastIndexOf(':') + 1); + String password = authCode.substring(authCode + .lastIndexOf(':') + 1); AuthCredentials cred = new AuthCredentials(); // save the "userid" of this certificate in case it @@ -395,40 +387,36 @@ public class AdminServlet extends HttpServlet { cred.set("pwd", password); token = auth.authenticate(cred, - IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID); - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT", - mServletID)); + IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT", + mServletID)); } } catch (EBaseException e) { - //will fix it later for authorization + // will fix it later for authorization /* - String errMsg = "authenticate(): " + - AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ - e.getMessage(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", - CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), - userid,e.getMessage())); + * String errMsg = "authenticate(): " + + * AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+ + * e.getMessage(); log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL", + * CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"), + * userid,e.getMessage())); */ if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -440,29 +428,24 @@ public class AdminServlet extends HttpServlet { String tuserid = token.getInString("userid"); if (tuserid == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN", - tuserid)); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_NO_AUTH_TOKEN", tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + CERTUSERDB, auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -476,29 +459,24 @@ public class AdminServlet extends HttpServlet { IUser user = mUG.getUser(tuserid); if (user == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND", - tuserid)); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_USER_NOT_FOUND", tuserid)); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + CERTUSERDB, auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -514,27 +492,27 @@ public class AdminServlet extends HttpServlet { sessionContext.put(SessionContext.USER_ID, tuserid); sessionContext.put(SessionContext.USER, user); } catch (EUsrGrpException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", + e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -542,28 +520,23 @@ public class AdminServlet extends HttpServlet { throw new IOException("authentication failed"); } catch (EBaseException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERROR", - e.toString())); + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERROR", e.toString())); if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB, + auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, + ILogger.UNIDENTIFIED, ILogger.FAILURE, + PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -579,19 +552,15 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, - auditSubjectID(), - ILogger.SUCCESS, - CERTUSERDB); + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(), + ILogger.SUCCESS, CERTUSERDB); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, - auditSubjectID(), - ILogger.SUCCESS, - PASSWDUSERDB); + LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(), + ILogger.SUCCESS, PASSWDUSERDB); audit(auditMessage); } @@ -599,21 +568,15 @@ public class AdminServlet extends HttpServlet { if (authType.equals("sslclientauth")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - CERTUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED, + ILogger.FAILURE, CERTUSERDB, auditUID); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - ILogger.UNIDENTIFIED, - ILogger.FAILURE, - PASSWDUSERDB, - auditUID); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED, + ILogger.FAILURE, PASSWDUSERDB, auditUID); audit(auditMessage); } @@ -623,9 +586,8 @@ public class AdminServlet extends HttpServlet { } } - public static AuthCredentials getAuthCreds( - IAuthManager authMgr, X509Certificate clientCert) - throws EBaseException { + public static AuthCredentials getAuthCreds(IAuthManager authMgr, + X509Certificate clientCert) throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -635,8 +597,7 @@ public class AdminServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert }); } } return creds; @@ -645,15 +606,16 @@ public class AdminServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization - * is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a - * role (in current CMS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when + * authorization is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes + * a role (in current CMS that's when one accesses a role port) * </ul> + * * @param req HTTP servlet request * @return the authorization token */ @@ -671,92 +633,79 @@ public class AdminServlet extends HttpServlet { AuthzToken authzTok = null; - CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID)); + CMS.debug("AdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID)); // hardcoded for now .. just testing try { // we check both "read" and "write" for now. later within - // each servlet, they can break it down - authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, mOp); + // each servlet, they can break it down + authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, + mOp); // initialize the ACL resource, overwriting "auditACLResource" // if it is not null - resource = (String) - authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE); + resource = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE); if (resource != null) { auditACLResource = resource.trim(); } // initialize the operation, overwriting "auditOperation" // if it is not null - operation = (String) - authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION); + operation = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION); if (operation != null) { auditOperation = operation.trim(); } CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTH_SUCCEED", mServletID)); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, ILogger.FAILURE, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, ILogger.FAILURE, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (Exception e) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, ILogger.FAILURE, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); @@ -764,21 +713,15 @@ public class AdminServlet extends HttpServlet { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, + auditSubjectID, ILogger.SUCCESS, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.SUCCESS, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.SUCCESS, auditGroups(auditSubjectID)); audit(auditMessage); @@ -797,7 +740,7 @@ public class AdminServlet extends HttpServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } @@ -808,15 +751,14 @@ public class AdminServlet extends HttpServlet { /** * Sends response. - * + * * @param returnCode return code * @param errorMsg localized error message * @param params result parameters * @param resp HTTP servlet response */ protected void sendResponse(int returnCode, String errorMsg, - NameValuePairs params, HttpServletResponse resp) - throws IOException { + NameValuePairs params, HttpServletResponse resp) throws IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(bos); @@ -832,11 +774,10 @@ public class AdminServlet extends HttpServlet { if (e.hasMoreElements()) { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - String value = java.net.URLEncoder.encode((String) - params.getValue(name)); + String value = java.net.URLEncoder.encode((String) params + .getValue(name)); - buf.append(java.net.URLEncoder.encode(name) + - "=" + value); + buf.append(java.net.URLEncoder.encode(name) + "=" + value); if (e.hasMoreElements()) buf.append("&"); } @@ -879,25 +820,24 @@ public class AdminServlet extends HttpServlet { protected String getParameter(HttpServletRequest req, String name) { // Servlet framework already apply URLdecode - // return URLdecode(req.getParameter(name)); + // return URLdecode(req.getParameter(name)); return req.getParameter(name); } /** * Generic configuration store get operation. */ - protected synchronized void getConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + protected synchronized void getConfig(IConfigStore config, + HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - //if (name.equals(Constants.PT_OP)) - // continue; + // if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -905,38 +845,36 @@ public class AdminServlet extends HttpServlet { if (name.equals(Constants.OP_SCOPE)) continue; - //System.out.println(name); - //System.out.println(name+","+config.getString(name)); + // System.out.println(name); + // System.out.println(name+","+config.getString(name)); params.add(name, config.getString(name)); } sendResponse(SUCCESS, null, params, resp); } /** - * Generic configuration store set operation. - * The caller is responsible to do validiation before - * calling this, and commit changes after this call. + * Generic configuration store set operation. The caller is responsible to + * do validiation before calling this, and commit changes after this call. */ - protected synchronized void setConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + protected synchronized void setConfig(IConfigStore config, + HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - //if (name.equals(Constants.PT_OP)) - // continue; + // if (name.equals(Constants.PT_OP)) + // continue; if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) continue; if (name.equals(Constants.OP_SCOPE)) continue; - // XXX Need validation... - // XXX what if update failed + // XXX Need validation... + // XXX what if update failed config.putString(name, req.getParameter(name)); } commit(true); @@ -946,10 +884,9 @@ public class AdminServlet extends HttpServlet { /** * Lists configuration store. */ - protected synchronized void listConfig( - IConfigStore config, HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + protected synchronized void listConfig(IConfigStore config, + HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration e = config.getPropertyNames(); NameValuePairs params = new NameValuePairs(); @@ -967,14 +904,14 @@ public class AdminServlet extends HttpServlet { public boolean authorize(IAuthToken token) throws EBaseException { String mGroupNames[] = { "Administrators" }; boolean mAnd = true; - + try { String userid = token.getInString("userid"); if (userid == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid)); return false; } @@ -983,9 +920,9 @@ public class AdminServlet extends HttpServlet { IUser user = mUG.getUser(userid); if (user == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid)); return false; } @@ -1001,10 +938,10 @@ public class AdminServlet extends HttpServlet { if (mAnd) { for (int i = 0; i < mGroupNames.length; i++) { if (!mUG.isMemberOf(user, mGroupNames[i])) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid, - mGroupNames[i])); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_USER_NOT_IN_GRP", userid, + mGroupNames[i])); return false; } } @@ -1012,10 +949,10 @@ public class AdminServlet extends HttpServlet { } else { for (int i = 0; i < mGroupNames.length; i++) { if (mUG.isMemberOf(user, mGroupNames[i])) { - mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid, - mGroupNames[i])); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_INFO, CMS.getLogMessage( + "ADMIN_SRVLT_GRP_AUTH_SUCC_USER", + userid, mGroupNames[i])); return true; } } @@ -1027,24 +964,25 @@ public class AdminServlet extends HttpServlet { groups.append(mGroupNames[j]); } mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString())); + ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, + groups.toString())); return false; } } catch (EUsrGrpException e) { mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString())); return false; } } /** * FileConfigStore functionality - * - * The original config file is moved to <filename>.<date>. - * Commits the current properties to the configuration file. + * + * The original config file is moved to <filename>.<date>. Commits the + * current properties to the configuration file. * <P> - * + * * @param createBackup true if a backup file should be created */ protected void commit(boolean createBackup) throws EBaseException { @@ -1054,17 +992,17 @@ public class AdminServlet extends HttpServlet { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, - level, "AdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, level, + "AdminServlet: " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended admin servlets - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended admin servlets and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1075,21 +1013,17 @@ public class AdminServlet extends HttpServlet { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1104,8 +1038,7 @@ public class AdminServlet extends HttpServlet { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); + subjectID = (String) auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -1121,13 +1054,13 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Parameters - * - * This method is inherited by all extended admin servlets and - * is called to extract parameters from the HttpServletRequest - * and return a string of name;;value pairs separated by a '+' - * if more than one name;;value pair exists. + * + * This method is inherited by all extended admin servlets and is called to + * extract parameters from the HttpServletRequest and return a string of + * name;;value pairs separated by a '+' if more than one name;;value pair + * exists. * <P> - * + * * @param req HTTP servlet request * @return a delimited string of one or more delimited name/value pairs */ @@ -1142,8 +1075,7 @@ public class AdminServlet extends HttpServlet { // always identify the scope of the request if (req.getParameter(Constants.OP_SCOPE) != null) { - parameters = SIGNED_AUDIT_SCOPE - + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters = SIGNED_AUDIT_SCOPE + SIGNED_AUDIT_NAME_VALUE_DELIMITER + req.getParameter(Constants.OP_SCOPE); } @@ -1194,48 +1126,47 @@ public class AdminServlet extends HttpServlet { value = value.trim(); if (value.equals("")) { - parameters += name - + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } else { // // To fix Blackflag Bug # 613800: // - // Check "com.netscape.certsrv.common.Constants" for - // case-insensitive "password", "pwd", and "passwd" - // name fields, and hide any password values: + // Check "com.netscape.certsrv.common.Constants" for + // case-insensitive "password", "pwd", and "passwd" + // name fields, and hide any password values: // - /* "password" */ if( name.equals( Constants.PASSWORDTYPE ) || - name.equals( Constants.TYPE_PASSWORD ) || - name.equals( Constants.PR_USER_PASSWORD ) || - name.equals( Constants.PT_OLD_PASSWORD ) || - name.equals( Constants.PT_NEW_PASSWORD ) || - name.equals( Constants.PT_DIST_STORE ) || - name.equals( Constants.PT_DIST_EMAIL ) || - /* "pwd" */ name.equals( Constants.PR_AUTH_ADMIN_PWD ) || - // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) || - name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) || - name.equals( Constants.PR_OLD_AGENT_PWD ) || - name.equals( Constants.PR_AGENT_PWD ) || - name.equals( Constants.PT_PUBLISH_PWD ) || - /* "passwd" */ name.equals( Constants.PR_BIND_PASSWD ) || - name.equals( Constants.PR_BIND_PASSWD_AGAIN ) || - name.equals( Constants.PR_TOKEN_PASSWD ) ) { + /* "password" */if (name.equals(Constants.PASSWORDTYPE) + || name.equals(Constants.TYPE_PASSWORD) + || name.equals(Constants.PR_USER_PASSWORD) + || name.equals(Constants.PT_OLD_PASSWORD) + || name.equals(Constants.PT_NEW_PASSWORD) + || name.equals(Constants.PT_DIST_STORE) + || name.equals(Constants.PT_DIST_EMAIL) + || + /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) + || + // ignore this one name.equals( + // Constants.PR_BINDPWD_PROMPT ) || + name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) + || name.equals(Constants.PR_OLD_AGENT_PWD) + || name.equals(Constants.PR_AGENT_PWD) + || name.equals(Constants.PT_PUBLISH_PWD) || + /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) + || name.equals(Constants.PR_BIND_PASSWD_AGAIN) + || name.equals(Constants.PR_TOKEN_PASSWD)) { // hide password value - parameters += name - + SIGNED_AUDIT_NAME_VALUE_DELIMITER - + SIGNED_AUDIT_PASSWORD_VALUE; + parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + + SIGNED_AUDIT_PASSWORD_VALUE; } else { // process normally - parameters += name - + SIGNED_AUDIT_NAME_VALUE_DELIMITER - + value; + parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + + value; } } } else { - parameters += name - + SIGNED_AUDIT_NAME_VALUE_DELIMITER + parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER + ILogger.SIGNED_AUDIT_EMPTY_VALUE; } } @@ -1245,14 +1176,14 @@ public class AdminServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated - * with the "auditSubjectID()". + * + * This method is called to extract all "groups" associated with the + * "auditSubjectID()". * <P> - * + * * @param SubjectID string containing the signed audit log message SubjectID - * @return a delimited string of groups associated - * with the "auditSubjectID()" + * @return a delimited string of groups associated with the + * "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -1260,8 +1191,7 @@ public class AdminServlet extends HttpServlet { return null; } - if ((SubjectID == null) || - (SubjectID.equals(ILogger.UNIDENTIFIED))) { + if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1279,7 +1209,7 @@ public class AdminServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length()!=0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -1287,7 +1217,7 @@ public class AdminServlet extends HttpServlet { } } - if (membersString.length()!= 0) { + if (membersString.length() != 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1295,7 +1225,8 @@ public class AdminServlet extends HttpServlet { } protected NameValuePairs convertStringArrayToNVPairs(String[] s) { - if (s == null) return null; + if (s == null) + return null; NameValuePairs nvps = new NameValuePairs(); int i; @@ -1310,7 +1241,8 @@ public class AdminServlet extends HttpServlet { } - protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo(String className) { + protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo( + String className) { IExtendedPluginInfo epi = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java index ff9b9911..9945171f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -46,13 +45,12 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ldap.ILdapAuthInfo; import com.netscape.certsrv.logging.ILogger; - /** - * A class representing an administration servlet for the - * Authentication Management subsystem. This servlet is responsible - * to serve configuration requests for the Auths Management subsystem. + * A class representing an administration servlet for the Authentication + * Management subsystem. This servlet is responsible to serve configuration + * requests for the Auths Management subsystem. + * * - * * @version $Revision$, $Date$ */ public class AuthAdminServlet extends AdminServlet { @@ -64,13 +62,11 @@ public class AuthAdminServlet extends AdminServlet { private final static String INFO = "AuthAdminServlet"; private IAuthSubsystem mAuths = null; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD"; private final static String VIEW = ";" + Constants.VIEW; private final static String EDIT = ";" + Constants.EDIT; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH = - "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH = "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3"; public AuthAdminServlet() { super(); @@ -88,19 +84,19 @@ public class AuthAdminServlet extends AdminServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins - * --- same as policy, should we move this into extendedpluginhelper? + * retrieve extended plugin info such as brief description, type info from + * policy, authentication, need to add: listener, mapper and publishing + * plugins --- same as policy, should we move this into + * extendedpluginhelper? */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); @@ -109,13 +105,14 @@ public class AuthAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, + implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, + String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; @@ -131,7 +128,8 @@ public class AuthAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info + .getExtendedPluginInfo(locale)); } return nvps; @@ -142,42 +140,41 @@ public class AuthAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + // System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); return; } // if it is not authentication, that means it is for CSC admin ping. // the best way to do is to define another protocol for ping and move // it to the generic servlet which is admin servlet. - if (!op.equals(OpDef.OP_AUTH)) { + if (!op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTH)) { String id = req.getParameter(Constants.RS_ID); // for CSC admin ping only - if (op.equals(OpDef.OP_READ) && - id.equals(Constants.RS_ID_CONFIG)) { + if (op.equals(OpDef.OP_READ) + && id.equals(Constants.RS_ID_CONFIG)) { - // no need to authenticate this. if we're alive, return true. + // no need to authenticate this. if we're alive, return + // true. NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_PING, Constants.TRUE); sendResponse(SUCCESS, null, params, resp); return; } else { - //System.out.println("SRVLT_INVALID_OP_TYPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + // System.out.println("SRVLT_INVALID_OP_TYPE"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); return; } } @@ -186,7 +183,7 @@ public class AuthAdminServlet extends AdminServlet { try { if (op.equals(OpDef.OP_AUTH)) { if (scope.equals(ScopeDef.SC_AUTHTYPE)) { - IConfigStore configStore = CMS.getConfigStore(); + IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("authType", "pwd"); NameValuePairs params = new NameValuePairs(); @@ -196,11 +193,11 @@ public class AuthAdminServlet extends AdminServlet { } } } catch (Exception e) { - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); return; } - // for the rest + // for the rest try { super.authenticate(req); if (op.equals(OpDef.OP_AUTH)) { // for admin authentication only @@ -208,9 +205,9 @@ public class AuthAdminServlet extends AdminServlet { return; } } catch (IOException e) { - //System.out.println("SRVLT_FAIL_AUTHS"); - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_AUTHS"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); return; } @@ -222,24 +219,24 @@ public class AuthAdminServlet extends AdminServlet { try { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage( + getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } getExtendedPluginInfo(req, resp); return; } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, + resp); return; } } if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -249,17 +246,15 @@ public class AuthAdminServlet extends AdminServlet { listAuthMgrInsts(req, resp); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -269,17 +264,15 @@ public class AuthAdminServlet extends AdminServlet { getInstConfig(req, resp); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -289,17 +282,15 @@ public class AuthAdminServlet extends AdminServlet { addAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) { @@ -309,17 +300,15 @@ public class AuthAdminServlet extends AdminServlet { delAuthMgrInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) { @@ -327,19 +316,17 @@ public class AuthAdminServlet extends AdminServlet { return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } - } + } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + } + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); return; } @@ -356,22 +343,23 @@ public class AuthAdminServlet extends AdminServlet { /** * Add authentication manager plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -384,33 +372,30 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // is the manager id unique? if (mAuths.getPlugins().containsKey((Object) id)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthException(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)) + .toString(), null, resp); return; } @@ -419,39 +404,36 @@ public class AuthAdminServlet extends AdminServlet { if (classPath == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), null, + resp); return; } - if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") || - classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { + if (classPath + .equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") + || classPath + .equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_BASE_PERMISSION_DENIED"), null, resp); return; } - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig + .getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); // Does the class exist? Class newImpl = null; @@ -461,30 +443,26 @@ public class AuthAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), null, + resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), null, + resp); return; } @@ -493,31 +471,26 @@ public class AuthAdminServlet extends AdminServlet { if (IAuthManager.class.isAssignableFrom(newImpl) == false) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_ILL_CLASS"), null, resp); return; } - } catch (NullPointerException e) { // unlikely, only if newImpl null. + } catch (NullPointerException e) { // unlikely, only if newImpl + // null. // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_ILL_CLASS"), null, resp); return; } @@ -531,17 +504,14 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -549,80 +519,75 @@ public class AuthAdminServlet extends AdminServlet { AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath); mAuths.getPlugins().put(id, plugin); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Add authentication manager instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -635,16 +600,13 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -652,16 +614,13 @@ public class AuthAdminServlet extends AdminServlet { if (mAuths.getInstances().containsKey((Object) id)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_MGR_INST_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_ILL_MGR_INST_ID"), null, resp); return; } @@ -673,43 +632,41 @@ public class AuthAdminServlet extends AdminServlet { if (implname == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MISSING_PARAMS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_MISSING_PARAMS"), null, resp); return; } // prevent agent & admin creation. - if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || - implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) + || implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_BASE_PERMISSION_DENIED"), null, resp); } // check if implementation exists. - AuthMgrPlugin plugin = - (AuthMgrPlugin) mAuths.getPlugins().get(implname); + AuthMgrPlugin plugin = (AuthMgrPlugin) mAuths.getPlugins().get( + implname); if (plugin == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage( + getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", + implname)).toString(), null, resp); return; } @@ -718,10 +675,9 @@ public class AuthAdminServlet extends AdminServlet { // are there, but not checking the values are valid String[] configParams = mAuths.getConfigParams(implname); - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig + .getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -747,52 +703,56 @@ public class AuthAdminServlet extends AdminServlet { IAuthManager authMgrInst = null; try { - authMgrInst = (IAuthManager) Class.forName(className).newInstance(); + authMgrInst = (IAuthManager) Class.forName(className) + .newInstance(); } catch (ClassNotFoundException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // cleanup instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthException(CMS + .getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthException(CMS + .getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthException(CMS + .getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } @@ -802,10 +762,8 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -821,37 +779,31 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // inited and commited ok. now add manager instance to list. mAuths.add(id, authMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_AUTH_IMPL_NAME, implname); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -859,11 +811,8 @@ public class AuthAdminServlet extends AdminServlet { return; } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -871,42 +820,38 @@ public class AuthAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void listAuthMgrPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listAuthMgrPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mAuths.getPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - AuthMgrPlugin value = (AuthMgrPlugin) - mAuths.getPlugins().get(name); + AuthMgrPlugin value = (AuthMgrPlugin) mAuths.getPlugins().get(name); if (value.isVisible()) { params.add(name, value.getClassPath() + EDIT); @@ -916,16 +861,16 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void listAuthMgrInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listAuthMgrInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration e = mAuths.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration e = mAuths.getInstances().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); - AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name); + AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances() + .get(name); IAuthManager value = proxy.getAuthManager(); String enableStr = "enabled"; @@ -933,11 +878,12 @@ public class AuthAdminServlet extends AdminServlet { enableStr = "disabled"; } - AuthMgrPlugin amgrplugin = (AuthMgrPlugin) - mAuths.getPlugins().get(value.getImplName()); + AuthMgrPlugin amgrplugin = (AuthMgrPlugin) mAuths.getPlugins().get( + value.getImplName()); if (!amgrplugin.isVisible()) { - params.add(name, value.getImplName() + ";invisible;" + enableStr); + params.add(name, value.getImplName() + ";invisible;" + + enableStr); } else { params.add(name, value.getImplName() + ";visible;" + enableStr); } @@ -949,21 +895,22 @@ public class AuthAdminServlet extends AdminServlet { /** * Delete authentication manager plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -978,74 +925,69 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // prevent deletion of admin and agent. - if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) + || id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) { + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager exist? if (mAuths.getPlugins().containsKey(id) == false) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage( + getLocale(req), + "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)) + .toString(), null, resp); return; } // first check if any instances from this auth manager // DON'T remove auth manager if any instance - for (Enumeration e = mAuths.getInstances().keys(); - e.hasMoreElements();) { - IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement()); + for (Enumeration e = mAuths.getInstances().keys(); e + .hasMoreElements();) { + IAuthManager authMgr = (IAuthManager) mAuths.get((String) e + .nextElement()); if (authMgr.getImplName() == id) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MGR_IN_USE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_MGR_IN_USE"), null, resp); return; } } - + // then delete this auth manager mAuths.getPlugins().remove((Object) id); - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig + .getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -1054,87 +996,79 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } } /** * Delete authentication manager instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { String auditMessage = null; @@ -1149,56 +1083,52 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // prevent deletion of admin and agent. - if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) + || id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_BASE_PERMISSION_DENIED"), null, resp); } // does auth manager instance exist? if (mAuths.getInstances().containsKey(id) == false) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)) + .toString(), null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. IAuthManager mgrInst = (IAuthManager) mAuths.get(id); mAuths.getInstances().remove((Object) id); // remove the configuration. - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig + .getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting @@ -1207,96 +1137,85 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } - //This only works in the fact that we only support one instance per - //auth plugin. + // This only works in the fact that we only support one instance per + // auth plugin. ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); authInfo.removePassword("Rule " + id); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular auth manager plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this authentication subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular auth manager plugin implementation name + * specified in the RS_ID. Actually, there is no logic in here to set any + * default value here...there's no default value for any parameter in this + * authentication subsystem at this point. Later, if we do have one (or + * some), it can be added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1314,25 +1233,26 @@ public class AuthAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does auth manager instance exist? if (mAuths.getInstances().containsKey(id) == false) { - sendResponse(ERROR, - new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -1361,29 +1281,29 @@ public class AuthAdminServlet extends AdminServlet { } /** - * Modify authentication manager instance - * This will actually create a new instance with new configuration - * parameters and replace the old instance if the new instance is - * created and initialized successfully. - * The old instance is left running, so this is very expensive. - * Restart of server recommended. + * Modify authentication manager instance This will actually create a new + * instance with new configuration parameters and replace the old instance + * if the new instance is created and initialized successfully. The old + * instance is left running, so this is very expensive. Restart of server + * recommended. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring * authentication * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of this authentication - * manager's substore + * manager's substore * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modAuthMgrInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modAuthMgrInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { // expensive operation. @@ -1398,41 +1318,37 @@ public class AuthAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // prevent modification of admin and agent. - if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) || - id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp); + if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) + || id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_BASE_PERMISSION_DENIED"), null, resp); } // Does the manager instance exist? if (!mAuths.getInstances().containsKey((Object) id)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), - null, resp); + sendResponse( + ERROR, + CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"), + null, resp); return; } @@ -1442,43 +1358,42 @@ public class AuthAdminServlet extends AdminServlet { if (implname == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), - null, resp); + sendResponse( + ERROR, + CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"), + null, resp); return; } - // get plugin for implementation - AuthMgrPlugin plugin = - (AuthMgrPlugin) mAuths.getPlugins().get(implname); + // get plugin for implementation + AuthMgrPlugin plugin = (AuthMgrPlugin) mAuths.getPlugins().get( + implname); if (plugin == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthMgrPluginNotFound(CMS.getUserMessage( + getLocale(req), + "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", + implname)).toString(), null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - IAuthManager oldinst = - (IAuthManager) mAuths.get(id); + IAuthManager oldinst = (IAuthManager) mAuths.get(id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -1486,7 +1401,7 @@ public class AuthAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IAuthSubsystem.PROP_PLUGIN, - (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); + (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -1502,10 +1417,9 @@ public class AuthAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig + .getSubStore(DestDef.DEST_AUTH_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -1533,52 +1447,56 @@ public class AuthAdminServlet extends AdminServlet { IAuthManager newMgrInst = null; try { - newMgrInst = (IAuthManager) Class.forName(className).newInstance(); + newMgrInst = (IAuthManager) Class.forName(className) + .newInstance(); } catch (ClassNotFoundException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // cleanup restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthException(CMS + .getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (InstantiationException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthException(CMS + .getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } catch (IllegalAccessException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EAuthException(CMS + .getUserMessage(getLocale(req), + "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", + className)).toString(), null, resp); return; } @@ -1589,10 +1507,8 @@ public class AuthAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1602,25 +1518,22 @@ public class AuthAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -1628,17 +1541,14 @@ public class AuthAdminServlet extends AdminServlet { mAuths.add(id, newMgrInst); - mAuths.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); + mAuths.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id)); NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1646,11 +1556,8 @@ public class AuthAdminServlet extends AdminServlet { return; } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1658,34 +1565,31 @@ public class AuthAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_AUTH, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, String id, + NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -1695,7 +1599,7 @@ public class AuthAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java index bfa9cccd..cca86dce 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.util.Enumeration; import java.util.Hashtable; @@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials { */ private static final long serialVersionUID = -6938644716486895814L; private Hashtable authCreds = null; - // Inserted by bskim + // Inserted by bskim private IArgBlock argblk = null; + // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential + * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred)throws EBaseException { + public void set(String name, Object cred) throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set + * credential set + * * @param name credential name * @return the named authentication credential */ @@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials { } /** - * removes the name and its corresponding credential from this - * credential set. This method does nothing if the named - * credential is not in the credential set. + * removes the name and its corresponding credential from this credential + * set. This method does nothing if the named credential is not in the + * credential set. + * * @param name credential name */ public void delete(String name) { @@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials { } /** - * returns an enumeration of the credentials in this credential - * set. Use the Enumeration methods on the returned object to - * fetch the elements sequentially. + * returns an enumeration of the credentials in this credential set. Use the + * Enumeration methods on the returned object to fetch the elements + * sequentially. + * * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java index 1cd3240f..483ebdac 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.File; import java.io.IOException; import java.net.UnknownHostException; @@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.request.IRequestListener; import com.netscape.cmsutil.util.Utils; - /** - * A class representings an administration servlet for Certificate - * Authority. This servlet is responsible to serve CA - * administrative operations such as configuration parameter - * updates. - * + * A class representings an administration servlet for Certificate Authority. + * This servlet is responsible to serve CA administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class CAAdminServlet extends AdminServlet { @@ -65,8 +62,7 @@ public class CAAdminServlet extends AdminServlet { private final static String INFO = "CAAdminServlet"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3"; private ICertificateAuthority mCA = null; protected static final String PROP_ENABLED = "enabled"; @@ -94,22 +90,22 @@ public class CAAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to - * the authenticate manager. + * Serves HTTP request. Each request is authenticated to the authenticate + * manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - - //get all operational flags + + // get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - //check operational flags + // check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); @@ -119,9 +115,8 @@ public class CAAdminServlet extends AdminServlet { try { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } getExtendedPluginInfo(req, resp); @@ -134,9 +129,8 @@ public class CAAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -158,9 +152,8 @@ public class CAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) @@ -171,9 +164,9 @@ public class CAAdminServlet extends AdminServlet { setCRLIPsConfig(req, resp); else if (scope.equals(ScopeDef.SC_CRL)) setCRLConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) setNotificationReqCompConfig(req, resp); - else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) + else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) setNotificationRevCompConfig(req, resp); else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) setNotificationRIQConfig(req, resp); @@ -182,9 +175,8 @@ public class CAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_CRLEXTS_RULES)) @@ -194,9 +186,8 @@ public class CAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -204,9 +195,8 @@ public class CAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_CRLIPS)) @@ -220,23 +210,24 @@ public class CAAdminServlet extends AdminServlet { } } - /*========================================================== - * private methods - *==========================================================*/ - + /* + * ========================================================== private + * methods========================================================== + */ + /* * handle request completion (cert issued) notification config requests */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { - + NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); - + if (name.equals(Constants.OP_TYPE)) continue; if (name.equals(Constants.RS_ID)) @@ -247,33 +238,35 @@ public class CAAdminServlet extends AdminServlet { continue; params.add(name, rc.getString(name, "")); } - + params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); + rc.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } - + private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { + IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); - + IConfigStore nc = config + .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore rc = nc + .getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); + getNotificationCompConfig(req, resp, rc); } - + private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { + IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); - + IConfigStore nc = config + .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore rc = nc + .getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); + getNotificationCompConfig(req, resp, rc); } @@ -281,16 +274,17 @@ public class CAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); + IConfigStore riq = nc + .getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); Enumeration e = req.getParameterNames(); @@ -308,8 +302,8 @@ public class CAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } @@ -317,15 +311,16 @@ public class CAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); + IConfigStore riq = nc + .getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE); - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -346,15 +341,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { - String error = - "Template: " + val + " does not exist or invalid"; + || (template.isDirectory())) { + String error = "Template: " + val + + " does not exist or invalid"; - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PATH"), null, resp); return; } } @@ -377,10 +372,11 @@ public class CAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, + IRequestListener thisListener) throws ServletException, IOException, EBaseException { - - //set rest of the parameters + + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -401,15 +397,15 @@ public class CAAdminServlet extends AdminServlet { File template = new File(val); if ((!template.exists()) || (!template.canRead()) - || (template.isDirectory())) { - String error = - "Template: " + val + " does not exist or invalid"; + || (template.isDirectory())) { + String error = "Template: " + val + + " does not exist or invalid"; - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PATH"), null, resp); return; } } @@ -429,33 +425,35 @@ public class CAAdminServlet extends AdminServlet { } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); + IConfigStore rc = nc + .getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener()); - } + } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore config = mCA.getConfigStore(); - IConfigStore nc = - config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); + IConfigStore rc = nc + .getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mCA.getCertIssuedListener()); } private void listCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration ips = mCA.getCRLIssuingPoints(); @@ -468,17 +466,17 @@ public class CAAdminServlet extends AdminServlet { if (ipId != null && ipId.length() > 0) params.add(ipId, ip.getDescription()); - params.add(ipId + "." + Constants.PR_ENABLED, - (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString()); + params.add(ipId + "." + Constants.PR_ENABLED, (Boolean + .valueOf(ip.isCRLIssuingPointEnabled())).toString()); } } - + sendResponse(SUCCESS, null, params, resp); } private void getCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); @@ -518,11 +516,12 @@ public class CAAdminServlet extends AdminServlet { /** * Add CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -530,8 +529,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void addCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -545,10 +544,8 @@ public class CAAdminServlet extends AdminServlet { if (ipId == null || ipId.length() == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -562,10 +559,8 @@ public class CAAdminServlet extends AdminServlet { if (desc == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -577,16 +572,16 @@ public class CAAdminServlet extends AdminServlet { String sEnable = req.getParameter(Constants.PR_ENABLED); boolean enable = true; - if (sEnable != null && sEnable.length() > 0 && - sEnable.equalsIgnoreCase(Constants.FALSE)) { + if (sEnable != null && sEnable.length() > 0 + && sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { params.add(Constants.PR_ENABLED, Constants.TRUE); } - IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlSubStore = mCA.getConfigStore().getSubStore( + ICertificateAuthority.PROP_CRL_SUBSTORE); Enumeration crlNames = crlSubStore.getSubStoreNames(); while (crlNames.hasMoreElements()) { @@ -595,24 +590,21 @@ public class CAAdminServlet extends AdminServlet { if (ipId.equals(name)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, ipId + " CRL IP already exists", null, resp); + sendResponse(ERROR, ipId + " CRL IP already exists", null, + resp); return; } } if (!mCA.addCRLIssuingPoint(crlSubStore, ipId, enable, desc)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -623,10 +615,8 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -634,10 +624,8 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -646,38 +634,37 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Set CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -685,8 +672,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -700,10 +687,8 @@ public class CAAdminServlet extends AdminServlet { if (ipId == null || ipId.length() == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -717,10 +702,8 @@ public class CAAdminServlet extends AdminServlet { if (desc == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -732,16 +715,16 @@ public class CAAdminServlet extends AdminServlet { String sEnable = req.getParameter(Constants.PR_ENABLED); boolean enable = true; - if (sEnable != null && sEnable.length() > 0 && - sEnable.equalsIgnoreCase(Constants.FALSE)) { + if (sEnable != null && sEnable.length() > 0 + && sEnable.equalsIgnoreCase(Constants.FALSE)) { enable = false; params.add(Constants.PR_ENABLED, Constants.FALSE); } else { params.add(Constants.PR_ENABLED, Constants.TRUE); } - IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlSubStore = mCA.getConfigStore().getSubStore( + ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -759,8 +742,8 @@ public class CAAdminServlet extends AdminServlet { if (c != null) { c.putString(Constants.PR_DESCRIPTION, desc); - c.putString(Constants.PR_ENABLED, - (enable) ? Constants.TRUE : Constants.FALSE); + c.putString(Constants.PR_ENABLED, + (enable) ? Constants.TRUE : Constants.FALSE); } done = true; break; @@ -769,10 +752,8 @@ public class CAAdminServlet extends AdminServlet { if (!done) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -783,10 +764,8 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -794,10 +773,8 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -806,38 +783,37 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Delete CRL issuing points configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -845,8 +821,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void deleteCRLIPsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -858,8 +834,8 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); if (id != null && id.length() > 0) { - IConfigStore crlSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlSubStore = mCA.getConfigStore().getSubStore( + ICertificateAuthority.PROP_CRL_SUBSTORE); boolean done = false; Enumeration crlNames = crlSubStore.getSubStoreNames(); @@ -875,10 +851,8 @@ public class CAAdminServlet extends AdminServlet { if (!done) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -890,10 +864,8 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -901,10 +873,8 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -913,33 +883,31 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); String ipId = null; @@ -974,11 +942,12 @@ public class CAAdminServlet extends AdminServlet { /** * Delete CRL extensions configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -986,8 +955,8 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1006,11 +975,11 @@ public class CAAdminServlet extends AdminServlet { ICMSCRLExtensions crlExts = ip.getCRLExtensions(); IConfigStore config = mCA.getConfigStore(); - IConfigStore crlsSubStore = - config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlsSubStore = config + .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId); - IConfigStore crlExtsSubStore = - crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); + IConfigStore crlExtsSubStore = crlSubStore + .getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); String id = req.getParameter(Constants.RS_ID); @@ -1044,10 +1013,8 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1055,10 +1022,8 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1067,33 +1032,31 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void listCRLExtsConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.PR_ID); @@ -1103,9 +1066,11 @@ public class CAAdminServlet extends AdminServlet { } IConfigStore config = mCA.getConfigStore(); - IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlsSubStore = config + .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); - IConfigStore crlExtsSubStore = crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); + IConfigStore crlExtsSubStore = crlSubStore + .getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE); if (crlExtsSubStore != null) { Enumeration enumExts = crlExtsSubStore.getSubStoreNames(); @@ -1113,7 +1078,8 @@ public class CAAdminServlet extends AdminServlet { while (enumExts.hasMoreElements()) { String extName = (String) enumExts.nextElement(); boolean crlExtEnabled = false; - IConfigStore crlExtSubStore = crlExtsSubStore.getSubStore(extName); + IConfigStore crlExtSubStore = crlExtsSubStore + .getSubStore(extName); Enumeration properties = crlExtSubStore.getPropertyNames(); while (properties.hasMoreElements()) { @@ -1123,33 +1089,35 @@ public class CAAdminServlet extends AdminServlet { crlExtEnabled = crlExtSubStore.getBoolean(name, false); } } - params.add(extName, extName + ";visible;" + ((crlExtEnabled) ? "enabled" : "disabled")); + params.add(extName, extName + ";visible;" + + ((crlExtEnabled) ? "enabled" : "disabled")); } } sendResponse(SUCCESS, null, params, resp); } - /** - * retrieve extended plugin info such as brief description, - * type info from CRL extensions + /** + * retrieve extended plugin info such as brief description, type info from + * CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, + implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, + String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; @@ -1182,7 +1150,8 @@ public class CAAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info + .getExtendedPluginInfo(locale)); } return nvps; @@ -1191,11 +1160,12 @@ public class CAAdminServlet extends AdminServlet { /** * Set CRL configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when * configuring CRL profile (extensions, frequency, CRL format) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -1203,7 +1173,7 @@ public class CAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1214,18 +1184,19 @@ public class CAAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); - if (id == null || id.length() <= 0 || - id.equals(Constants.RS_ID_CONFIG)) { + if (id == null || id.length() <= 0 + || id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id); - //Save New Settings to the config file + // Save New Settings to the config file IConfigStore config = mCA.getConfigStore(); - IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlsSubStore = config + .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); - //set reset of the parameters + // set reset of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -1250,10 +1221,8 @@ public class CAAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1264,10 +1233,8 @@ public class CAAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1276,44 +1243,40 @@ public class CAAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private void getCRLConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getCRLConfig(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); - if (id == null || id.length() <= 0 || - id.equals(Constants.RS_ID_CONFIG)) { + if (id == null || id.length() <= 0 || id.equals(Constants.RS_ID_CONFIG)) { id = ICertificateAuthority.PROP_MASTER_CRL; } - IConfigStore crlsSubStore = - mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE); + IConfigStore crlsSubStore = mCA.getConfigStore().getSubStore( + ICertificateAuthority.PROP_CRL_SUBSTORE); IConfigStore crlSubStore = crlsSubStore.getSubStore(id); Enumeration e = req.getParameterNames(); @@ -1335,10 +1298,10 @@ public class CAAdminServlet extends AdminServlet { getSigningAlgConfig(params); sendResponse(SUCCESS, null, params, resp); } - + private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; @@ -1370,14 +1333,14 @@ public class CAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore caConfig = mCA.getConfigStore(); IConfigStore connectorConfig = caConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; -// String nickname = CMS.getServerCertNickname(); + // String nickname = CMS.getServerCertNickname(); if (isKRAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("KRA"); @@ -1397,17 +1360,17 @@ public class CAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; -/* - if (name.equals("nickName")) { - caConnectorConfig.putString(name, nickname); - continue; - } -*/ + /* + * if (name.equals("nickName")) { + * caConnectorConfig.putString(name, nickname); continue; } + */ if (name.equals("host")) { try { Utils.checkHost(req.getParameter("host")); } catch (UnknownHostException e) { - sendResponse(ERROR, "Unknown Host " + req.getParameter("host"), null, resp); + sendResponse(ERROR, + "Unknown Host " + req.getParameter("host"), + null, resp); return; } } @@ -1456,47 +1419,43 @@ public class CAAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); String value = "false"; /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); - if (eeGateway != null) { - IConfigStore eeConfig = eeGateway.getConfigStore(); - if (eeConfig != null) - value = eeConfig.getString("enabled", "true"); - String ocspValue = "true"; - ocspValue = eeConfig.getString("enableOCSP", "true"); - params.add(Constants.PR_OCSP_ENABLED, ocspValue); - } - params.add(Constants.PR_EE_ENABLED, value); + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); if (eeGateway != + * null) { IConfigStore eeConfig = eeGateway.getConfigStore(); if + * (eeConfig != null) value = eeConfig.getString("enabled", "true"); + * String ocspValue = "true"; ocspValue = + * eeConfig.getString("enableOCSP", "true"); + * params.add(Constants.PR_OCSP_ENABLED, ocspValue); } + * params.add(Constants.PR_EE_ENABLED, value); */ - IConfigStore caConfig = mCA.getConfigStore(); - value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false"); + value = caConfig.getString( + ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false"); params.add(Constants.PR_VALIDITY, value); getSigningAlgConfig(params); getSerialConfig(params); getMaxSerialConfig(params); - + sendResponse(SUCCESS, null, params, resp); } private void getSigningAlgConfig(NameValuePairs params) { - params.add(Constants.PR_DEFAULT_ALGORITHM, - mCA.getDefaultAlgorithm()); + params.add(Constants.PR_DEFAULT_ALGORITHM, mCA.getDefaultAlgorithm()); String[] algorithms = mCA.getCASigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); for (int i = 0; i < algorithms.length; i++) { - if (i == 0) + if (i == 0) algorStr.append(algorithms[i]); else { algorStr.append(":"); @@ -1507,24 +1466,22 @@ public class CAAdminServlet extends AdminServlet { } private void getSerialConfig(NameValuePairs params) { - params.add(Constants.PR_SERIAL, - mCA.getStartSerial()); + params.add(Constants.PR_SERIAL, mCA.getStartSerial()); } private void getMaxSerialConfig(NameValuePairs params) { - params.add(Constants.PR_MAXSERIAL, - mCA.getMaxSerial()); + params.add(Constants.PR_MAXSERIAL, mCA.getMaxSerial()); } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { ISubsystem eeGateway = null; /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); */ IConfigStore eeConfig = null; @@ -1533,7 +1490,7 @@ public class CAAdminServlet extends AdminServlet { Enumeration enum1 = req.getParameterNames(); boolean restart = false; - //mCA.setMaxSerial(""); + // mCA.setMaxSerial(""); while (enum1.hasMoreElements()) { String key = (String) enum1.nextElement(); String value = req.getParameter(key); @@ -1541,15 +1498,11 @@ public class CAAdminServlet extends AdminServlet { if (key.equals(Constants.PR_EE_ENABLED)) { /* - if (eeConfig != null) { - if (((EEGateway)eeGateway).isEnabled() && - value.equals("false") || - !((EEGateway)eeGateway).isEnabled() && - value.equals("true")) { - restart=true;; - } - eeConfig.putString("enabled", value); - } + * if (eeConfig != null) { if + * (((EEGateway)eeGateway).isEnabled() && value.equals("false") + * || !((EEGateway)eeGateway).isEnabled() && + * value.equals("true")) { restart=true;; } + * eeConfig.putString("enabled", value); } */ } else if (key.equals(Constants.PR_VALIDITY)) { mCA.setValidity(value); @@ -1570,23 +1523,21 @@ public class CAAdminServlet extends AdminServlet { } /** - * Retrieves configuration parameters of certificate - * authority. + * Retrieves configuration parameters of certificate authority. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { // validate super.getConfig(mCA.getConfigStore(), req, resp); } /** - * Sets configuration parameters of certificate - * authority. + * Sets configuration parameters of certificate authority. */ - private synchronized void setConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void setConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { super.setConfig(mCA.getConfigStore(), req, resp); // XXX - commit changes } @@ -1594,19 +1545,18 @@ public class CAAdminServlet extends AdminServlet { /** * Lists configuration store parameters. */ - private synchronized void listConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { super.listConfig(mCA.getConfigStore(), req, resp); } /** - * Locks a request so that no one can modify it except - * owner. + * Locks a request so that no one can modify it except owner. */ - private synchronized void lockRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void lockRequest(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); // XXX @@ -1614,12 +1564,11 @@ public class CAAdminServlet extends AdminServlet { } /** - * Locks certificate record so that no one can - * modify it except owner. + * Locks certificate record so that no one can modify it except owner. */ - private synchronized void lockCertRecord(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void lockCertRecord(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); @@ -1628,9 +1577,9 @@ public class CAAdminServlet extends AdminServlet { /** * Modifies a cert record. */ - private synchronized void modifyCertRecord(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void modifyCertRecord(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); // XXX @@ -1640,7 +1589,7 @@ public class CAAdminServlet extends AdminServlet { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "CAAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level, + "CAAdminServlet: " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index f57d12e2..ba8aa448 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -83,11 +82,10 @@ import com.netscape.cmsutil.util.Cert; import com.netscape.symkey.SessionKey; /** - * A class representings an administration servlet. This - * servlet is responsible to serve Certificate Server - * level administrative operations such as configuration - * parameter updates. - * + * A class representings an administration servlet. This servlet is responsible + * to serve Certificate Server level administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public final class CMSAdminServlet extends AdminServlet { @@ -108,16 +106,11 @@ public final class CMSAdminServlet extends AdminServlet { private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = - "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = - "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; - private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = - "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; - private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = - "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; - private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = - "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; + private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; + private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; + private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; // CMS must be instantiated before this admin servlet. @@ -146,13 +139,13 @@ public final class CMSAdminServlet extends AdminServlet { * Serves HTTP request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); try { super.authenticate(req); } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); return; } @@ -164,9 +157,8 @@ public final class CMSAdminServlet extends AdminServlet { if (scope.equals(ScopeDef.SC_PLATFORM)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } getEnv(req, resp); @@ -175,9 +167,8 @@ public final class CMSAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) @@ -199,14 +190,13 @@ public final class CMSAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) setDBConfig(req, resp); - else if (scope.equals(ScopeDef.SC_SMTP)) + else if (scope.equals(ScopeDef.SC_SMTP)) modifySMTPConfig(req, resp); else if (scope.equals(ScopeDef.SC_TASKS)) performTasks(req, resp); @@ -214,9 +204,9 @@ public final class CMSAdminServlet extends AdminServlet { modifyEncryption(req, resp); else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT)) issueImportCert(req, resp); - else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) + else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) installCert(req, resp); - else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) + else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) importXCert(req, resp); else if (scope.equals(ScopeDef.SC_DELETE_CERTS)) deleteCerts(req, resp); @@ -229,9 +219,8 @@ public final class CMSAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_SUBSYSTEM)) @@ -240,33 +229,31 @@ public final class CMSAdminServlet extends AdminServlet { getCACerts(req, resp); else if (scope.equals(ScopeDef.SC_ALL_CERTLIST)) getAllCertsManage(req, resp); - else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) + else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) getUserCerts(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) getTKSKeys(req, resp); - else if (scope.equals(ScopeDef.SC_TOKEN)) + else if (scope.equals(ScopeDef.SC_TOKEN)) getAllTokenNames(req, resp); else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) getRootCerts(req, resp); } else if (op.equals(OpDef.OP_DELETE)) { mOp = "delete"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) { deleteRootCert(req, resp); } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) { - deleteUserCert(req,resp); + deleteUserCert(req, resp); } } else if (op.equals(OpDef.OP_PROCESS)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_CERT_REQUEST)) @@ -283,14 +270,13 @@ public final class CMSAdminServlet extends AdminServlet { checkTokenStatus(req, resp); else if (scope.equals(ScopeDef.SC_SELFTESTS)) runSelfTestsOnDemand(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) createMasterKey(req, resp); } else if (op.equals(OpDef.OP_VALIDATE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_SUBJECT_NAME)) @@ -303,8 +289,7 @@ public final class CMSAdminServlet extends AdminServlet { validateCurveName(req, resp); } } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; } catch (Exception e) { StringWriter sw = new StringWriter(); @@ -316,25 +301,24 @@ public final class CMSAdminServlet extends AdminServlet { } } - private void getEnv(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getEnv(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); if (File.separator.equals("\\")) params.add(Constants.PR_NT, Constants.TRUE); else params.add(Constants.PR_NT, Constants.FALSE); - + sendResponse(SUCCESS, null, params, resp); } private void getAllTokenNames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList()); @@ -343,15 +327,15 @@ public final class CMSAdminServlet extends AdminServlet { } private void getAllNicknames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts()); - + sendResponse(SUCCESS, null, params, resp); } @@ -362,27 +346,26 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type - if ((sys instanceof IKeyRecoveryAuthority) && - subsystem.equals("kra")) + // get subsystem type + if ((sys instanceof IKeyRecoveryAuthority) + && subsystem.equals("kra")) return true; - else if ((sys instanceof IRegistrationAuthority) && - subsystem.equals("ra")) + else if ((sys instanceof IRegistrationAuthority) + && subsystem.equals("ra")) return true; - else if ((sys instanceof ICertificateAuthority) && - subsystem.equals("ca")) + else if ((sys instanceof ICertificateAuthority) + && subsystem.equals("ca")) return true; - else if ((sys instanceof IOCSPAuthority) && - subsystem.equals("ocsp")) + else if ((sys instanceof IOCSPAuthority) + && subsystem.equals("ocsp")) return true; } return false; } - private void readEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void readEncryption(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration e = CMS.getSubsystems(); boolean isCAInstalled = false; @@ -395,7 +378,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -406,19 +389,20 @@ public final class CMSAdminServlet extends AdminServlet { isOCSPInstalled = true; else if (sys instanceof ITKSAuthority) isTKSInstalled = true; - - } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + } + + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String caTokenName = ""; NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_CIPHER_VERSION, - jssSubSystem.getCipherVersion()); - params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza()); - params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences()); + params.add(Constants.PR_CIPHER_VERSION, jssSubSystem.getCipherVersion()); + params.add(Constants.PR_CIPHER_FORTEZZA, + jssSubSystem.isCipherFortezza()); + params.add(Constants.PR_CIPHER_PREF, + jssSubSystem.getCipherPreferences()); String tokenList = jssSubSystem.getTokenList(); @@ -428,7 +412,7 @@ public final class CMSAdminServlet extends AdminServlet { while (tokenizer.hasMoreElements()) { String tokenName = (String) tokenizer.nextElement(); String certs = jssSubSystem.getCertListWithoutTokenName(tokenName); - + if (certs.equals("")) continue; if (tokenNewList.equals("")) @@ -442,7 +426,8 @@ public final class CMSAdminServlet extends AdminServlet { params.add(Constants.PR_TOKEN_LIST, tokenNewList); if (isCAInstalled) { - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); caTokenName = signingUnit.getTokenName(); @@ -452,31 +437,31 @@ public final class CMSAdminServlet extends AdminServlet { String caNickName = signingUnit.getNickname(); - //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); + // params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); params.add(Constants.PR_CERT_CA, getCertNickname(caNickName)); } if (isRAInstalled) { - IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); String raNickname = ra.getNickname(); params.add(Constants.PR_CERT_RA, getCertNickname(raNickname)); } if (isKRAInstalled) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); String kraNickname = kra.getNickname(); params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname)); } if (isTKSInstalled) { - ITKSAuthority tks = (ITKSAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_TKS); + ITKSAuthority tks = (ITKSAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_TKS); } String nickName = CMS.getServerCertNickname(); - + params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName)); sendResponse(SUCCESS, null, params, resp); @@ -518,18 +503,19 @@ public final class CMSAdminServlet extends AdminServlet { /** * Modify encryption configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when * configuring encryption (cert settings and SSL cipher preferences) * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to modify encryption configuration */ private void modifyEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -539,8 +525,8 @@ public final class CMSAdminServlet extends AdminServlet { try { Enumeration enum1 = req.getParameterNames(); NameValuePairs params = new NameValuePairs(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.getInternalTokenName(); Enumeration e = CMS.getSubsystems(); @@ -554,7 +540,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -563,21 +549,23 @@ public final class CMSAdminServlet extends AdminServlet { isCAInstalled = true; else if (sys instanceof IOCSPAuthority) isOCSPInstalled = true; - else if (sys instanceof ITKSAuthority) + else if (sys instanceof ITKSAuthority) isTKSInstalled = true; } - ICertificateAuthority ca = null; + ICertificateAuthority ca = null; IRegistrationAuthority ra = null; IKeyRecoveryAuthority kra = null; - ITKSAuthority tks = null; + ITKSAuthority tks = null; if (isCAInstalled) ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (isRAInstalled) - ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); if (isKRAInstalled) - kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); if (isTKSInstalled) tks = (ITKSAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_TKS); @@ -593,19 +581,20 @@ public final class CMSAdminServlet extends AdminServlet { ISigningUnit signingUnit = ca.getSigningUnit(); if ((val != null) && (!val.equals(""))) { - StringTokenizer tokenizer = new StringTokenizer(val, ","); + StringTokenizer tokenizer = new StringTokenizer(val, + ","); if (tokenizer.countTokens() != 2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException(CMS.getLogMessage("BASE_INVALID_UI_INFO")); + throw new EBaseException( + CMS.getLogMessage("BASE_INVALID_UI_INFO")); } String tokenName = (String) tokenizer.nextElement(); @@ -623,14 +612,14 @@ public final class CMSAdminServlet extends AdminServlet { } else // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException(CMS.getLogMessage("BASE_NOT_CA_CERT")); + throw new EBaseException( + CMS.getLogMessage("BASE_NOT_CA_CERT")); } } else if (name.equals(Constants.PR_CERT_RA)) { if ((val != null) && (!val.equals(""))) { @@ -660,10 +649,8 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -672,10 +659,8 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -684,28 +669,26 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getCertConfigNickname(String val) throws EBaseException { @@ -727,9 +710,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - httpsService.setNickName(nickName); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -737,9 +720,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - httpsService.setNickName(nickName); + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -747,9 +730,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); - HTTPService httpsService = eeGateway.getHttpsService(); - httpsService.setNickName(nickName); + * HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); HTTPService + * httpsService = eeGateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -757,31 +740,30 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - HTTPSubsystem caGateway = ca.getHTTPSubsystem(); - HTTPService httpsService = caGateway.getHttpsService(); - httpsService.setNickName(nickName); + * HTTPSubsystem caGateway = ca.getHTTPSubsystem(); HTTPService + * httpsService = caGateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } /** * Performs Server Tasks: RESTART/STOP operation */ - private void performTasks(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void performTasks(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String restart = req.getParameter(Constants.PR_SERVER_RESTART); String stop = req.getParameter(Constants.PR_SERVER_STOP); NameValuePairs params = new NameValuePairs(); if (restart != null) { - //XXX Uncommented afetr watchdog is implemented + // XXX Uncommented afetr watchdog is implemented sendResponse(SUCCESS, null, params, resp); - //mServer.restart(); + // mServer.restart(); return; } if (stop != null) { - //XXX Send response first then shutdown + // XXX Send response first then shutdown sendResponse(SUCCESS, null, params, resp); CMS.shutdown(); return; @@ -794,9 +776,8 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads subsystems that server has loaded with. */ - private void readSubsystem(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void readSubsystem(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = CMS.getSubsystems(); StringBuffer buff = new StringBuffer(); @@ -805,7 +786,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) type = Constants.PR_KRA_INSTANCE; if (sys instanceof IRegistrationAuthority) @@ -814,7 +795,7 @@ public final class CMSAdminServlet extends AdminServlet { type = Constants.PR_CA_INSTANCE; if (sys instanceof IOCSPAuthority) type = Constants.PR_OCSP_INSTANCE; - if (sys instanceof ITKSAuthority) + if (sys instanceof ITKSAuthority) type = Constants.PR_TKS_INSTANCE; if (!type.trim().equals("")) params.add(sys.getId(), type); @@ -826,13 +807,13 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads server statistics. */ - private void readStat(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void readStat(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore cs = CMS.getConfigStore(); try { - String installdate = cs.getString(Constants.PR_STAT_INSTALLDATE, ""); + String installdate = cs + .getString(Constants.PR_STAT_INSTALLDATE, ""); params.add(Constants.PR_STAT_INSTALLDATE, installdate); } catch (Exception e) { } @@ -850,9 +831,9 @@ public final class CMSAdminServlet extends AdminServlet { } params.add(Constants.PR_STAT_STARTUP, - (new Date(CMS.getStartupTime())).toString()); + (new Date(CMS.getStartupTime())).toString()); params.add(Constants.PR_STAT_TIME, - (new Date(System.currentTimeMillis())).toString()); + (new Date(System.currentTimeMillis())).toString()); sendResponse(SUCCESS, null, params, resp); } @@ -860,127 +841,105 @@ public final class CMSAdminServlet extends AdminServlet { * Modifies network information. */ private void modifyNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { /* - HTTPSubsystem eeGateway = (HTTPSubsystem) - SubsystemRegistry.getInstance().get("eeGateway"); - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); - - Enumeration enum1 = req.getParameterNames(); - - String eeHTTPportString = null; - String eeHTTPSportString = null; - String agentHTTPSportString = null; - String radminHTTPSportString = null; - - String gatewayBacklog = "15"; - - // eeHTTPEnabled corresponds to the checkbox which enables the - // HTTP EE port - String eeHTTPEnabled = Constants.FALSE; - - while (enum1.hasMoreElements()) { - String key = (String)enum1.nextElement(); - String value = (String)req.getParameter(key); - - if (key.equals(Constants.PR_AGENT_S_BACKLOG)) { - agent.setHTTPSBacklog(value); - } else if (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) { - eeGateway.setHTTPSBacklog(value); - } else if (key.equals(Constants.PR_ADMIN_S_BACKLOG)) { - raAdmin.setHTTPSBacklog(value); - } else if (key.equals(Constants.PR_GATEWAY_BACKLOG)) { - gatewayBacklog = value; - } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) { - eeHTTPEnabled = value; - } - } - - - eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT); - eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT); - agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT); - radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT); - - - int eeHTTPport=0; - int eeHTTPSport=0; - int agentHTTPSport=0; - int radminHTTPSport=0; - if (eeHTTPportString != null) eeHTTPport = Integer.parseInt(eeHTTPportString); - if (eeHTTPSportString != null) eeHTTPSport = Integer.parseInt(eeHTTPSportString); - if (agentHTTPSportString != null) agentHTTPSport = Integer.parseInt(agentHTTPSportString); - if (radminHTTPSportString != null) radminHTTPSport = Integer.parseInt(radminHTTPSportString); - - - String portName=""; - int portnum; - try { - - // EE HTTP is special, since it has it's own checkbox for enabling/disabling - if (eeHTTPEnabled.equals(Constants.TRUE) && - eeHTTPport != 0 && - eeHTTPport != eeGateway.getHTTPPort()) - { - portName = "End-entity"; - checkPortAvailable(eeHTTPport); - } - - if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) { - portName = "SSL End-entity"; - checkPortAvailable(eeHTTPSport); - } - if (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) { - portName = "Agent"; - checkPortAvailable(agentHTTPSport); - } - if (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) { - portName = "Remote Admin"; - checkPortAvailable(radminHTTPSport); - } - - // If any of the above ports are not available, an exception - // will be thrown and these methods below will not be called - - if (eeHTTPEnabled.equals(Constants.TRUE)) { - eeGateway.setHTTPPort(eeHTTPport); - } - eeGateway.setHTTPSPort(eeHTTPSport); - agent.setHTTPSPort(agentHTTPSport); - raAdmin.setHTTPSPort(radminHTTPSport); - - } catch (IOException e) { - // send 'port in use' error - sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); - // we do not want to save the config in this case - return; - } - - eeGateway.setHTTPBacklog(gatewayBacklog); - eeGateway.setHTTPPortEnable(eeHTTPEnabled); - - mConfig.commit(true); - sendResponse(RESTART, null, null, resp); - */ + * HTTPSubsystem eeGateway = (HTTPSubsystem) + * SubsystemRegistry.getInstance().get("eeGateway"); RemoteAdmin raAdmin + * = (RemoteAdmin)RemoteAdmin.getInstance(); AgentGateway agent = + * (AgentGateway)mReg.get(AgentGateway.ID); + * + * Enumeration enum1 = req.getParameterNames(); + * + * String eeHTTPportString = null; String eeHTTPSportString = null; + * String agentHTTPSportString = null; String radminHTTPSportString = + * null; + * + * String gatewayBacklog = "15"; + * + * // eeHTTPEnabled corresponds to the checkbox which enables the // + * HTTP EE port String eeHTTPEnabled = Constants.FALSE; + * + * while (enum1.hasMoreElements()) { String key = + * (String)enum1.nextElement(); String value = + * (String)req.getParameter(key); + * + * if (key.equals(Constants.PR_AGENT_S_BACKLOG)) { + * agent.setHTTPSBacklog(value); } else if + * (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) { + * eeGateway.setHTTPSBacklog(value); } else if + * (key.equals(Constants.PR_ADMIN_S_BACKLOG)) { + * raAdmin.setHTTPSBacklog(value); } else if + * (key.equals(Constants.PR_GATEWAY_BACKLOG)) { gatewayBacklog = value; + * } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) { + * eeHTTPEnabled = value; } } + * + * + * eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT); + * eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT); + * agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT); + * radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT); + * + * + * int eeHTTPport=0; int eeHTTPSport=0; int agentHTTPSport=0; int + * radminHTTPSport=0; if (eeHTTPportString != null) eeHTTPport = + * Integer.parseInt(eeHTTPportString); if (eeHTTPSportString != null) + * eeHTTPSport = Integer.parseInt(eeHTTPSportString); if + * (agentHTTPSportString != null) agentHTTPSport = + * Integer.parseInt(agentHTTPSportString); if (radminHTTPSportString != + * null) radminHTTPSport = Integer.parseInt(radminHTTPSportString); + * + * + * String portName=""; int portnum; try { + * + * // EE HTTP is special, since it has it's own checkbox for + * enabling/disabling if (eeHTTPEnabled.equals(Constants.TRUE) && + * eeHTTPport != 0 && eeHTTPport != eeGateway.getHTTPPort()) { portName + * = "End-entity"; checkPortAvailable(eeHTTPport); } + * + * if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) { + * portName = "SSL End-entity"; checkPortAvailable(eeHTTPSport); } if + * (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) { + * portName = "Agent"; checkPortAvailable(agentHTTPSport); } if + * (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) { + * portName = "Remote Admin"; checkPortAvailable(radminHTTPSport); } + * + * // If any of the above ports are not available, an exception // will + * be thrown and these methods below will not be called + * + * if (eeHTTPEnabled.equals(Constants.TRUE)) { + * eeGateway.setHTTPPort(eeHTTPport); } + * eeGateway.setHTTPSPort(eeHTTPSport); + * agent.setHTTPSPort(agentHTTPSport); + * raAdmin.setHTTPSPort(radminHTTPSport); + * + * } catch (IOException e) { // send 'port in use' error + * sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); // we + * do not want to save the config in this case return; } + * + * eeGateway.setHTTPBacklog(gatewayBacklog); + * eeGateway.setHTTPPortEnable(eeHTTPEnabled); + * + * mConfig.commit(true); sendResponse(RESTART, null, null, resp); + */ } /** * Check if the port is available for binding. + * * @throws IOException if not available */ - private void checkPortAvailable(int port) - throws IOException { + private void checkPortAvailable(int port) throws IOException { try { // see if the port is being used by somebody else ServerSocket ss = new ServerSocket(port); ss.close(); } catch (Exception e) { - throw new IOException("port " + port + " is in use. Please select another port"); + throw new IOException("port " + port + + " is in use. Please select another port"); } } @@ -988,8 +947,8 @@ public final class CMSAdminServlet extends AdminServlet { * Reads network information. */ private void readNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); @@ -1000,58 +959,52 @@ public final class CMSAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - private void getEENetworkConfig(NameValuePairs params) - throws EBaseException { + private void getEENetworkConfig(NameValuePairs params) + throws EBaseException { /* - HTTPSubsystem eeGateway = - (HTTPSubsystem)mReg.get("eeGateway"); - if (eeGateway == null) { - // i.e. standalone DRM - params.add(Constants.PR_GATEWAY_S_PORT, "-1"); - params.add(Constants.PR_GATEWAY_PORT, "-1"); - params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1"); - params.add(Constants.PR_GATEWAY_BACKLOG,"-1"); - params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); - } else { - params.add(Constants.PR_GATEWAY_S_PORT, - ""+eeGateway.getHTTPSPort()); - params.add(Constants.PR_GATEWAY_PORT, - ""+eeGateway.getHTTPPort()); - params.add(Constants.PR_GATEWAY_S_BACKLOG, - ""+eeGateway.getHTTPBacklog()); - params.add(Constants.PR_GATEWAY_BACKLOG, - ""+eeGateway.getHTTPSBacklog()); - params.add(Constants.PR_GATEWAY_PORT_ENABLED, - eeGateway.getHTTPPortEnable()); - } - */ + * HTTPSubsystem eeGateway = (HTTPSubsystem)mReg.get("eeGateway"); if + * (eeGateway == null) { // i.e. standalone DRM + * params.add(Constants.PR_GATEWAY_S_PORT, "-1"); + * params.add(Constants.PR_GATEWAY_PORT, "-1"); + * params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1"); + * params.add(Constants.PR_GATEWAY_BACKLOG,"-1"); + * params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); } else { + * params.add(Constants.PR_GATEWAY_S_PORT, ""+eeGateway.getHTTPSPort()); + * params.add(Constants.PR_GATEWAY_PORT, ""+eeGateway.getHTTPPort()); + * params.add(Constants.PR_GATEWAY_S_BACKLOG, + * ""+eeGateway.getHTTPBacklog()); + * params.add(Constants.PR_GATEWAY_BACKLOG, + * ""+eeGateway.getHTTPSBacklog()); + * params.add(Constants.PR_GATEWAY_PORT_ENABLED, + * eeGateway.getHTTPPortEnable()); } + */ } private void getAdminConfig(NameValuePairs params) throws EBaseException { /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort()); - params.add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog()); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort()); + * params + * .add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog()); */ } private void getAgentConfig(NameValuePairs params) throws EBaseException { /* - AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); - params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort()); - params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog()); + * AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); + * params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort()); + * params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog()); */ } /** * Modifies database information. */ - private void setDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void setDBConfig(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB); Enumeration enum1 = req.getParameterNames(); @@ -1065,56 +1018,53 @@ public final class CMSAdminServlet extends AdminServlet { continue; if (key.equals(Constants.OP_SCOPE)) continue; - - dbConfig.putString(key, req.getParameter(key)); + + dbConfig.putString(key, req.getParameter(key)); } sendResponse(RESTART, null, null, resp); mConfig.commit(true); } - /** + + /** * Create Master Key */ -private void createMasterKey(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void createMasterKey(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - String newKeyName = null, selectedToken = null; + String newKeyName = null, selectedToken = null; while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_KEY_LIST)) - { - newKeyName = req.getParameter(name); - } - if (name.equals(Constants.PR_TOKEN_LIST)) - { - selectedToken = req.getParameter(name); - } - + if (name.equals(Constants.PR_KEY_LIST)) { + newKeyName = req.getParameter(name); + } + if (name.equals(Constants.PR_TOKEN_LIST)) { + selectedToken = req.getParameter(name); + } } - if(selectedToken!=null && newKeyName!=null) - { - String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName); - CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); - String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); - - SessionKey.SetDefaultPrefix(masterKeyPrefix); - params.add(Constants.PR_KEY_LIST, newKeyName); - params.add(Constants.PR_TOKEN_LIST, selectedToken); - } - sendResponse(SUCCESS, null, params, resp); -} + if (selectedToken != null && newKeyName != null) { + String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName); + CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); + String masterKeyPrefix = CMS.getConfigStore().getString( + "tks.master_key_prefix", null); + + SessionKey.SetDefaultPrefix(masterKeyPrefix); + params.add(Constants.PR_KEY_LIST, newKeyName); + params.add(Constants.PR_TOKEN_LIST, selectedToken); + } + sendResponse(SUCCESS, null, params, resp); + } - /** + /** * Reads secmod.db */ - private void getTKSKeys(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getTKSKeys(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -1122,57 +1072,56 @@ private void createMasterKey(HttpServletRequest req, while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_TOKEN_LIST)) - { - String selectedToken = req.getParameter(name); - - int count = 0; - int keys_found = 0; - - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - - CryptoToken token = null; - CryptoManager mCryptoManager = null; - try { - mCryptoManager = CryptoManager.getInstance(); - } catch (Exception e2) { - } - - if(!jssSubSystem.isTokenLoggedIn(selectedToken)) - { - PasswordCallback cpcb = new ConsolePasswordCallback(); - while (true) { + if (name.equals(Constants.PR_TOKEN_LIST)) { + String selectedToken = req.getParameter(name); + + int count = 0; + int keys_found = 0; + + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + + CryptoToken token = null; + CryptoManager mCryptoManager = null; + try { + mCryptoManager = CryptoManager.getInstance(); + } catch (Exception e2) { + } + + if (!jssSubSystem.isTokenLoggedIn(selectedToken)) { + PasswordCallback cpcb = new ConsolePasswordCallback(); + while (true) { try { - token = mCryptoManager.getTokenByName(selectedToken); - token.login(cpcb); + token = mCryptoManager + .getTokenByName(selectedToken); + token.login(cpcb); break; } catch (Exception e3) { - //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); + // log(ILogger.LL_FAILURE, + // CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); continue; } - } - } - // String symKeys = new String("key1,key2"); - String symKeys = SessionKey.ListSymmetricKeys(selectedToken); - params.add(Constants.PR_TOKEN_LIST, symKeys); + } + } + // String symKeys = new String("key1,key2"); + String symKeys = SessionKey.ListSymmetricKeys(selectedToken); + params.add(Constants.PR_TOKEN_LIST, symKeys); - } + } } sendResponse(SUCCESS, null, params, resp); } - - + /** * Reads database information. */ - private void getDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getDBConfig(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_DB); IConfigStore ldapConfig = dbConfig.getSubStore("ldap"); NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); @@ -1184,7 +1133,7 @@ private void createMasterKey(HttpServletRequest req, continue; if (name.equals(Constants.PR_SECURE_PORT_ENABLED)) params.add(name, ldapConfig.getString(name, "Constants.FALSE")); - else + else params.add(name, ldapConfig.getString(name, "")); } sendResponse(SUCCESS, null, params, resp); @@ -1194,8 +1143,8 @@ private void createMasterKey(HttpServletRequest req, * Modifies SMTP configuration. */ private void modifySMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { // XXX IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP); @@ -1208,7 +1157,7 @@ private void createMasterKey(HttpServletRequest req, if (port != null) sConfig.putString("port", port); - + commit(true); sendResponse(SUCCESS, null, null, resp); @@ -1217,22 +1166,18 @@ private void createMasterKey(HttpServletRequest req, /** * Reads SMTP configuration. */ - private void readSMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void readSMTPConfig(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_SERVER_NAME, - dbConfig.getString("host")); - params.add(Constants.PR_PORT, - dbConfig.getString("port")); + params.add(Constants.PR_SERVER_NAME, dbConfig.getString("host")); + params.add(Constants.PR_PORT, dbConfig.getString("port")); sendResponse(SUCCESS, null, params, resp); } - private void loggedInToken(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void loggedInToken(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String tokenName = ""; String pwd = ""; @@ -1248,8 +1193,8 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.loggedInToken(tokenName, pwd); @@ -1259,8 +1204,8 @@ private void createMasterKey(HttpServletRequest req, } private void checkTokenStatus(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); String key = ""; String value = ""; @@ -1273,8 +1218,8 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); boolean status = jssSubSystem.isTokenLoggedIn(value); NameValuePairs params = new NameValuePairs(); @@ -1287,18 +1232,18 @@ private void createMasterKey(HttpServletRequest req, /** * Retrieve a certificate request * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when * asymmetric keys are generated * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to retrieve certificate request */ - private void getCertRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getCertRequest(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditPublicKey = ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1346,11 +1291,11 @@ private void createMasterKey(HttpServletRequest req, } } - pathname = mConfig.getString("instanceRoot", "") - + File.separator + "conf" + File.separator; + pathname = mConfig.getString("instanceRoot", "") + File.separator + + "conf" + File.separator; dir = pathname; - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); KeyPair keypair = null; PQGParams pqgParams = null; @@ -1376,10 +1321,8 @@ private void createMasterKey(HttpServletRequest req, if (nickname.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, - ILogger.FAILURE, - auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, ILogger.FAILURE, auditPublicKey); audit(auditMessage); @@ -1390,11 +1333,13 @@ private void createMasterKey(HttpServletRequest req, } else { if (keyType.equals("ECC")) { // get ECC keypair - keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType); - } else { //DSA or RSA + keypair = jssSubSystem.getECCKeyPair(tokenName, + keyCurveName, certType); + } else { // DSA or RSA if (keyType.equals("DSA")) - pqgParams = jssSubSystem.getPQG(keyLength); - keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams); + pqgParams = jssSubSystem.getPQG(keyLength); + keypair = jssSubSystem.getKeyPair(tokenName, keyType, + keyLength, pqgParams); } } @@ -1439,10 +1384,8 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, - ILogger.SUCCESS, - auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, + ILogger.SUCCESS, auditPublicKey); audit(auditMessage); @@ -1451,10 +1394,8 @@ private void createMasterKey(HttpServletRequest req, } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, - ILogger.FAILURE, - auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, + ILogger.FAILURE, auditPublicKey); audit(auditMessage); @@ -1463,34 +1404,32 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, - ILogger.FAILURE, - auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, + ILogger.FAILURE, auditPublicKey); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - // auditSubjectID, - // ILogger.FAILURE, - // auditPublicKey ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void setCANewnickname(String tokenName, String nickname) - throws EBaseException { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + // auditSubjectID, + // ILogger.FAILURE, + // auditPublicKey ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void setCANewnickname(String tokenName, String nickname) + throws EBaseException { + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1504,17 +1443,17 @@ private void createMasterKey(HttpServletRequest req, } private String getCANewnickname() throws EBaseException { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } private void setRANewnickname(String tokenName, String nickname) - throws EBaseException { - IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + throws EBaseException { + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) ra.setNewNickName(nickname); @@ -1527,15 +1466,16 @@ private void createMasterKey(HttpServletRequest req, } private String getRANewnickname() throws EBaseException { - IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); return ra.getNewNickName(); } private void setOCSPNewnickname(String tokenName, String nickname) - throws EBaseException { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + throws EBaseException { + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); @@ -1549,8 +1489,8 @@ private void createMasterKey(HttpServletRequest req, signingUnit.setNewNickName(tokenName + ":" + nickname); } } else { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1565,25 +1505,26 @@ private void createMasterKey(HttpServletRequest req, } private String getOCSPNewnickname() throws EBaseException { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } else { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } } - private void setKRANewnickname(String tokenName, String nickname) - throws EBaseException { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + private void setKRANewnickname(String tokenName, String nickname) + throws EBaseException { + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) kra.setNewNickName(nickname); @@ -1596,87 +1537,81 @@ private void createMasterKey(HttpServletRequest req, } private String getKRANewnickname() throws EBaseException { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); return kra.getNewNickName(); } - private void setRADMNewnickname(String tokenName, String nickName) - throws EBaseException { + private void setRADMNewnickname(String tokenName, String nickName) + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - httpsService.setNewNickName(nickName); - else { - if (tokenName.equals("") && nickName.equals("")) - httpsService.setNewNickName(""); - else - httpsService.setNewNickName(tokenName+":"+nickName); - } + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); if + * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + * httpsService.setNewNickName(nickName); else { if + * (tokenName.equals("") && nickName.equals("")) + * httpsService.setNewNickName(""); else + * httpsService.setNewNickName(tokenName+":"+nickName); } */ } - private String getRADMNewnickname() - throws EBaseException { + private String getRADMNewnickname() throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - return httpsService.getNewNickName(); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); return + * httpsService.getNewNickName(); */ } private void setAgentNewnickname(String tokenName, String nickName) - throws EBaseException { + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - httpsService.setNewNickName(nickName); - else { - if (tokenName.equals("") && nickName.equals("")) - httpsService.setNewNickName(""); - else - httpsService.setNewNickName(tokenName+":"+nickName); - } + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); if + * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + * httpsService.setNewNickName(nickName); else { if + * (tokenName.equals("") && nickName.equals("")) + * httpsService.setNewNickName(""); else + * httpsService.setNewNickName(tokenName+":"+nickName); } */ } - private String getAgentNewnickname() - throws EBaseException { + private String getAgentNewnickname() throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - return httpsService.getNewNickName(); + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); return + * httpsService.getNewNickName(); */ } /** * Issue import certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to issue an import certificate */ private void issueImportCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1700,9 +1635,9 @@ private void createMasterKey(HttpServletRequest req, String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals("pathname")) { + if (key.equals("pathname")) { configPath = mConfig.getString("instanceRoot", "") - + File.separator + "conf" + File.separator; + + File.separator + "conf" + File.separator; pathname = configPath + value; } else { if (key.equals(Constants.PR_TOKEN_NAME)) @@ -1713,17 +1648,17 @@ private void createMasterKey(HttpServletRequest req, String certType = (String) properties.get(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - IDBSubsystem dbs = (IDBSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_DBS); - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - ICertificateRepository repository = - (ICertificateRepository) ca.getCertificateRepository(); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + IDBSubsystem dbs = (IDBSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_DBS); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateRepository repository = (ICertificateRepository) ca + .getCertificateRepository(); ISigningUnit signingUnit = ca.getSigningUnit(); String oldtokenname = null; - //this is the old nick name + // this is the old nick name String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; String oldcatokenname = signingUnit.getTokenName(); @@ -1741,15 +1676,13 @@ private void createMasterKey(HttpServletRequest req, } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException( + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } if (newtokenname == null) @@ -1762,39 +1695,34 @@ private void createMasterKey(HttpServletRequest req, } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException( + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - //xxx renew ca ,use old issuer? - properties.setIssuerName( - jssSubSystem.getCertSubjectName(oldcatokenname, - canicknameWithoutTokenName)); + // xxx renew ca ,use old issuer? + properties.setIssuerName(jssSubSystem.getCertSubjectName( + oldcatokenname, canicknameWithoutTokenName)); KeyPair pair = null; if (nickname.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException( + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - //xxx set to old nickname? + // xxx set to old nickname? properties.setCertNickname(nickname); if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) { CertificateExtensions exts = jssSubSystem.getExtensions( @@ -1815,25 +1743,25 @@ private void createMasterKey(HttpServletRequest req, defaultOCSPSigningAlg = properties.getHashType(); } } - + // create a new CA certificate or ssl server cert - if (properties.getKeyCurveName() != null) { //new ECC + if (properties.getKeyCurveName() != null) { // new ECC CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys"); pair = jssSubSystem.getECCKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; - } else if (properties.getKeyLength() != null) { //new RSA or DSA + } else if (properties.getKeyLength() != null) { // new RSA or DSA keyType = properties.getKeyType(); String keyLen = properties.getKeyLength(); PQGParams pqgParams = null; if (keyType.equals("DSA")) { pqgParams = jssSubSystem.getCAPQG(Integer.parseInt(keyLen), - mConfig); - //properties.put(Constants.PR_PQGPARAMS, pqgParams); + mConfig); + // properties.put(Constants.PR_PQGPARAMS, pqgParams); } pair = jssSubSystem.getKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; // renew the CA certificate or ssl server cert } else { @@ -1846,11 +1774,12 @@ private void createMasterKey(HttpServletRequest req, } /* - String alg = jssSubSystem.getSignatureAlgorithm(nickname); - SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg); - properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId( - jssSubSystem.getAlgorithmId(alg, mConfig)); + * String alg = jssSubSystem.getSignatureAlgorithm(nickname); + * SignatureAlgorithm sigAlg = + * SigningUnit.mapAlgorithmToJss(alg); + * properties.setSignatureAlgorithm(sigAlg); + * properties.setAlgorithmId( jssSubSystem.getAlgorithmId(alg, + * mConfig)); */ } @@ -1863,10 +1792,11 @@ private void createMasterKey(HttpServletRequest req, // value provided for signedBy SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); + properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, + mConfig)); } - if (pair == null) + if (pair == null) CMS.debug("CMSAdminServlet: issueImportCert: key pair is null"); BigInteger nextSerialNo = repository.getNextSerialNumber(); @@ -1874,42 +1804,40 @@ private void createMasterKey(HttpServletRequest req, properties.setSerialNumber(nextSerialNo); properties.setKeyPair(pair); properties.setConfigFile(mConfig); - // properties.put(Constants.PR_CA_KEYPAIR, pair); + // properties.put(Constants.PR_CA_KEYPAIR, pair); properties.put(Constants.PR_CA_KEYPAIR, caKeyPair); - X509CertImpl signedCert = - jssSubSystem.getSignedCert(properties, certType, - caKeyPair.getPrivate()); + X509CertImpl signedCert = jssSubSystem.getSignedCert(properties, + certType, caKeyPair.getPrivate()); - if (signedCert == null) - CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); + if (signedCert == null) + CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); - /* bug 600124 - try { - jssSubSystem.deleteTokenCertificate(nickname, pathname); - } catch (Throwable e) { - //skip it - } + /* + * bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname, + * pathname); } catch (Throwable e) { //skip it } */ boolean nicknameChanged = false; - //xxx import cert with nickname without token name? - //jss adds the token prefix!!! - //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName); + // xxx import cert with nickname without token name? + // jss adds the token prefix!!! + // log(ILogger.LL_DEBUG,"import as alias"+ + // nicknameWithoutTokenName); try { - CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + + nicknameWithoutTokenName); jssSubSystem.importCert(signedCert, nicknameWithoutTokenName, - certType); + certType); } catch (EBaseException e) { // if it fails, let use a different nickname to try - Date now = new Date(); - String newNickname = nicknameWithoutTokenName - + "-" + now.getTime(); + Date now = new Date(); + String newNickname = nicknameWithoutTokenName + "-" + + now.getTime(); - CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + newNickname); - jssSubSystem.importCert(signedCert, newNickname, - certType); + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + + newNickname); + jssSubSystem.importCert(signedCert, newNickname, certType); nicknameWithoutTokenName = newNickname; nicknameChanged = true; if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { @@ -1920,28 +1848,26 @@ private void createMasterKey(HttpServletRequest req, } ICertRecord certRecord = repository.createCertRecord( - signedCert.getSerialNumber(), - signedCert, null); + signedCert.getSerialNumber(), signedCert, null); repository.addCertificateRecord(certRecord); if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { try { - X509CertInfo certInfo = (X509CertInfo) signedCert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + X509CertInfo certInfo = (X509CertInfo) signedCert + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateExtensions extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); if (extensions != null) { - BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions + .get(BasicConstraintsExtension.NAME); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { - Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + Integer pathlen = (Integer) basic + .get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -1958,34 +1884,32 @@ private void createMasterKey(HttpServletRequest req, } } - CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + " newtoken:" + newtokenname + " nickname:" + nickname); - if ((newtokenname != null && - !newtokenname.equals(oldtokenname)) || nicknameChanged) { + if ((newtokenname != null && !newtokenname.equals(oldtokenname)) + || nicknameChanged) { if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { signingUnit.updateConfig(nicknameWithoutTokenName, - newtokenname); + newtokenname); } else { - signingUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, - newtokenname); + signingUnit.updateConfig(newtokenname + ":" + + nicknameWithoutTokenName, newtokenname); } - } else if (certType.equals(Constants.PR_SERVER_CERT)) { + } else if (certType.equals(Constants.PR_SERVER_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { nickname = nicknameWithoutTokenName; } else { nickname = newtokenname + ":" - + nicknameWithoutTokenName; + + nicknameWithoutTokenName; } - //setRADMNewnickname("",""); - //modifyRADMCert(nickname); + // setRADMNewnickname("",""); + // modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { - IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } @@ -1997,28 +1921,28 @@ private void createMasterKey(HttpServletRequest req, nickname = nicknameWithoutTokenName; } else { nickname = newtokenname + ":" - + nicknameWithoutTokenName; + + nicknameWithoutTokenName; } modifyRADMCert(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - if (ca != null) { + if (ca != null) { ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit(); - if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { + if (newtokenname + .equals(Constants.PR_INTERNAL_TOKEN_NAME)) { ocspSigningUnit.updateConfig( - nicknameWithoutTokenName, newtokenname); + nicknameWithoutTokenName, newtokenname); } else { - ocspSigningUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, - newtokenname); + ocspSigningUnit.updateConfig(newtokenname + ":" + + nicknameWithoutTokenName, newtokenname); } } } } - + // set signing algorithms if needed - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) signingUnit.setDefaultAlgorithm(defaultSigningAlg); if (defaultOCSPSigningAlg != null) { @@ -2031,54 +1955,50 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); mConfig.commit(true); sendResponse(SUCCESS, null, null, resp); } catch (EBaseException eAudit1) { - CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + eAudit1.toString()); + CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + + eAudit1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; } catch (IOException eAudit2) { - CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + eAudit2.toString()); + CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + + eAudit2.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getDefaultSigningAlg(String keyType, String messageDigest) { @@ -2087,7 +2007,7 @@ private void createMasterKey(HttpServletRequest req, return "MD2withRSA"; } else if (messageDigest.equals("MD5")) { return "MD5withRSA"; - } else if (messageDigest.equals("SHA1")) { + } else if (messageDigest.equals("SHA1")) { return "SHA1withRSA"; } else if (messageDigest.equals("SHA256")) { return "SHA256withRSA"; @@ -2098,7 +2018,7 @@ private void createMasterKey(HttpServletRequest req, if (messageDigest.equals("SHA1")) { return "SHA1withDSA"; } - } else /* EC */ { + } else /* EC */{ if (messageDigest.equals("SHA1")) { return "SHA1withEC"; } else if (messageDigest.equals("SHA256")) { @@ -2112,32 +2032,31 @@ private void createMasterKey(HttpServletRequest req, return null; } - private void updateCASignature(String nickname, KeyCertData properties, - ICryptoSubsystem jssSubSystem) throws EBaseException { + private void updateCASignature(String nickname, KeyCertData properties, + ICryptoSubsystem jssSubSystem) throws EBaseException { String alg = jssSubSystem.getSignatureAlgorithm(nickname); SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId( - jssSubSystem.getAlgorithmId(alg, mConfig)); + properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); } /** * Install certificates * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to install a certificate */ - private void installCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void installCert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2158,31 +2077,30 @@ private void createMasterKey(HttpServletRequest req, String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) pkcs = value; else if (key.equals(Constants.RS_ID)) certType = value; else if (key.equals(Constants.PR_NICKNAME)) nickname = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (pkcs == null || pkcs.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2192,8 +2110,8 @@ private void createMasterKey(HttpServletRequest req, throw ex; } else { FileInputStream in = new FileInputStream(certpath); - BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + BufferedReader d = new BufferedReader( + new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2213,24 +2131,22 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException ee) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } pkcs = pkcs.trim(); - pathname = serverRoot + File.separator + serverID - + File.separator + "config" + File.separator + pathname; + pathname = serverRoot + File.separator + serverID + File.separator + + "config" + File.separator + pathname; - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - //String nickname = getNickname(certType); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + // String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; int index = nickname.indexOf(":"); @@ -2243,98 +2159,93 @@ private void createMasterKey(HttpServletRequest req, } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } /* - if (certType.equals(Constants.PR_CA_SIGNING_CERT) || - certType.equals(Constants.PR_RA_SIGNING_CERT) || - certType.equals(Constants.PR_OCSP_SIGNING_CERT) || - certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || - certType.equals(Constants.PR_SERVER_CERT) || - certType.equals(Constants.PR_SERVER_CERT_RADM)) { - String oldnickname = getNickname(certType); - try { - jssSubsystem.deleteTokenCertificate(oldnickname, - pathname); - //jssSubsystem.deleteTokenCertificate(nickname, - pathname); - } catch (EBaseException e) { - // skip it - } - } else { - try { - jssSubsystem.deleteTokenCertificate(nickname, pathname); - } catch (EBaseException e) { - // skip it - } - } - */ + * if (certType.equals(Constants.PR_CA_SIGNING_CERT) || + * certType.equals(Constants.PR_RA_SIGNING_CERT) || + * certType.equals(Constants.PR_OCSP_SIGNING_CERT) || + * certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || + * certType.equals(Constants.PR_SERVER_CERT) || + * certType.equals(Constants.PR_SERVER_CERT_RADM)) { String + * oldnickname = getNickname(certType); try { + * jssSubsystem.deleteTokenCertificate(oldnickname, pathname); + * //jssSubsystem.deleteTokenCertificate(nickname, pathname); } + * catch (EBaseException e) { // skip it } } else { try { + * jssSubsystem.deleteTokenCertificate(nickname, pathname); } catch + * (EBaseException e) { // skip it } } + */ // 600124 - renewal of SSL crash the server // we now do not delete previously installed certificates. - // Same Subject | Same Nickname | Same Key | Legal - // ----------------------------------------------------------- - // 1. Yes Yes No Yes - // 2. Yes Yes Yes Yes - // 3. No No Yes Yes - // 4. No No No Yes - // 5. No Yes Yes No - // 6. No Yes No No - // 7. Yes No Yes No - // 8. Yes No No No + // Same Subject | Same Nickname | Same Key | Legal + // ----------------------------------------------------------- + // 1. Yes Yes No Yes + // 2. Yes Yes Yes Yes + // 3. No No Yes Yes + // 4. No No No Yes + // 5. No Yes Yes No + // 6. No Yes No No + // 7. Yes No Yes No + // 8. Yes No No No // Based on above table, the following cases are permitted: // Existing Key: - // (a) Same Subject & Same Nickname --- (2) - // (b) Different Subject & Different Nickname --- (3) - // (In order to support Case b., we need to use a different - // nickname). + // (a) Same Subject & Same Nickname --- (2) + // (b) Different Subject & Different Nickname --- (3) + // (In order to support Case b., we need to use a different + // nickname). // New Key: - // (c) Same Subject & Same Nickname --- (1) - // (d) Different Subject & Different Nickname --- (4) - // (In order to support Case b., we need to use a different - // nickname). + // (c) Same Subject & Same Nickname --- (1) + // (d) Different Subject & Different Nickname --- (4) + // (In order to support Case b., we need to use a different + // nickname). // - CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + + nicknameWithoutTokenName); try { - jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, - certType); + jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, + certType); } catch (EBaseException e) { boolean certFound = false; String eString = e.toString(); - if(eString.contains("Failed to find certificate that was just imported")) { - CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString); + if (eString + .contains("Failed to find certificate that was just imported")) { + CMS.debug("CMSAdminServlet.installCert(): nickname=" + + nicknameWithoutTokenName + " TokenException: " + + eString); X509Certificate cert = null; try { - cert = CryptoManager.getInstance().findCertByNickname(nickname); + cert = CryptoManager.getInstance().findCertByNickname( + nickname); if (cert != null) { certFound = true; } - CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " + nickname); + CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " + + nickname); } catch (Exception ex) { - CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString()); + CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + + ex.toString()); } - } + } if (!certFound) { // if it fails, let use a different nickname to try - Date now = new Date(); - String newNickname = nicknameWithoutTokenName + "-" + - now.getTime(); + Date now = new Date(); + String newNickname = nicknameWithoutTokenName + "-" + + now.getTime(); jssSubSystem.importCert(pkcs, newNickname, certType); nicknameWithoutTokenName = newNickname; @@ -2343,16 +2254,17 @@ private void createMasterKey(HttpServletRequest req, } else { nickname = tokenName + ":" + newNickname; } - CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname); - } + CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + + nickname); + } } if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - String signatureAlg = - jssSubSystem.getSignatureAlgorithm(nickname); + String signatureAlg = jssSubSystem + .getSignatureAlgorithm(nickname); signingUnit.setDefaultAlgorithm(signatureAlg); setCANewnickname("", ""); @@ -2361,26 +2273,25 @@ private void createMasterKey(HttpServletRequest req, if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); extensions = jssSubSystem.getExtensions( - Constants.PR_INTERNAL_TOKEN_NAME, nickname); + Constants.PR_INTERNAL_TOKEN_NAME, nickname); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); extensions = jssSubSystem.getExtensions(tokenname1, - nicknameWithoutTokenName); + nicknameWithoutTokenName); } if (extensions != null) { - BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions + .get(BasicConstraintsExtension.NAME); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { - Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + Integer pathlen = (Integer) basic + .get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -2398,35 +2309,34 @@ private void createMasterKey(HttpServletRequest req, } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { setRANewnickname("", ""); - IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); ra.setNickname(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { setOCSPNewnickname("", ""); - IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); } - } else { - ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + } else { + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); @@ -2435,25 +2345,23 @@ private void createMasterKey(HttpServletRequest req, } } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { setKRANewnickname("", ""); - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); kra.setNickname(nickname); } else if (certType.equals(Constants.PR_SERVER_CERT)) { setAgentNewnickname("", ""); - //modifyRADMCert(nickname); + // modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { - IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } if (isSubsystemInstalled("ca")) { - ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); modifyCAGatewayCert(ca, nickname); } @@ -2464,47 +2372,41 @@ private void createMasterKey(HttpServletRequest req, boolean verified = CMS.verifySystemCertByNickname(nickname, null); if (verified == true) { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + + nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - auditSubjectID, - ILogger.SUCCESS, - nickname); + auditSubjectID, ILogger.SUCCESS, nickname); audit(auditMessage); } else { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + + nickname); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - auditSubjectID, - ILogger.FAILURE, - nickname); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + auditSubjectID, ILogger.FAILURE, nickname); audit(auditMessage); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); mConfig.commit(true); - if(verified == true) { + if (verified == true) { sendResponse(SUCCESS, null, null, resp); } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), null, resp); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2513,47 +2415,45 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** - * For "importing" cross-signed cert into internal db for further - * cross pair matching and publishing + * For "importing" cross-signed cert into internal db for further cross pair + * matching and publishing * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when * "Certificate Setup Wizard" is used to import a CA cross-signed * certificate into the database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to import a cross-certificate pair */ - private void importXCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void importXCert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2574,29 +2474,28 @@ private void createMasterKey(HttpServletRequest req, String value = req.getParameter(key); // really should be PR_CERT_CONTENT - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) b64Cert = value; else if (key.equals(Constants.RS_ID)) certType = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (b64Cert == null || b64Cert.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2606,8 +2505,8 @@ private void createMasterKey(HttpServletRequest req, throw ex; } else { FileInputStream in = new FileInputStream(certpath); - BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + BufferedReader d = new BufferedReader( + new InputStreamReader(in)); String content = ""; b64Cert = ""; @@ -2626,15 +2525,13 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException ee) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } CMS.debug("CMSAdminServlet: got b64Cert"); b64Cert = Cert.stripBrackets(b64Cert.trim()); @@ -2648,27 +2545,25 @@ private void createMasterKey(HttpServletRequest req, CMS.debug("CMSAdminServlet: exception: " + e.toString()); } - pathname = serverRoot + File.separator + serverID - + File.separator + "config" + File.separator + pathname; + pathname = serverRoot + File.separator + serverID + File.separator + + "config" + File.separator + pathname; - ICrossCertPairSubsystem ccps = - (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); + ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS + .getSubsystem("CrossCertPair"); try { - //this will import into internal ldap crossCerts entry + // this will import into internal ldap crossCerts entry ccps.importCert(bCert); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); sendResponse(1, "xcert importing failure:" + e.toString(), - null, resp); + null, resp); return; } @@ -2679,20 +2574,19 @@ private void createMasterKey(HttpServletRequest req, } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(1, "xcerts publishing failure:" + e.toString(), null, resp); + sendResponse(1, "xcerts publishing failure:" + e.toString(), + null, resp); return; } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - String content = jssSubSystem.getCertPrettyPrint(b64Cert, + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + String content = jssSubSystem.getCertPrettyPrint(b64Cert, super.getLocale(req)); results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert"); @@ -2700,10 +2594,8 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -2711,10 +2603,8 @@ private void createMasterKey(HttpServletRequest req, } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2723,46 +2613,45 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getNickname(String certType) throws EBaseException { String nickname = ""; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); nickname = signingUnit.getNickname(); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp == null) { // this is a local CA service - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); nickname = signingUnit.getNickname(); @@ -2772,27 +2661,26 @@ private void createMasterKey(HttpServletRequest req, nickname = signingUnit.getNickname(); } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { - IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); nickname = ra.getNickname(); } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); nickname = kra.getNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT)) { nickname = CMS.getServerCertNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) { nickname = CMS.getServerCertNickname(); - } + } return nickname; } - private void getCertInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getCertInfo(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); String pkcs = ""; @@ -2825,8 +2713,8 @@ private void createMasterKey(HttpServletRequest req, throw ex; } else { FileInputStream in = new FileInputStream(path); - BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + BufferedReader d = new BufferedReader( + new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2849,9 +2737,10 @@ private void createMasterKey(HttpServletRequest req, pkcs = pkcs.trim(); int totalLen = pkcs.length(); - if (pkcs.indexOf(BEGIN_HEADER) != 0 || - pkcs.indexOf(END_HEADER) != (totalLen - 25)) { - throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); + if (pkcs.indexOf(BEGIN_HEADER) != 0 + || pkcs.indexOf(END_HEADER) != (totalLen - 25)) { + throw (new EBaseException( + CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); } String nickname = ""; @@ -2874,25 +2763,25 @@ private void createMasterKey(HttpServletRequest req, if (nickname.equals("")) nickname = getNickname(certType); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String content = jssSubSystem.getCertPrettyPrint(pkcs, super.getLocale(req)); if (nickname != null && !nickname.equals("")) results.add(Constants.PR_NICKNAME, nickname); results.add(Constants.PR_CERT_CONTENT, content); - //results = jssSubSystem.getCertInfo(value); + // results = jssSubSystem.getCertInfo(value); sendResponse(SUCCESS, null, results, resp); } private void getCertPrettyPrint(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2912,7 +2801,7 @@ private void createMasterKey(HttpServletRequest req, if (key.equals(Constants.PR_NICK_NAME)) { nickname = value; continue; - } + } if (key.equals(Constants.PR_SERIAL_NUMBER)) { serialno = value; continue; @@ -2923,19 +2812,19 @@ private void createMasterKey(HttpServletRequest req, } } - String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, - serialno, issuername, locale); + String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, + serialno, issuername, locale); pairs.add(nickname, print); sendResponse(SUCCESS, null, pairs, resp); } private void getRootCertTrustBit(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2966,92 +2855,86 @@ private void createMasterKey(HttpServletRequest req, } } - String trustbit = jssSubSystem.getRootCertTrustBit(nickname, - serialno, issuername); + String trustbit = jssSubSystem.getRootCertTrustBit(nickname, serialno, + issuername); pairs.add(nickname, trustbit); sendResponse(SUCCESS, null, pairs, resp); } - private void getCACerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getCACerts(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getCACerts(); sendResponse(SUCCESS, null, pairs, resp); } - private void deleteRootCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void deleteRootCert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteRootCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } - private void deleteUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void deleteUserCert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteUserCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } - private void getRootCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getRootCerts(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getRootCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void getAllCertsManage(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getAllCertsManage(); sendResponse(SUCCESS, null, pairs, resp); } - private void getUserCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getUserCerts(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getUserCerts(); sendResponse(SUCCESS, null, pairs, resp); } - private void deleteCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void deleteCerts(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String date = ""; @@ -3069,18 +2952,18 @@ private void createMasterKey(HttpServletRequest req, nickname = value.substring(0, index); date = value.substring(index + 1); - // cant use this one now since jss doesnt have the interface to + // cant use this one now since jss doesnt have the interface to // do it. jssSubSystem.deleteCert(nickname, date); - // jssSubsystem.deleteCACert(nickname, date); + // jssSubsystem.deleteCACert(nickname, date); } sendResponse(SUCCESS, null, null, resp); } private void validateSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); @@ -3089,19 +2972,19 @@ private void createMasterKey(HttpServletRequest req, String value = req.getParameter(key); if (key.equals(Constants.PR_SUBJECT_NAME)) { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.isX500DN(value); } } sendResponse(SUCCESS, null, null, resp); - } + } private void validateKeyLength(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); String keyType = "RSA"; String keyLen = "512"; @@ -3120,18 +3003,18 @@ private void createMasterKey(HttpServletRequest req, } } int keyLength = Integer.parseInt(keyLen); - int minKey = mConfig.getInteger( - ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + int minKey = mConfig.getInteger(ConfigConstants.PR_RSA_MIN_KEYLENGTH, + 512); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); // jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey); sendResponse(SUCCESS, null, null, resp); } private void validateCurveName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); String curveName = null; @@ -3147,21 +3030,22 @@ private void createMasterKey(HttpServletRequest req, String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521"); String[] curves = curveList.split(","); boolean match = false; - for (int i=0; i<curves.length; i++) { + for (int i = 0; i < curves.length; i++) { if (curves[i].equals(curveName)) { match = true; } } if (!match) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME")); } sendResponse(SUCCESS, null, null, resp); } private void validateCertExtension(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); String certExt = ""; @@ -3175,19 +3059,18 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.checkCertificateExt(certExt); sendResponse(SUCCESS, null, null, resp); } - private void getSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getSubjectName(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration enum1 = req.getParameterNames(); - + String nickname = ""; String keyType = "RSA"; String keyLen = "512"; @@ -3205,8 +3088,8 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3214,8 +3097,8 @@ private void createMasterKey(HttpServletRequest req, } private void processSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration enum1 = req.getParameterNames(); @@ -3234,8 +3117,8 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3243,8 +3126,8 @@ private void createMasterKey(HttpServletRequest req, } public void setRootCertTrust(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String nickname = req.getParameter(Constants.PR_NICK_NAME); @@ -3254,16 +3137,15 @@ private void createMasterKey(HttpServletRequest req, CMS.debug("CMSAdminServlet: setRootCertTrust()"); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); try { - jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust); - } catch (EBaseException e) { + jssSubSystem + .setRootCertTrust(nickname, serialno, issuername, trust); + } catch (EBaseException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later @@ -3272,10 +3154,8 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -3285,19 +3165,19 @@ private void createMasterKey(HttpServletRequest req, /** * Establish trust of a CA certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Manage Certificate" is used to edit the trustness of certs and - * deletion of certs + * "Manage Certificate" is used to edit the trustness of certs and deletion + * of certs * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to establish CA certificate trust */ - private void trustCACert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void trustCACert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3307,8 +3187,8 @@ private void createMasterKey(HttpServletRequest req, // to the signed audit log and stored as failures try { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String trust = ""; while (enum1.hasMoreElements()) { @@ -3328,22 +3208,18 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); - //sendResponse(SUCCESS, null, null, resp); + // sendResponse(SUCCESS, null, null, resp); sendResponse(RESTART, null, null, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -3352,50 +3228,46 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** * Execute all self tests specified to be run on demand. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self * tests are run on demand * </ul> - * @exception EMissingSelfTestException a self test plugin instance - * property name was missing + * + * @exception EMissingSelfTestException a self test plugin instance property + * name was missing * @exception ESelfTestException a self test is missing a required - * configuration parameter + * configuration parameter * @exception IOException an input/output error has occurred */ - private synchronized void - runSelfTestsOnDemand(HttpServletRequest req, - HttpServletResponse resp) - throws EMissingSelfTestException, - ESelfTestException, - IOException { + private synchronized void runSelfTestsOnDemand(HttpServletRequest req, + HttpServletResponse resp) throws EMissingSelfTestException, + ESelfTestException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3404,7 +3276,7 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " ENTERING . . ."); + + " ENTERING . . ."); } Enumeration enum1 = req.getParameterNames(); @@ -3424,32 +3296,28 @@ private void createMasterKey(HttpServletRequest req, } } - ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); + ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_SELFTESTS); - if ((request == null) || - (request.equals(""))) { + if ((request == null) || (request.equals(""))) { // self test plugin run on demand request parameter was missing // log the error - logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST", - getServletInfo(), - Constants.PR_RUN_SELFTESTS_ON_DEMAND - ); + logMessage = CMS.getLogMessage( + "SELFTESTS_RUN_ON_DEMAND_REQUEST", getServletInfo(), + Constants.PR_RUN_SELFTESTS_ON_DEMAND); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage - + "\n"; + content += logMessage + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception @@ -3457,83 +3325,77 @@ private void createMasterKey(HttpServletRequest req, } // run all self test plugin instances (designated on-demand) - String[] selftests = mSelfTestSubsystem.listSelfTestsEnabledOnDemand(); + String[] selftests = mSelfTestSubsystem + .listSelfTestsEnabledOnDemand(); if (selftests != null && selftests.length > 0) { // log that execution of on-demand self tests has begun logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND", - getServletInfo()); + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage - + "\n"; + content += logMessage + "\n"; for (int i = 0; i < selftests.length; i++) { if (selftests[i] != null) { instanceName = selftests[i].trim(); - instanceFullName = ISelfTestSubsystem.ID - + "." - + ISelfTestSubsystem.PROP_CONTAINER - + "." - + ISelfTestSubsystem.PROP_INSTANCE - + "." + instanceFullName = ISelfTestSubsystem.ID + "." + + ISelfTestSubsystem.PROP_CONTAINER + "." + + ISelfTestSubsystem.PROP_INSTANCE + "." + instanceName; } else { // self test plugin instance property name was missing // log the error logMessage = CMS.getLogMessage( - "SELFTESTS_PARAMETER_WAS_NULL", - getServletInfo()); + "SELFTESTS_PARAMETER_WAS_NULL", + getServletInfo()); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage - + "\n"; + content += logMessage + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception throw new EMissingSelfTestException(); } - ISelfTest test = (ISelfTest) - mSelfTestSubsystem.getSelfTest(instanceName); + ISelfTest test = (ISelfTest) mSelfTestSubsystem + .getSelfTest(instanceName); if (test == null) { - // self test plugin instance property name is not present + // self test plugin instance property name is not + // present // log the error - logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME", - getServletInfo(), - instanceFullName); + logMessage = CMS.getLogMessage( + "SELFTESTS_MISSING_NAME", getServletInfo(), + instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage - + "\n"; + content += logMessage + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception @@ -3543,15 +3405,14 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" - + test.getSelfTestName() - + "\""); + + " running \"" + + test.getSelfTestName() + + "\""); } // store this information for console notification content += "CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" - + test.getSelfTestName() + + " running \"" + test.getSelfTestName() + "\" . . .\n"; test.runSelfTest(mSelfTestSubsystem.getSelfTestLogger()); @@ -3560,30 +3421,27 @@ private void createMasterKey(HttpServletRequest req, content += "COMPLETED SUCCESSFULLY\n"; } catch (ESelfTestException e) { // Check to see if the self test was critical: - if (mSelfTestSubsystem.isSelfTestCriticalOnDemand( - instanceName)) { + if (mSelfTestSubsystem + .isSelfTestCriticalOnDemand(instanceName)) { // log the error logMessage = CMS.getLogMessage( - "SELFTESTS_RUN_ON_DEMAND_FAILED", - getServletInfo(), - instanceFullName); + "SELFTESTS_RUN_ON_DEMAND_FAILED", + getServletInfo(), instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE content += "FAILED WITH CRITICAL ERROR\n"; - content += logMessage - + "\n"; + content += logMessage + "\n"; sendResponse(ERROR, content, null, resp); // shutdown the system gracefully @@ -3599,52 +3457,47 @@ private void createMasterKey(HttpServletRequest req, // log that execution of all "critical" on-demand self tests // has completed "successfully" - logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", - getServletInfo()); + logMessage = CMS.getLogMessage( + "SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage - + "\n"; + content += logMessage + "\n"; } else { // log this fact logMessage = CMS.getLogMessage("SELFTESTS_NOT_RUN_ON_DEMAND", - getServletInfo()); + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage - + "\n"; + content += logMessage + "\n"; } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.SUCCESS); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, + ILogger.SUCCESS); audit(auditMessage); // notify console of SUCCESS results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS, - CMSAdminServlet.class.getName()); - results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, - content); + CMSAdminServlet.class.getName()); + results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, content); sendResponse(SUCCESS, null, results, resp); if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " EXITING."); + + " EXITING."); } } catch (EMissingSelfTestException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3653,9 +3506,8 @@ private void createMasterKey(HttpServletRequest req, } catch (ESelfTestException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3664,9 +3516,8 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit3) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3676,16 +3527,17 @@ private void createMasterKey(HttpServletRequest req, } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, + "CMSAdminServlet: " + msg); } /** * Signed Audit Log Public Key - * + * * This method is called to obtain the public key from the passed in * "KeyPair" object for a signed audit log message. * <P> - * + * * @param object a Key Pair Object * @return key string containing the public key */ @@ -3734,4 +3586,3 @@ private void createMasterKey(HttpServletRequest req, } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java index 7f18d94e..a4b82b13 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,10 +41,9 @@ import com.netscape.certsrv.jobs.IJobsScheduler; import com.netscape.certsrv.jobs.JobPlugin; import com.netscape.certsrv.logging.ILogger; - /** - * A class representing an administration servlet for the - * Jobs Scheduler and it's scheduled jobs. + * A class representing an administration servlet for the Jobs Scheduler and + * it's scheduled jobs. * * @version $Revision$, $Date$ */ @@ -75,24 +73,23 @@ public class JobsAdminServlet extends AdminServlet { */ public void init(ServletConfig config) throws ServletException { super.init(config); - mJobsSched = (IJobsScheduler) - CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + mJobsSched = (IJobsScheduler) CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); } /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** - * retrieve extended plugin info such as brief description, type info - * from jobs + /** + * retrieve extended plugin info such as brief description, type info from + * jobs */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -100,18 +97,18 @@ public class JobsAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, + implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, + String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; - JobPlugin jp = - (JobPlugin) mJobsSched.getPlugins().get(implName); + JobPlugin jp = (JobPlugin) mJobsSched.getPlugins().get(implName); if (jp != null) impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath()); @@ -126,7 +123,8 @@ public class JobsAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info + .getExtendedPluginInfo(locale)); } return nvps; @@ -137,25 +135,24 @@ public class JobsAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + // System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); return; } try { super.authenticate(req); } catch (IOException e) { - sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); return; } @@ -164,9 +161,8 @@ public class JobsAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) @@ -174,27 +170,26 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) getConfig(req, resp); else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) - getInstConfig(req, resp); + getInstConfig(req, resp); else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { - try { - getExtendedPluginInfo(req, resp); - } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); - return; + try { + getExtendedPluginInfo(req, resp); + } catch (EBaseException e) { + sendResponse(ERROR, e.toString(getLocale(req)), null, + resp); + return; } } else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS)) { @@ -202,17 +197,15 @@ public class JobsAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) { modJobsInst(req, resp, scope); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -220,18 +213,16 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) listJobsInsts(req, resp); else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -239,18 +230,16 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) addJobsInst(req, resp, scope); else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_JOBS_IMPLS)) @@ -258,58 +247,54 @@ public class JobsAdminServlet extends AdminServlet { else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) delJobsInst(req, resp, scope); else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } - private synchronized void addJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // is the job plugin id unique? if (mJobsSched.getPlugins().containsKey((Object) id)) { - sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_JOBS_CLASS); if (classPath == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NULL_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_NULL_CLASS"), null, resp); return; } - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); // Does the class exist? Class newImpl = null; @@ -317,29 +302,25 @@ public class JobsAdminServlet extends AdminServlet { try { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_NO_CLASS"), null, resp); return; } catch (IllegalArgumentException e) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_NO_CLASS"), null, resp); return; } // is the class an IJob? try { if (IJob.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_ILL_CLASS"), null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_ILL_CLASS"), null, resp); return; } @@ -351,10 +332,9 @@ public class JobsAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -362,8 +342,8 @@ public class JobsAdminServlet extends AdminServlet { JobPlugin plugin = new JobPlugin(id, classPath); mJobsSched.getPlugins().put(id, plugin); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -371,24 +351,22 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void addJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // is the job instance id unique? if (mJobsSched.getInstances().containsKey((Object) id)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), null, resp); return; } @@ -398,22 +376,20 @@ public class JobsAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_JOBS_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // check if implementation exists. - JobPlugin plugin = - (JobPlugin) mJobsSched.getPlugins().get(implname); + JobPlugin plugin = (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { - sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", id)) + .toString(), null, resp); return; } @@ -422,10 +398,8 @@ public class JobsAdminServlet extends AdminServlet { // are there, but not checking the values are valid String[] configParams = mJobsSched.getConfigParams(implname); - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -436,11 +410,13 @@ public class JobsAdminServlet extends AdminServlet { if (val != null && !val.equals("")) { substore.put(key, val); } else if (!key.equals("profileId")) { - sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException( + CMS.getUserMessage( + getLocale(req), + "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), null, resp); return; } } @@ -457,29 +433,32 @@ public class JobsAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } - - IJobsScheduler scheduler = (IJobsScheduler) - CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + + IJobsScheduler scheduler = (IJobsScheduler) CMS + .getSubsystem(CMS.SUBSYSTEM_JOBS); // initialize the job plugin try { @@ -497,17 +476,16 @@ public class JobsAdminServlet extends AdminServlet { } catch (EBaseException e) { // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // inited and commited ok. now add manager instance to list. mJobsSched.getInstances().put(id, jobsInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id)); NameValuePairs params = new NameValuePairs(); @@ -516,101 +494,93 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void listJobPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listJobPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mJobsSched.getPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - JobPlugin value = (JobPlugin) - mJobsSched.getPlugins().get(name); + JobPlugin value = (JobPlugin) mJobsSched.getPlugins().get(name); params.add(name, value.getClassPath()); - // params.add(name, value.getClassPath()+EDIT); + // params.add(name, value.getClassPath()+EDIT); } sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void listJobsInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listJobsInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); - for (Enumeration e = mJobsSched.getInstances().keys(); - e.hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().keys(); e + .hasMoreElements();) { String name = (String) e.nextElement(); - IJob value = (IJob) - mJobsSched.getInstances().get((Object) name); + IJob value = (IJob) mJobsSched.getInstances().get((Object) name); - // params.add(name, value.getImplName()); - params.add(name, value.getImplName() + VISIBLE + - (value.isEnabled() ? ENABLED : DISABLED) - ); + // params.add(name, value.getImplName()); + params.add(name, value.getImplName() + VISIBLE + + (value.isEnabled() ? ENABLED : DISABLED)); } sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void delJobPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does this job plugin exist? if (mJobsSched.getPlugins().containsKey(id) == false) { - sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", id)) + .toString(), null, resp); return; } // first check if any instances from this job plugin // DON'T remove job plugin if any instance - for (Enumeration e = mJobsSched.getInstances().elements(); - e.hasMoreElements();) { + for (Enumeration e = mJobsSched.getInstances().elements(); e + .hasMoreElements();) { IJob jobs = (IJob) e.nextElement(); if ((jobs.getImplName()).equals(id)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_IN_USE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_JOB_IN_USE"), null, resp); return; } } - + // then delete this job plugin mJobsSched.getPlugins().remove((Object) id); - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -618,52 +588,49 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void delJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { - sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", - id)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_JOB_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. IJob jobInst = (IJob) mJobsSched.getInstances().get(id); mJobsSched.getInstances().remove((Object) id); // remove the configuration. - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -672,25 +639,23 @@ public class JobsAdminServlet extends AdminServlet { } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular job plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this job scheduler subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular job plugin implementation name specified + * in the RS_ID. Actually, there is no logic in here to set any default + * value here...there's no default value for any parameter in this job + * scheduler subsystem at this point. Later, if we do have one (or some), it + * can be added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -708,25 +673,25 @@ public class JobsAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does job plugin instance exist? if (mJobsSched.getInstances().containsKey(id) == false) { - sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND", - id)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_JOB_NOT_FOUND", id)).toString(), + null, resp); return; } @@ -757,34 +722,30 @@ public class JobsAdminServlet extends AdminServlet { } /** - * Modify job plugin instance. - * This will actually create a new instance with new configuration - * parameters and replace the old instance, if the new instance - * created and initialized successfully. - * The old instance is left running. so this is very expensive. - * Restart of server recommended. + * Modify job plugin instance. This will actually create a new instance with + * new configuration parameters and replace the old instance, if the new + * instance created and initialized successfully. The old instance is left + * running. so this is very expensive. Restart of server recommended. */ - private synchronized void modJobsInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modJobsInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { // expensive operation. String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // Does the job instance exist? if (!mJobsSched.getInstances().containsKey((Object) id)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), null, resp); return; } @@ -792,28 +753,26 @@ public class JobsAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_JOBS_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } - // get plugin for implementation - JobPlugin plugin = - (JobPlugin) mJobsSched.getPlugins().get(implname); + // get plugin for implementation + JobPlugin plugin = (JobPlugin) mJobsSched.getPlugins().get(implname); if (plugin == null) { - sendResponse(ERROR, - new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", - id)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", id)) + .toString(), null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - IJob oldinst = - (IJob) mJobsSched.getInstances().get((Object) id); + IJob oldinst = (IJob) mJobsSched.getInstances().get((Object) id); IConfigStore oldConfig = oldinst.getConfigStore(); String[] oldConfigParms = oldinst.getConfigParams(); @@ -821,7 +780,7 @@ public class JobsAdminServlet extends AdminServlet { // implName is always required so always include it it. saveParams.add(IJobsScheduler.PROP_PLUGIN, - (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); + (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN)); if (oldConfigParms != null) { for (int i = 0; i < oldConfigParms.length; i++) { String key = oldConfigParms[i]; @@ -837,10 +796,8 @@ public class JobsAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = - mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - IConfigStore instancesConfig = - destStore.getSubStore(scope); + IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); + IConfigStore instancesConfig = destStore.getSubStore(scope); instancesConfig.removeSubStore(id); @@ -860,11 +817,13 @@ public class JobsAdminServlet extends AdminServlet { substore.put(key, val); } else if (!key.equals("profileId")) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new - EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", - key)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException( + CMS.getUserMessage( + getLocale(req), + "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL", + key)).toString(), null, resp); return; } } @@ -879,31 +838,34 @@ public class JobsAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new EJobsException( - CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), - null, resp); + sendResponse( + ERROR, + new EJobsException(CMS.getUserMessage(getLocale(req), + "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(), + null, resp); return; } // initialize the job plugin - IJobsScheduler scheduler = (IJobsScheduler) - CMS.getSubsystem(CMS.SUBSYSTEM_JOBS); + IJobsScheduler scheduler = (IJobsScheduler) CMS + .getSubsystem(CMS.SUBSYSTEM_JOBS); try { newJobInst.init(scheduler, id, implname, substore); @@ -919,17 +881,16 @@ public class JobsAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -937,8 +898,8 @@ public class JobsAdminServlet extends AdminServlet { mJobsSched.getInstances().put(id, newJobInst); - mJobsSched.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); + mJobsSched.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -946,26 +907,24 @@ public class JobsAdminServlet extends AdminServlet { return; } - private void getSettings(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getSettings(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); - params.add(Constants.PR_ENABLE, - config.getString(IJobsScheduler.PROP_ENABLED, - Constants.FALSE)); + params.add(Constants.PR_ENABLE, + config.getString(IJobsScheduler.PROP_ENABLED, Constants.FALSE)); // default 1 minute - params.add(Constants.PR_JOBS_FREQUENCY, - config.getString(IJobsScheduler.PROP_INTERVAL, "1")); + params.add(Constants.PR_JOBS_FREQUENCY, + config.getString(IJobsScheduler.PROP_INTERVAL, "1")); - //System.out.println("Send: "+params.toString()); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void setSettings(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - //Save New Settings to the config file + throws ServletException, IOException, EBaseException { + // Save New Settings to the config file IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN); String enabled = config.getString(IJobsScheduler.PROP_ENABLED); @@ -978,14 +937,13 @@ public class JobsAdminServlet extends AdminServlet { config.putString(IJobsScheduler.PROP_ENABLED, enabledSetTo); } - //set frequency - String interval = - req.getParameter(Constants.PR_JOBS_FREQUENCY); + // set frequency + String interval = req.getParameter(Constants.PR_JOBS_FREQUENCY); if (interval != null) { config.putString(IJobsScheduler.PROP_INTERVAL, interval); - mJobsSched.setInterval( - config.getInteger(IJobsScheduler.PROP_INTERVAL)); + mJobsSched.setInterval(config + .getInteger(IJobsScheduler.PROP_INTERVAL)); } if (enabledChanged == true) { @@ -999,8 +957,8 @@ public class JobsAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, String id, + NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -1010,7 +968,7 @@ public class JobsAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (!value.equals("")) + if (!value.equals("")) rstore.put(key, value); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java index 2c780bb2..9efe2b73 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -43,13 +42,11 @@ import com.netscape.certsrv.password.IPasswordCheck; import com.netscape.certsrv.security.Credential; import com.netscape.certsrv.security.IStorageKeyUnit; - /** - * A class representings an administration servlet for Key - * Recovery Authority. This servlet is responsible to serve - * KRA administrative operation such as configuration - * parameter updates. - * + * A class representings an administration servlet for Key Recovery Authority. + * This servlet is responsible to serve KRA administrative operation such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class KRAAdminServlet extends AdminServlet { @@ -64,8 +61,7 @@ public class KRAAdminServlet extends AdminServlet { private IKeyRecoveryAuthority mKRA = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = - "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; /** * Constructs KRA servlet. @@ -81,63 +77,57 @@ public class KRAAdminServlet extends AdminServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); String scope = req.getParameter(Constants.OP_SCOPE); if (scope == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); return; } - + try { AUTHZ_RES_NAME = "certServer.kra.configuration"; if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } - /* Functions not implemented in console - if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { - readAutoRecoveryConfig(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_RECOVERY)) { - readRecoveryConfig(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { - getNotificationRIQConfig(req, resp); - return; - } else - */ + /* + * Functions not implemented in console if + * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { + * readAutoRecoveryConfig(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_RECOVERY)) { + * readRecoveryConfig(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { + * getNotificationRIQConfig(req, resp); return; } else + */ if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); return; @@ -145,59 +135,52 @@ public class KRAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } - /* Functions not implemented in console - if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { - modifyAutoRecoveryConfig(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_AGENT_PWD)) { - changeAgentPwd(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_MNSCHEME)) { - changeMNScheme(req, resp); - return; - } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { - setNotificationRIQConfig(req, resp); - return; - } else - */ + /* + * Functions not implemented in console if + * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) { + * modifyAutoRecoveryConfig(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_AGENT_PWD)) { changeAgentPwd(req, + * resp); return; } else if (scope.equals(ScopeDef.SC_MNSCHEME)) + * { changeMNScheme(req, resp); return; } else if + * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { + * setNotificationRIQConfig(req, resp); return; } else + */ if (scope.equals(ScopeDef.SC_GENERAL)) { - setGeneralConfig(req,resp); + setGeneralConfig(req, resp); } - } + } } catch (EBaseException e) { // convert exception into locale-specific message - sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; } catch (Exception e) { e.printStackTrace(); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); int value = 1; value = mKRA.getNoOfRequiredAgents(); - params.add(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS, Integer.toString(value)); + params.add(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS, + Integer.toString(value)); sendResponse(SUCCESS, null, params, resp); } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); boolean restart = false; @@ -210,28 +193,24 @@ public class KRAAdminServlet extends AdminServlet { if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) { try { - int number = Integer.parseInt(value); + int number = Integer.parseInt(value); mKRA.setNoOfRequiredAgents(number); } catch (NumberFormatException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new EBaseException("Number of agents must be an integer"); + throw new EBaseException( + "Number of agents must be an integer"); } } } commit(true); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -244,17 +223,18 @@ public class KRAAdminServlet extends AdminServlet { /** * Changes M-N scheme. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring * DRM (Key recovery scheme, change of any secret component) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception EBaseException an error has occurred */ - private synchronized void changeMNScheme(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + private synchronized void changeMNScheme(HttpServletRequest req, + HttpServletResponse resp) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -263,80 +243,67 @@ public class KRAAdminServlet extends AdminServlet { try { try { NameValuePairs params = new NameValuePairs(); - String recN = getParameter(req, - Constants.PR_RECOVERY_N); - String recM = getParameter(req, - Constants.PR_RECOVERY_M); - String oldAgents = getParameter(req, + String recN = getParameter(req, Constants.PR_RECOVERY_N); + String recM = getParameter(req, Constants.PR_RECOVERY_M); + String oldAgents = getParameter(req, Constants.PR_OLD_RECOVERY_AGENT); - String agents = getParameter(req, - Constants.PR_RECOVERY_AGENT); + String agents = getParameter(req, Constants.PR_RECOVERY_AGENT); if (recN == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new EKRAException( - CMS.getLogMessage("KRA_INVALID_N")); + throw new EKRAException(CMS.getLogMessage("KRA_INVALID_N")); } if (recM == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new EKRAException( - CMS.getLogMessage("KRA_INVALID_M")); + throw new EKRAException(CMS.getLogMessage("KRA_INVALID_M")); } - if (recN != null && recM != null && oldAgents != null - && agents != null) { + if (recN != null && recM != null && oldAgents != null + && agents != null) { int nVal = Integer.parseInt(recN); int mVal = Integer.parseInt(recM); - Credential oldcreds[] = - parseCredentialStr(oldAgents); + Credential oldcreds[] = parseCredentialStr(oldAgents); if (oldcreds == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EKRAException( + throw new EKRAException( CMS.getLogMessage("KRA_INVALID_PASSWORD")); } - Credential creds[] = - parseCredentialStr(agents); + Credential creds[] = parseCredentialStr(agents); if (creds == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EKRAException( + throw new EKRAException( CMS.getLogMessage("KRA_INVALID_PASSWORD")); } else { for (int i = 0; i < creds.length; i++) { @@ -347,31 +314,29 @@ public class KRAAdminServlet extends AdminServlet { if (!checker.isGoodPassword(pass)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException(checker.getReason(pass)); + throw new EBaseException( + checker.getReason(pass)); } } } - if (mKRA.getStorageKeyUnit().changeAgentMN( - nVal, mVal, oldcreds, creds)) { + if (mKRA.getStorageKeyUnit().changeAgentMN(nVal, mVal, + oldcreds, creds)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); // successful operation - sendResponse(SUCCESS, null, params, - resp); + sendResponse(SUCCESS, null, params, resp); return; } } @@ -379,22 +344,17 @@ public class KRAAdminServlet extends AdminServlet { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION")); + throw new EBaseException( + CMS.getLogMessage("BASE_INVALID_OPERATION")); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -406,17 +366,18 @@ public class KRAAdminServlet extends AdminServlet { /** * Changes recovery agent password. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring * DRM (Key recovery scheme, change of any secret component) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception EBaseException an error has occurred */ - private synchronized void changeAgentPwd(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + private synchronized void changeAgentPwd(HttpServletRequest req, + HttpServletResponse resp) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -425,35 +386,29 @@ public class KRAAdminServlet extends AdminServlet { try { try { String id = getParameter(req, Constants.RS_ID); - String oldpwd = getParameter(req, - Constants.PR_OLD_AGENT_PWD); - String newpwd = getParameter(req, - Constants.PR_AGENT_PWD); + String oldpwd = getParameter(req, Constants.PR_OLD_AGENT_PWD); + String newpwd = getParameter(req, Constants.PR_AGENT_PWD); IPasswordCheck checker = CMS.getPasswordChecker(); if (!checker.isGoodPassword(newpwd)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); throw new EBaseException(checker.getReason(newpwd)); } - - if (mKRA.getStorageKeyUnit().changeAgentPassword(id, - oldpwd, newpwd)) { + + if (mKRA.getStorageKeyUnit().changeAgentPassword(id, oldpwd, + newpwd)) { NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -462,36 +417,29 @@ public class KRAAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new EKRAException( + throw new EKRAException( CMS.getLogMessage("KRA_INVALID_PASSWORD")); } } catch (IOException e) { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION")); + throw new EBaseException( + CMS.getLogMessage("BASE_INVALID_OPERATION")); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -503,18 +451,18 @@ public class KRAAdminServlet extends AdminServlet { /** * Modifies auto recovery configuration. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring * DRM (Key recovery scheme, change of any secret component) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception EBaseException an error has occurred */ - private synchronized void modifyAutoRecoveryConfig( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + private synchronized void modifyAutoRecoveryConfig(HttpServletRequest req, + HttpServletResponse resp) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -523,42 +471,35 @@ public class KRAAdminServlet extends AdminServlet { try { try { NameValuePairs params = new NameValuePairs(); - String autoOn = getParameter(req, - Constants.PR_AUTO_RECOVERY_ON); - String agents = getParameter(req, - Constants.PR_RECOVERY_AGENT); + String autoOn = getParameter(req, Constants.PR_AUTO_RECOVERY_ON); + String agents = getParameter(req, Constants.PR_RECOVERY_AGENT); if (autoOn.equals(Constants.TRUE)) { - Credential creds[] = parseCredentialStr( - agents); + Credential creds[] = parseCredentialStr(agents); if (mKRA.setAutoRecoveryState(creds, true)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); - sendResponse(SUCCESS, null, params, - resp); + sendResponse(SUCCESS, null, params, resp); return; } } else if (autoOn.equals(Constants.FALSE)) { if (mKRA.setAutoRecoveryState(null, false)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); - sendResponse(SUCCESS, null, params, - resp); + sendResponse(SUCCESS, null, params, resp); return; } } @@ -566,22 +507,17 @@ public class KRAAdminServlet extends AdminServlet { } // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION")); + throw new EBaseException( + CMS.getLogMessage("BASE_INVALID_OPERATION")); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -592,19 +528,17 @@ public class KRAAdminServlet extends AdminServlet { /** * Reads auto recovery status. - * + * * @param req HTTP request * @param resp HTTP response */ - private synchronized void readAutoRecoveryConfig( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + private synchronized void readAutoRecoveryConfig(HttpServletRequest req, + HttpServletResponse resp) throws EBaseException { try { NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_AUTO_RECOVERY_ON, - mKRA.getAutoRecoveryState() ? - Constants.TRUE : Constants.FALSE); + params.add(Constants.PR_AUTO_RECOVERY_ON, mKRA + .getAutoRecoveryState() ? Constants.TRUE : Constants.FALSE); sendResponse(SUCCESS, null, params, resp); } catch (IOException e) { throw new EBaseException( @@ -614,26 +548,25 @@ public class KRAAdminServlet extends AdminServlet { /** * Reads recovery configuration. - * + * * @param req HTTP request * @param resp HTTP response */ - private synchronized void readRecoveryConfig( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + private synchronized void readRecoveryConfig(HttpServletRequest req, + HttpServletResponse resp) throws EBaseException { try { IStorageKeyUnit sku = mKRA.getStorageKeyUnit(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_RECOVERY_N, - Integer.toString(sku.getNoOfAgents())); - params.add(Constants.PR_RECOVERY_M, - Integer.toString(sku.getNoOfRequiredAgents())); + params.add(Constants.PR_RECOVERY_N, + Integer.toString(sku.getNoOfAgents())); + params.add(Constants.PR_RECOVERY_M, + Integer.toString(sku.getNoOfRequiredAgents())); Enumeration e = sku.getAgentIdentifiers(); StringBuffer as = new StringBuffer(); while (e.hasMoreElements()) { - as.append((String)e.nextElement()); + as.append((String) e.nextElement()); if (e.hasMoreElements()) { as.append(","); } @@ -648,13 +581,12 @@ public class KRAAdminServlet extends AdminServlet { /** * Reads information about auto recovery agents. - * + * * @param req HTTP request * @param resp HTTP response */ - private synchronized void readAutoRecoveryAgents( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + private synchronized void readAutoRecoveryAgents(HttpServletRequest req, + HttpServletResponse resp) throws EBaseException { try { // send the entire list anyway NameValuePairs params = new NameValuePairs(); @@ -668,8 +600,9 @@ public class KRAAdminServlet extends AdminServlet { } } params.add(Constants.PR_GROUP_USER, users.toString()); - params.add(Constants.PR_GROUP_DESC, - "Auto Recovery Agents"); // XXX - localized + params.add(Constants.PR_GROUP_DESC, "Auto Recovery Agents"); // XXX + // - + // localized sendResponse(SUCCESS, null, params, resp); } catch (IOException e) { throw new EBaseException( @@ -679,31 +612,26 @@ public class KRAAdminServlet extends AdminServlet { /** * Modifies information about auto recovery agents. - * + * * @param req HTTP request * @param resp HTTP response */ - private synchronized void modifyAutoRecoveryAgents( - HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + private synchronized void modifyAutoRecoveryAgents(HttpServletRequest req, + HttpServletResponse resp) throws EBaseException { Vector v = new Vector(); - String users = getParameter(req, - Constants.PR_GROUP_USER); + String users = getParameter(req, Constants.PR_GROUP_USER); StringTokenizer st = new StringTokenizer(users, ","); while (st.hasMoreTokens()) { v.addElement(st.nextToken()); } - String desc = getParameter(req, - Constants.PR_GROUP_DESC); - String agents = getParameter(req, - Constants.PR_RECOVERY_AGENT); - Credential creds[] = parseCredentialStr( - agents); + String desc = getParameter(req, Constants.PR_GROUP_DESC); + String agents = getParameter(req, Constants.PR_RECOVERY_AGENT); + Credential creds[] = parseCredentialStr(agents); // XXX - check if the given password matched // put ids into hashtable so that we can // figure out what should be saved and deleted - Enumeration e = mKRA.getAutoRecoveryIDs(); + Enumeration e = mKRA.getAutoRecoveryIDs(); Hashtable h = new Hashtable(); while (e.hasMoreElements()) { @@ -725,14 +653,13 @@ public class KRAAdminServlet extends AdminServlet { Enumeration dels = h.keys(); while (dels.hasMoreElements()) { - mKRA.removeAutoRecovery((String) - dels.nextElement()); + mKRA.removeAutoRecovery((String) dels.nextElement()); } } /** * Parses uid0=pwd0,uid1=pwd1,... into AgentCredential. - * + * * @param s credential string * @return a list of credentials */ @@ -744,8 +671,7 @@ public class KRAAdminServlet extends AdminServlet { String a = st.nextToken(); StringTokenizer st0 = new StringTokenizer(a, "="); - v.addElement(new Credential(st0.nextToken(), - st0.nextToken())); + v.addElement(new Credential(st0.nextToken(), st0.nextToken())); } Credential ac[] = new Credential[v.size()]; @@ -757,14 +683,13 @@ public class KRAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mKRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(mKRA.PROP_REQ_IN_Q_SUBSTORE); @@ -784,20 +709,21 @@ public class KRAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); - //System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } /** * Handle setting request in queue notification config info * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring * DRM (Key recovery scheme, change of any secret component) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -805,8 +731,8 @@ public class KRAAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -814,12 +740,11 @@ public class KRAAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { IConfigStore config = mKRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE); IConfigStore riq = nc.getSubStore(mKRA.PROP_REQ_IN_Q_SUBSTORE); - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -848,22 +773,16 @@ public class KRAAdminServlet extends AdminServlet { commit(true); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, null, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -871,28 +790,25 @@ public class KRAAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_DRM, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_DRM, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_DRM, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java index 58e4dbdf..45e63061 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogSubsystem; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.logging.LogPlugin; - /** - * A class representings an administration servlet for logging - * subsystem. This servlet is responsible to serve - * logging administrative operation such as configuration - * parameter updates and log retriever. - * + * A class representings an administration servlet for logging subsystem. This + * servlet is responsible to serve logging administrative operation such as + * configuration parameter updates and log retriever. + * * @version $Revision$, $Date$ */ public class LogAdminServlet extends AdminServlet { @@ -69,12 +66,9 @@ public class LogAdminServlet extends AdminServlet { private final static String EDIT = ";" + Constants.EDIT; private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT = - "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; - private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE = - "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; - private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE = - "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT = "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3"; + private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE = "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4"; + private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE = "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4"; /** * Constructs Log servlet. @@ -114,15 +108,14 @@ public class LogAdminServlet extends AdminServlet { * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); return; } @@ -137,16 +130,16 @@ public class LogAdminServlet extends AdminServlet { if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } try { getExtendedPluginInfo(req, resp); return; } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, + resp); return; } } @@ -154,9 +147,8 @@ public class LogAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } @@ -169,17 +161,15 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { getGeneralConfig(req, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } @@ -190,17 +180,15 @@ public class LogAdminServlet extends AdminServlet { delLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } @@ -211,18 +199,16 @@ public class LogAdminServlet extends AdminServlet { addLogInst(req, resp, scope); return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_MODIFY)) { AUTHZ_RES_NAME = "certServer.log.configuration"; mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } @@ -232,17 +218,15 @@ public class LogAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_GENERAL)) { setGeneralConfig(req, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_LOG_IMPLS)) { @@ -255,70 +239,74 @@ public class LogAdminServlet extends AdminServlet { listLogInsts(req, resp, false); return; } else if (scope.equals(ScopeDef.SC_LOG_CONTENT)) { - String instName = req.getParameter(Constants.PR_LOG_INSTANCE); + String instName = req + .getParameter(Constants.PR_LOG_INSTANCE); if (instName.equals("System")) { AUTHZ_RES_NAME = "certServer.log.content.system"; } else if (instName.equals("Transactions")) { AUTHZ_RES_NAME = "certServer.log.content.transactions"; - } else if (instName.equals(Constants.PR_LOG_SIGNED_AUDIT)) { + } else if (instName + .equals(Constants.PR_LOG_SIGNED_AUDIT)) { AUTHZ_RES_NAME = "certServer.log.content.signedAudit"; } mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage( + getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } - ILogEventListener loginst = - mSys.getLogInstance(instName); + ILogEventListener loginst = mSys + .getLogInstance(instName); if (loginst != null) { - NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req)); + NameValuePairs nvps = loginst + .retrieveLogContent(toHashtable(req)); sendResponse(SUCCESS, null, nvps, resp); } return; } else if (scope.equals(ScopeDef.SC_LOG_ARCH)) { - String instName = req.getParameter(Constants.PR_LOG_INSTANCE); + String instName = req + .getParameter(Constants.PR_LOG_INSTANCE); if (instName.equals("System")) { AUTHZ_RES_NAME = "certServer.log.content.system"; } else if (instName.equals("Transactions")) { AUTHZ_RES_NAME = "certServer.log.content.transactions"; - } else if (instName.equals(Constants.PR_LOG_SIGNED_AUDIT)) { + } else if (instName + .equals(Constants.PR_LOG_SIGNED_AUDIT)) { AUTHZ_RES_NAME = "certServer.log.content.signedAudit"; } mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage( + getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } - ILogEventListener loginst = - mSys.getLogInstance(instName); + ILogEventListener loginst = mSys + .getLogInstance(instName); if (loginst != null) { - NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req)); + NameValuePairs nvps = loginst + .retrieveLogList(toHashtable(req)); sendResponse(SUCCESS, null, nvps, resp); } return; } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); return; } } @@ -328,16 +316,15 @@ public class LogAdminServlet extends AdminServlet { } catch (Exception e) { System.out.println("XXX >>>" + e.toString() + "<<<"); e.printStackTrace(); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); } return; } - private synchronized void listLogInsts(HttpServletRequest req, - HttpServletResponse resp, boolean all) throws ServletException, + private synchronized void listLogInsts(HttpServletRequest req, + HttpServletResponse resp, boolean all) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -346,14 +333,14 @@ public class LogAdminServlet extends AdminServlet { for (; e.hasMoreElements();) { String name = (String) e.nextElement(); - ILogEventListener value = ((ILogSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_LOG)).getLogInstance(name); + ILogEventListener value = ((ILogSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_LOG)).getLogInstance(name); if (value == null) continue; String pName = mSys.getLogPluginName(value); - LogPlugin pClass = (LogPlugin) - mSys.getLogPlugins().get(pName); - String c = pClass.getClassPath(); + LogPlugin pClass = (LogPlugin) mSys.getLogPlugins().get(pName); + String c = pClass.getClassPath(); // not show ntEventlog here if (all || (!all && !c.endsWith("NTEventLog"))) @@ -363,28 +350,30 @@ public class LogAdminServlet extends AdminServlet { return; } - /** - * retrieve extended plugin info such as brief description, type info - * from logging + /** + * retrieve extended plugin info such as brief description, type info from + * logging */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, + implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { - IExtendedPluginInfo ext_info = null; + private NameValuePairs getExtendedPluginInfo(Locale locale, + String implType, String implName) { + IExtendedPluginInfo ext_info = null; Object impl = null; - LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); + LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); if (lp != null) { impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath()); @@ -400,7 +389,8 @@ public class LogAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info + .getExtendedPluginInfo(locale)); } return nvps; @@ -410,11 +400,12 @@ public class LogAdminServlet extends AdminServlet { /** * Add log plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -422,9 +413,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -442,22 +433,19 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -466,17 +454,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogException(CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } @@ -486,25 +474,21 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NULL_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_NULL_CLASS"), null, resp); return; } IConfigStore destStore = null; destStore = mConfig.getSubStore("log"); - IConfigStore instancesConfig = - destStore.getSubStore("impl"); + IConfigStore instancesConfig = destStore.getSubStore("impl"); // Does the class exist? Class newImpl = null; @@ -515,33 +499,27 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_NO_CLASS"), null, resp); return; } catch (IllegalArgumentException e) { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_NO_CLASS"), null, resp); return; } @@ -551,34 +529,30 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_ILL_CLASS"), null, resp); return; } - } catch (NullPointerException e) { // unlikely, only if newImpl null. + } catch (NullPointerException e) { // unlikely, only if newImpl + // null. // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_ILL_CLASS"), null, resp); return; } @@ -590,22 +564,19 @@ public class LogAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -619,10 +590,8 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); } @@ -630,41 +599,39 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } @@ -681,11 +648,12 @@ public class LogAdminServlet extends AdminServlet { /** * Add log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -693,9 +661,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -716,17 +684,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -734,16 +699,13 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp); return; } @@ -751,71 +713,60 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_ILL_INST_ID"), null, resp); return; } // get required parameters - String implname = req.getParameter( - Constants.PR_LOG_IMPL_NAME); + String implname = req.getParameter(Constants.PR_LOG_IMPL_NAME); if (implname == null) { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // check if implementation exists. - LogPlugin plugin = - (LogPlugin) mSys.getLogPlugins().get( - implname); + LogPlugin plugin = (LogPlugin) mSys.getLogPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogPluginNotFound(CMS.getUserMessage( + getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", + implname)).toString(), null, resp); return; } Vector configParams = mSys.getLogDefaultParams(implname); - IConfigStore destStore = - mConfig.getSubStore("log"); - IConfigStore instancesConfig = - destStore.getSubStore("instance"); + IConfigStore destStore = mConfig.getSubStore("log"); + IConfigStore instancesConfig = destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -825,17 +776,16 @@ public class LogAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), val); } } } substore.put("pluginName", implname); - // Fix Blackflag Bug #615603: Currently, although expiring log + // Fix Blackflag Bug #615603: Currently, although expiring log // files is no longer supported, it is still a required parameter // that must be present during the creation and modification of // custom log plugins. @@ -846,7 +796,8 @@ public class LogAdminServlet extends AdminServlet { ILogEventListener logInst = null; try { - logInst = (ILogEventListener) Class.forName(className).newInstance(); + logInst = (ILogEventListener) Class.forName(className) + .newInstance(); } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); @@ -854,17 +805,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogException(CMS.getUserMessage(getLocale(req), + "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); @@ -872,17 +823,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogException(CMS.getUserMessage(getLocale(req), + "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); @@ -890,17 +841,17 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogException(CMS.getUserMessage(getLocale(req), + "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } @@ -914,10 +865,8 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } @@ -930,10 +879,8 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } @@ -952,17 +899,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -976,10 +920,8 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); } @@ -987,66 +929,62 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void listLogPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listLogPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mSys.getLogPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - LogPlugin value = (LogPlugin) - mSys.getLogPlugins().get(name); + LogPlugin value = (LogPlugin) mSys.getLogPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { - ILogEventListener lp = (ILogEventListener) - Class.forName(c).newInstance(); + ILogEventListener lp = (ILogEventListener) Class.forName(c) + .newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, - resp); + sendResponse(ERROR, exp.toString(), null, resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1068,11 +1006,12 @@ public class LogAdminServlet extends AdminServlet { /** * Delete log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1080,9 +1019,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1101,22 +1040,19 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1125,65 +1061,58 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. - ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); + // being used. + ILogEventListener logInst = (ILogEventListener) mSys + .getLogInstance(id); mSys.getLogInsts().remove((Object) id); // remove the configuration. - IConfigStore destStore = - mConfig.getSubStore("log"); - IConfigStore instancesConfig = - destStore.getSubStore("instance"); + IConfigStore destStore = mConfig.getSubStore("log"); + IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); } @@ -1191,52 +1120,51 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Delete log plug-in * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1244,9 +1172,9 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void delLogPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delLogPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1265,22 +1193,19 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1288,24 +1213,23 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",id)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogPluginNotFound(CMS.getUserMessage( + getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)) + .toString(), null, resp); return; } // first check if any instances from this log // DON'T remove log if any instance - for (Enumeration e = mSys.getLogInsts().keys(); - e.hasMoreElements();) { + for (Enumeration e = mSys.getLogInsts().keys(); e.hasMoreElements();) { String name = (String) e.nextElement(); ILogEventListener log = mSys.getLogInstance(name); @@ -1313,28 +1237,24 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_IN_USE"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this log mSys.getLogPlugins().remove((Object) id); - IConfigStore destStore = - mConfig.getSubStore("log"); - IConfigStore instancesConfig = - destStore.getSubStore("impl"); + IConfigStore destStore = mConfig.getSubStore("log"); + IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting @@ -1344,27 +1264,22 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); } @@ -1372,55 +1287,52 @@ public class LogAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private synchronized void getLogConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getLogConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1434,50 +1346,47 @@ public class LogAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getLogInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void getLogInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does log instance exist? if (mSys.getLogInsts().containsKey(id) == false) { - sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + null, resp); return; } - ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); + ILogEventListener logInst = (ILogEventListener) mSys.getLogInstance(id); Vector configParams = logInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_LOG_IMPL_NAME, - getLogPluginName(logInst)); + params.add(Constants.PR_LOG_IMPL_NAME, getLogPluginName(logInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } @@ -1488,18 +1397,19 @@ public class LogAdminServlet extends AdminServlet { /** * Modify log instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when * configuring signedAudit * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file - * name (including any path changes) for any of audit, system, transaction, + * name (including any path changes) for any of audit, system, transaction, * or other customized log file change is attempted (authorization should * not allow, but make sure it's written after the attempt) * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log * expiration time change is attempted (authorization should not allow, but * make sure it's written after the attempt) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @param scope string used to obtain the contents of the log's substore @@ -1507,17 +1417,17 @@ public class LogAdminServlet extends AdminServlet { * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modLogInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modLogInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String logType = null; String origLogPath = req.getParameter(Constants.PR_LOG_FILENAME); String newLogPath = origLogPath; - String origExpirationTime = req.getParameter( - Constants.PR_LOG_EXPIRED_TIME); + String origExpirationTime = req + .getParameter(Constants.PR_LOG_EXPIRED_TIME); String newExpirationTime = origExpirationTime; // ensure that any low-level exceptions are reported @@ -1550,22 +1460,19 @@ public class LogAdminServlet extends AdminServlet { } if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); + // System.out.println("SRVLT_NULL_RS_ID"); // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1574,17 +1481,14 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_ILL_INST_ID"), null, resp); return; } @@ -1595,45 +1499,43 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), - null, resp); + null, resp); return; } // get plugin for implementation - LogPlugin plugin = - (LogPlugin) mSys.getLogPlugins().get(implname); + LogPlugin plugin = (LogPlugin) mSys.getLogPlugins().get(implname); if (plugin == null) { // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), null, resp); + sendResponse( + ERROR, + new ELogPluginNotFound(CMS.getUserMessage( + getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", + implname)).toString(), null, resp); return; } // save old instance substore params in case new one fails. - ILogEventListener oldinst = - (ILogEventListener) mSys.getLogInstance(id); + ILogEventListener oldinst = (ILogEventListener) mSys + .getLogInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1645,7 +1547,7 @@ public class LogAdminServlet extends AdminServlet { int index = kv.indexOf('='); saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + kv.substring(index + 1)); } } @@ -1653,28 +1555,26 @@ public class LogAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = - mConfig.getSubStore("log"); - IConfigStore instancesConfig = - destStore.getSubStore("instance"); + IConfigStore destStore = mConfig.getSubStore("log"); + IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. Vector configParams = mSys.getLogInstanceParams(id); - //instancesConfig.removeSubStore(id); + // instancesConfig.removeSubStore(id); IConfigStore substore = instancesConfig.makeSubStore(id); substore.put("pluginName", implname); - // Fix Blackflag Bug #615603: Currently, although expiring log + // Fix Blackflag Bug #615603: Currently, although expiring log // files is no longer supported, it is still a required parameter // that must be present during the creation and modification of // custom log plugins. substore.put("expirationTime", "0"); - // IMPORTANT: save a copy of the original log file path + // IMPORTANT: save a copy of the original log file path origLogPath = substore.getString(Constants.PR_LOG_FILENAME); newLogPath = origLogPath; @@ -1686,9 +1586,9 @@ public class LogAdminServlet extends AdminServlet { newLogPath = ""; } - // IMPORTANT: save a copy of the original log expiration time - origExpirationTime = substore.getString( - Constants.PR_LOG_EXPIRED_TIME); + // IMPORTANT: save a copy of the original log expiration time + origExpirationTime = substore + .getString(Constants.PR_LOG_EXPIRED_TIME); newExpirationTime = origExpirationTime; if (origExpirationTime != null) { @@ -1701,16 +1601,14 @@ public class LogAdminServlet extends AdminServlet { if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { - AUTHZ_RES_NAME = - "certServer.log.configuration"; + AUTHZ_RES_NAME = "certServer.log.configuration"; String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); String key = kv.substring(0, index); String val = req.getParameter(key); - if - (key.equals("level")) { - if (val.equals(ILogger.LL_DEBUG_STRING)) + if (key.equals("level")) { + if (val.equals(ILogger.LL_DEBUG_STRING)) val = "0"; else if (val.equals(ILogger.LL_INFO_STRING)) val = "1"; @@ -1727,9 +1625,8 @@ public class LogAdminServlet extends AdminServlet { } - if - (key.equals("rolloverInterval")) { - if (val.equals("Hourly")) + if (key.equals("rolloverInterval")) { + if (val.equals("Hourly")) val = Integer.toString(60 * 60); else if (val.equals("Daily")) val = Integer.toString(60 * 60 * 24); @@ -1741,8 +1638,7 @@ public class LogAdminServlet extends AdminServlet { val = Integer.toString(60 * 60 * 24 * 365); } - if - (key.equals(Constants.PR_LOG_TYPE)) { + if (key.equals(Constants.PR_LOG_TYPE)) { type = val; } @@ -1753,19 +1649,18 @@ public class LogAdminServlet extends AdminServlet { val = val.trim(); newLogPath = val; if (!val.equals(origVal.trim())) { - AUTHZ_RES_NAME = - "certServer.log.configuration.fileName"; + AUTHZ_RES_NAME = "certServer.log.configuration.fileName"; mOp = "modify"; if ((mToken = super.authorize(req)) == null) { // store a message in the signed audit log // file (regardless of logType) if (!(newLogPath.equals(origLogPath))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newLogPath); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, + ILogger.FAILURE, + logType, newLogPath); audit(auditMessage); } @@ -1773,68 +1668,57 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log // file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage( + getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } } } -/* - if (key.equals("expirationTime")) { - String origVal = substore.getString(key); - - val = val.trim(); - newExpirationTime = val; - if (!val.equals(origVal.trim())) { - if (id.equals(SIGNED_AUDIT_LOG_TYPE)) { - AUTHZ_RES_NAME = - "certServer.log.configuration.signedAudit.expirationTime"; - } - mOp = "modify"; - if ((mToken = super.authorize(req)) == null) { - // store a message in the signed audit log - // file (regardless of logType) - if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } - - // store a message in the signed audit log - // file - if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); - - audit(auditMessage); - } - - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); - return; - } - } - } -*/ + /* + * if (key.equals("expirationTime")) { String origVal = + * substore.getString(key); + * + * val = val.trim(); newExpirationTime = val; if + * (!val.equals(origVal.trim())) { if + * (id.equals(SIGNED_AUDIT_LOG_TYPE)) { AUTHZ_RES_NAME = + * "certServer.log.configuration.signedAudit.expirationTime" + * ; } mOp = "modify"; if ((mToken = + * super.authorize(req)) == null) { // store a message + * in the signed audit log // file (regardless of + * logType) if + * (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + * auditSubjectID, ILogger.FAILURE, logType, + * newExpirationTime); + * + * audit(auditMessage); } + * + * // store a message in the signed audit log // file if + * (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + * auditSubjectID, ILogger.FAILURE, auditParams(req)); + * + * audit(auditMessage); } + * + * sendResponse(ERROR, + * CMS.getUserMessage(getLocale(req), + * "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; + * } } } + */ substore.put(key, val); } } @@ -1846,8 +1730,8 @@ public class LogAdminServlet extends AdminServlet { ILogEventListener newMgrInst = null; try { - newMgrInst = (ILogEventListener) - Class.forName(className).newInstance(); + newMgrInst = (ILogEventListener) Class.forName(className) + .newInstance(); } catch (ClassNotFoundException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); @@ -1862,11 +1746,9 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, ILogger.FAILURE, logType, + newLogPath); audit(auditMessage); } @@ -1874,38 +1756,35 @@ public class LogAdminServlet extends AdminServlet { // store a message in the signed audit log file // (regardless of logType) /* - if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogException(CMS.getUserMessage(getLocale(req), + "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (InstantiationException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - //newExpirationTime = auditCheckLogExpirationTime(req); + // newExpirationTime = auditCheckLogExpirationTime(req); restore(instancesConfig, id, saveParams); @@ -1913,49 +1792,45 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, ILogger.FAILURE, logType, + newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /*if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogException(CMS.getUserMessage(getLocale(req), + "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } catch (IllegalAccessException e) { // check to see if the log file path parameter was changed newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - //newExpirationTime = auditCheckLogExpirationTime(req); + // newExpirationTime = auditCheckLogExpirationTime(req); restore(instancesConfig, id, saveParams); @@ -1963,47 +1838,43 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, ILogger.FAILURE, logType, + newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /* if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } */ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogException(CMS.getUserMessage(getLocale(req), + "CMS_LOG_LOAD_CLASS_FAIL", className)) + .toString(), null, resp); return; } // initialize the log - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { @@ -2015,58 +1886,52 @@ public class LogAdminServlet extends AdminServlet { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); + // System.out.println("SRVLT_FAIL_COMMIT"); // store a message in the signed audit log file // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + auditSubjectID, ILogger.FAILURE, logType, + newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /* if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // commited ok. replace instance. - // REMOVED - we didn't do anything to shut off the old instance - // so, it will still be running at this point. You'd have two - // log isntances writing to the same file - this would be a big PROBLEM!!! + // REMOVED - we didn't do anything to shut off the old instance + // so, it will still be running at this point. You'd have two + // log isntances writing to the same file - this would be a big + // PROBLEM!!! - //mSys.getLogInsts().put(id, newMgrInst); + // mSys.getLogInsts().put(id, newMgrInst); NameValuePairs params = new NameValuePairs(); @@ -2074,41 +1939,34 @@ public class LogAdminServlet extends AdminServlet { newLogPath = auditCheckLogPath(req); // check to see if the log expiration time parameter was changed - //newExpirationTime = auditCheckLogExpirationTime(req); + // newExpirationTime = auditCheckLogExpirationTime(req); // store a message in the signed audit log file // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, - ILogger.SUCCESS, - logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, auditSubjectID, + ILogger.SUCCESS, logType, newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /*if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.SUCCESS, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.SUCCESS, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); } @@ -2126,35 +1984,28 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, auditSubjectID, + ILogger.FAILURE, logType, newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /* if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - } */ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } @@ -2172,35 +2023,28 @@ public class LogAdminServlet extends AdminServlet { // (regardless of logType) if (!(newLogPath.equals(origLogPath))) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newLogPath); + LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, auditSubjectID, + ILogger.FAILURE, logType, newLogPath); audit(auditMessage); } // store a message in the signed audit log file // (regardless of logType) - /*if (!(newExpirationTime.equals(origExpirationTime))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - auditSubjectID, - ILogger.FAILURE, - logType, - newExpirationTime); - - audit(auditMessage); - }*/ + /* + * if (!(newExpirationTime.equals(origExpirationTime))) { + * auditMessage = CMS.getLogMessage( + * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID, + * ILogger.FAILURE, logType, newExpirationTime); + * + * audit(auditMessage); } + */ // store a message in the signed audit log file if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); } @@ -2208,74 +2052,72 @@ public class LogAdminServlet extends AdminServlet { // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // check to see if the log file path parameter was changed - // newLogPath = auditCheckLogPath( req ); + // // check to see if the log file path parameter was changed + // newLogPath = auditCheckLogPath( req ); // - // // check to see if the log expiration time parameter was changed - // newExpirationTime = auditCheckLogExpirationTime( req ); + // // check to see if the log expiration time parameter was changed + // newExpirationTime = auditCheckLogExpirationTime( req ); // - // // store a message in the signed audit log file - // // (regardless of logType) - // if( !( newLogPath.equals( origLogPath ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, - // auditSubjectID, - // ILogger.FAILURE, - // logType, - // newLogPath ); + // // store a message in the signed audit log file + // // (regardless of logType) + // if( !( newLogPath.equals( origLogPath ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, + // auditSubjectID, + // ILogger.FAILURE, + // logType, + // newLogPath ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // store a message in the signed audit log file - // // (regardless of logType) - // if( !( newExpirationTime.equals( origExpirationTime ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, - // auditSubjectID, - // ILogger.FAILURE, - // logType, - // newExpirationTime ); + // // store a message in the signed audit log file + // // (regardless of logType) + // if( !( newExpirationTime.equals( origExpirationTime ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, + // auditSubjectID, + // ILogger.FAILURE, + // logType, + // newExpirationTime ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // store a message in the signed audit log file - // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this log subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular plugin implementation name specified in + * the RS_ID. Actually, there is no logic in here to set any default value + * here...there's no default value for any parameter in this log subsystem + * at this point. Later, if we do have one (or some), it can be added. The + * interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -2292,8 +2134,7 @@ public class LogAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } } @@ -2301,43 +2142,41 @@ public class LogAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does log instance exist? if (mSys.getLogInsts().containsKey(id) == false) { - sendResponse(ERROR, - new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(), - null, resp); + sendResponse( + ERROR, + new ELogNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(), + null, resp); return; } - ILogEventListener logInst = (ILogEventListener) - mSys.getLogInstance(id); + ILogEventListener logInst = (ILogEventListener) mSys.getLogInstance(id); Vector configParams = logInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_LOG_IMPL_NAME, - getLogPluginName(logInst)); + params.add(Constants.PR_LOG_IMPL_NAME, getLogPluginName(logInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } @@ -2346,8 +2185,8 @@ public class LogAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, String id, + NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -2357,17 +2196,17 @@ public class LogAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } /** * Signed Audit Check Log Path - * + * * This method is called to extract the log file path. * <P> - * + * * @param req http servlet request * @return a string containing the log file path */ @@ -2386,17 +2225,16 @@ public class LogAdminServlet extends AdminServlet { /** * Signed Audit Check Log Expiration Time - * + * * This method is called to extract the log expiration time. * <P> - * + * * @param req http servlet request * @return a string containing the log expiration time */ private String auditCheckLogExpirationTime(HttpServletRequest req) { // check to see if the log expiration time parameter was changed - String expirationTime = req.getParameter( - Constants.PR_LOG_EXPIRED_TIME); + String expirationTime = req.getParameter(Constants.PR_LOG_EXPIRED_TIME); if (expirationTime == null) { expirationTime = ""; @@ -2408,8 +2246,8 @@ public class LogAdminServlet extends AdminServlet { } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); String value = "false"; @@ -2424,8 +2262,8 @@ public class LogAdminServlet extends AdminServlet { } private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); boolean restart = false; @@ -2438,18 +2276,22 @@ public class LogAdminServlet extends AdminServlet { if (value.equals("true") || value.equals("false")) { mConfig.putString(Constants.PR_DEBUG_LOG_ENABLE, value); } else { - CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_ENABLE + ": " + value); - throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_ENABLE); + CMS.debug("setGeneralConfig: Invalid value for " + + Constants.PR_DEBUG_LOG_ENABLE + ": " + value); + throw new EBaseException("Invalid value for " + + Constants.PR_DEBUG_LOG_ENABLE); } } else if (key.equals(Constants.PR_DEBUG_LOG_LEVEL)) { try { int number = Integer.parseInt(value); mConfig.putString(Constants.PR_DEBUG_LOG_LEVEL, value); } catch (NumberFormatException e) { - CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value); - throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL); + CMS.debug("setGeneralConfig: Invalid value for " + + Constants.PR_DEBUG_LOG_LEVEL + ": " + value); + throw new EBaseException("Invalid value for " + + Constants.PR_DEBUG_LOG_LEVEL); } - } + } } mConfig.commit(true); @@ -2461,4 +2303,3 @@ public class LogAdminServlet extends AdminServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java index 9464f48f..01b1edd0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,13 +38,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.ocsp.IOCSPAuthority; import com.netscape.certsrv.ocsp.IOCSPStore; - /** - * A class representings an administration servlet for Certificate - * Authority. This servlet is responsible to serve OCSP - * administrative operations such as configuration parameter - * updates. - * + * A class representings an administration servlet for Certificate Authority. + * This servlet is responsible to serve OCSP administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class OCSPAdminServlet extends AdminServlet { @@ -59,8 +56,7 @@ public class OCSPAdminServlet extends AdminServlet { private final static String INFO = "OCSPAdminServlet"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3"; private IOCSPAuthority mOCSP = null; @@ -84,33 +80,32 @@ public class OCSPAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to - * the authenticate manager. + * Serves HTTP request. Each request is authenticated to the authenticate + * manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - - //get all operational flags + + // get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - //check operational flags + // check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; - } + } super.authenticate(req); - + try { AUTHZ_RES_NAME = "certServer.ocsp.configuration"; if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } try { @@ -125,9 +120,8 @@ public class OCSPAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } setDefaultStore(req, resp); @@ -138,9 +132,8 @@ public class OCSPAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -153,9 +146,8 @@ public class OCSPAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -168,9 +160,8 @@ public class OCSPAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) { @@ -185,25 +176,26 @@ public class OCSPAdminServlet extends AdminServlet { } /** - * retrieve extended plugin info such as brief description, - * type info from CRL extensions + * retrieve extended plugin info such as brief description, type info from + * CRL extensions */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, + implName); sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, + String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; @@ -219,7 +211,8 @@ public class OCSPAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info + .getExtendedPluginInfo(locale)); } return nvps; @@ -229,12 +222,13 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set default OCSP store * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -242,8 +236,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setDefaultStore(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -253,15 +247,13 @@ public class OCSPAdminServlet extends AdminServlet { String id = req.getParameter(Constants.RS_ID); mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID, - id); + id); commit(true); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -269,10 +261,8 @@ public class OCSPAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -281,33 +271,31 @@ public class OCSPAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void getOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); IOCSPStore store = mOCSP.getOCSPStore(id); @@ -319,12 +307,13 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set OCSP store configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -332,8 +321,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -370,10 +359,8 @@ public class OCSPAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -381,10 +368,8 @@ public class OCSPAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -393,33 +378,31 @@ public class OCSPAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void listOCSPStoresConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mOCSP.getConfigStore(); String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID); @@ -433,14 +416,15 @@ public class OCSPAdminServlet extends AdminServlet { if (storeName.equals(defStore)) { storeEnabled = true; } - params.add(storeName, storeName + ";visible;" + ((storeEnabled) ? "enabled" : "disabled")); + params.add(storeName, storeName + ";visible;" + + ((storeEnabled) ? "enabled" : "disabled")); } sendResponse(SUCCESS, null, params, resp); } private void getGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); @@ -450,8 +434,7 @@ public class OCSPAdminServlet extends AdminServlet { } private void getSigningAlgConfig(NameValuePairs params) { - params.add(Constants.PR_DEFAULT_ALGORITHM, - mOCSP.getDefaultAlgorithm()); + params.add(Constants.PR_DEFAULT_ALGORITHM, mOCSP.getDefaultAlgorithm()); String[] algorithms = mOCSP.getOCSPSigningAlgorithms(); StringBuffer algorStr = new StringBuffer(); @@ -460,7 +443,7 @@ public class OCSPAdminServlet extends AdminServlet { algorStr.append(algorithms[i]); else algorStr.append(":"); - algorStr.append(algorithms[i]); + algorStr.append(algorithms[i]); } params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString()); } @@ -468,12 +451,13 @@ public class OCSPAdminServlet extends AdminServlet { /** * Set general OCSP configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when * configuring OCSP profile (everything under Online Certificate Status * Manager) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred @@ -481,8 +465,8 @@ public class OCSPAdminServlet extends AdminServlet { * @exception EBaseException an error has occurred */ private void setGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -506,10 +490,8 @@ public class OCSPAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -517,10 +499,8 @@ public class OCSPAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -529,34 +509,32 @@ public class OCSPAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, - level, "CAAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level, + "CAAdminServlet: " + msg); } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java index 10a768a2..961d706c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -44,14 +43,12 @@ import com.netscape.certsrv.policy.IPolicyProcessor; import com.netscape.certsrv.policy.IPolicyRule; import com.netscape.certsrv.ra.IRegistrationAuthority; - /** * This class is an administration servlet for policy management. - * - * Each service (CA, KRA, RA) should be responsible - * for registering an instance of this with the remote - * administration subsystem. - * + * + * Each service (CA, KRA, RA) should be responsible for registering an instance + * of this with the remote administration subsystem. + * * @version $Revision$, $Date$ */ public class PolicyAdminServlet extends AdminServlet { @@ -63,8 +60,7 @@ public class PolicyAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PolicyAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IPolicyProcessor mProcessor = null; @@ -84,8 +80,7 @@ public class PolicyAdminServlet extends AdminServlet { public static String COMMA = ","; public static String MISSING_POLICY_ORDERING = "Missing policy ordering"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY = - "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY = "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3"; /** * Constructs administration servlet. @@ -102,7 +97,7 @@ public class PolicyAdminServlet extends AdminServlet { String authority = config.getInitParameter(PROP_AUTHORITY); String policyStatus = null; - CMS.debug( "PolicyAdminServlet: In Policy Admin Servlet init!" ); + CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!"); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -112,89 +107,89 @@ public class PolicyAdminServlet extends AdminServlet { // that this legacy "Certificate Policies" framework would be // deprecated and disabled by default (see Bugzilla Bug #472597). // - // NOTE: The "Certificate Policies" framework ONLY applied to - // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. + // NOTE: The "Certificate Policies" framework ONLY applied to + // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. // - // Further, the "PolicyAdminServlet.java" servlet is ONLY used - // by the CA Console for the following: + // Further, the "PolicyAdminServlet.java" servlet is ONLY used + // by the CA Console for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // capolicy ca/capolicy + // SERVLET-NAME URL-PATTERN + // ==================================================== + // capolicy ca/capolicy // - // Finally, the "PolicyAdminServlet.java" servlet is ONLY used - // by the KRA Console for the following: + // Finally, the "PolicyAdminServlet.java" servlet is ONLY used + // by the KRA Console for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // krapolicy kra/krapolicy + // SERVLET-NAME URL-PATTERN + // ==================================================== + // krapolicy kra/krapolicy // if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); if (mAuthority != null) if (mAuthority instanceof ICertificateAuthority) { - mProcessor = ((ICertificateAuthority) mAuthority).getPolicyProcessor(); + mProcessor = ((ICertificateAuthority) mAuthority) + .getPolicyProcessor(); try { - policyStatus = ICertificateAuthority.ID - + "." + "Policy" - + "." + IPolicyProcessor.PROP_ENABLE; - if( mConfig.getBoolean( policyStatus, true ) == true ) { - // NOTE: If "ca.Policy.enable=<boolean>" is missing, - // then the referenced instance existed prior - // to this name=value pair existing in its - // 'CS.cfg' file, and thus we err on the - // side that the user may still need to - // use the policy framework. - CMS.debug( "PolicyAdminServlet::init " - + "Certificate Policy Framework (deprecated) " - + "is ENABLED" ); + policyStatus = ICertificateAuthority.ID + "." + "Policy" + + "." + IPolicyProcessor.PROP_ENABLE; + if (mConfig.getBoolean(policyStatus, true) == true) { + // NOTE: If "ca.Policy.enable=<boolean>" is missing, + // then the referenced instance existed prior + // to this name=value pair existing in its + // 'CS.cfg' file, and thus we err on the + // side that the user may still need to + // use the policy framework. + CMS.debug("PolicyAdminServlet::init " + + "Certificate Policy Framework (deprecated) " + + "is ENABLED"); } else { - // CS 8.1 Default: ca.Policy.enable=false - CMS.debug( "PolicyAdminServlet::init " - + "Certificate Policy Framework (deprecated) " - + "is DISABLED" ); - return; + // CS 8.1 Default: ca.Policy.enable=false + CMS.debug("PolicyAdminServlet::init " + + "Certificate Policy Framework (deprecated) " + + "is DISABLED"); + return; } - } catch( EBaseException e ) { - throw new ServletException( authority - + " does not have a " - + "master policy switch called '" - + policyStatus + "'" ); + } catch (EBaseException e) { + throw new ServletException(authority + " does not have a " + + "master policy switch called '" + policyStatus + + "'"); } } else if (mAuthority instanceof IRegistrationAuthority) { // this refers to the legacy RA (pre-CMS 7.0) - mProcessor = ((IRegistrationAuthority) mAuthority).getPolicyProcessor(); + mProcessor = ((IRegistrationAuthority) mAuthority) + .getPolicyProcessor(); } else if (mAuthority instanceof IKeyRecoveryAuthority) { - mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor(); + mProcessor = ((IKeyRecoveryAuthority) mAuthority) + .getPolicyProcessor(); try { - policyStatus = IKeyRecoveryAuthority.ID - + "." + "Policy" - + "." + IPolicyProcessor.PROP_ENABLE; - if( mConfig.getBoolean( policyStatus, true ) == true ) { - // NOTE: If "kra.Policy.enable=<boolean>" is missing, - // then the referenced instance existed prior - // to this name=value pair existing in its - // 'CS.cfg' file, and thus we err on the - // side that the user may still need to - // use the policy framework. - CMS.debug( "PolicyAdminServlet::init " - + "Certificate Policy Framework (deprecated) " - + "is ENABLED" ); + policyStatus = IKeyRecoveryAuthority.ID + "." + "Policy" + + "." + IPolicyProcessor.PROP_ENABLE; + if (mConfig.getBoolean(policyStatus, true) == true) { + // NOTE: If "kra.Policy.enable=<boolean>" is missing, + // then the referenced instance existed prior + // to this name=value pair existing in its + // 'CS.cfg' file, and thus we err on the + // side that the user may still need to + // use the policy framework. + CMS.debug("PolicyAdminServlet::init " + + "Certificate Policy Framework (deprecated) " + + "is ENABLED"); } else { - // CS 8.1 Default: kra.Policy.enable=false - CMS.debug( "PolicyAdminServlet::init " - + "Certificate Policy Framework (deprecated) " - + "is DISABLED" ); - return; + // CS 8.1 Default: kra.Policy.enable=false + CMS.debug("PolicyAdminServlet::init " + + "Certificate Policy Framework (deprecated) " + + "is DISABLED"); + return; } - } catch( EBaseException e ) { - throw new ServletException( authority - + " does not have a " - + "master policy switch called '" - + policyStatus + "'" ); + } catch (EBaseException e) { + throw new ServletException(authority + " does not have a " + + "master policy switch called '" + policyStatus + + "'"); } - } else - throw new ServletException(authority + " does not have policy processor!"); + } else + throw new ServletException(authority + + " does not have policy processor!"); } /** @@ -204,15 +199,15 @@ public class PolicyAdminServlet extends AdminServlet { return INFO; } - /** - * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins + /** + * retrieve extended plugin info such as brief description, type info from + * policy, authentication, need to add: listener, mapper and publishing + * plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { + if (!readAuthorize(req, resp)) return; String id = req.getParameter(Constants.RS_ID); @@ -229,14 +224,16 @@ public class PolicyAdminServlet extends AdminServlet { if (colon > -1) { implName = implName1.substring(0, colon); instName = implName1.substring(colon + 1); - params = getExtendedPluginInfo(getLocale(req), implType, implName, instName); + params = getExtendedPluginInfo(getLocale(req), implType, implName, + instName); } else { params = getExtendedPluginInfo(getLocale(req), implType, implName); } sendResponse(SUCCESS, null, params, resp); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, + String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; IPolicyRule policy = mProcessor.getPolicyImpl(implName); @@ -248,27 +245,27 @@ public class PolicyAdminServlet extends AdminServlet { ext_info = (IExtendedPluginInfo) impl; } } - + NameValuePairs nvps = null; - + if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info + .getExtendedPluginInfo(locale)); } - + return nvps; } - public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType, - String implName, - String instName) { + public NameValuePairs getExtendedPluginInfo(Locale locale, + String pluginType, String implName, String instName) { IExtendedPluginInfo ext_info = null; Object impl = null; IPolicyRule policy = mProcessor.getPolicyInstance(instName); - + impl = policy; if (impl == null) { impl = mProcessor.getPolicyImpl(implName); @@ -284,7 +281,8 @@ public class PolicyAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info + .getExtendedPluginInfo(locale)); } @@ -301,10 +299,12 @@ public class PolicyAdminServlet extends AdminServlet { if (ext_info instanceof IPolicyRule) { if (nvps.getPair(IPolicyRule.PROP_ENABLE) == null) { - nvps.add(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule"); + nvps.add(IPolicyRule.PROP_ENABLE, + "boolean;Enable this policy rule"); } if (nvps.getPair(PROP_PREDICATE) == null) { - nvps.add(PROP_PREDICATE, "string;Rules describing when this policy should run."); + nvps.add(PROP_PREDICATE, + "string;Rules describing when this policy should run."); } } } @@ -312,9 +312,8 @@ public class PolicyAdminServlet extends AdminServlet { /** * Serves HTTP admin request. */ - public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void service(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -332,30 +331,28 @@ public class PolicyAdminServlet extends AdminServlet { } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } + } } else sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return false; } return true; @@ -365,8 +362,7 @@ public class PolicyAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -387,13 +383,11 @@ public class PolicyAdminServlet extends AdminServlet { return; addPolicyImpl(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); } public void processPolicyRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -423,18 +417,15 @@ public class PolicyAdminServlet extends AdminServlet { else modifyPolicyInstance(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); } - public void listPolicyImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void listPolicyImpls(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { Enumeration policyImplNames = mProcessor.getPolicyImplsInfo(); Enumeration policyImpls = mProcessor.getPolicyImpls(); - if (policyImplNames == null || - policyImpls == null) { + if (policyImplNames == null || policyImpls == null) { sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp); return; } @@ -442,13 +433,11 @@ public class PolicyAdminServlet extends AdminServlet { // Assemble a name value pair; NameValuePairs nvp = new NameValuePairs(); - while (policyImplNames.hasMoreElements() && - policyImpls.hasMoreElements()) { + while (policyImplNames.hasMoreElements() + && policyImpls.hasMoreElements()) { String id = (String) policyImplNames.nextElement(); - IPolicyRule impl = (IPolicyRule) - policyImpls.nextElement(); - String className = - impl.getClass().getName(); + IPolicyRule impl = (IPolicyRule) policyImpls.nextElement(); + String className = impl.getClass().getName(); String desc = impl.getDescription(); nvp.add(id, className + "," + desc); @@ -457,8 +446,7 @@ public class PolicyAdminServlet extends AdminServlet { } public void listPolicyInstances(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo(); if (instancesInfo == null) { @@ -475,7 +463,7 @@ public class PolicyAdminServlet extends AdminServlet { int i = info.indexOf(";"); nvp.add(info.substring(0, i), info.substring(i + 1)); - + } sendResponse(SUCCESS, null, nvp, resp); } @@ -483,19 +471,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Delete policy implementation * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -508,10 +496,8 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -524,23 +510,19 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, null, resp); } catch (Exception e) { - //e.printStackTrace(); + // e.printStackTrace(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -549,33 +531,30 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyImplConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -604,19 +583,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy implementation * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ - public void addPolicyImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void addPolicyImpl(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -629,10 +608,8 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -645,10 +622,8 @@ public class PolicyAdminServlet extends AdminServlet { if (classPath == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -660,10 +635,8 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -671,10 +644,8 @@ public class PolicyAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -683,46 +654,44 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deletePolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -735,10 +704,8 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -751,23 +718,19 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, null, resp); } catch (Exception e) { - //e.printStackTrace(); + // e.printStackTrace(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -776,33 +739,30 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get the policy rule id. String id = req.getParameter(Constants.RS_ID).trim(); @@ -835,8 +795,7 @@ public class PolicyAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, nvp, resp); } - public void - putUserPWPair(String combo) { + public void putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -849,19 +808,19 @@ public class PolicyAdminServlet extends AdminServlet { /** * Add policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -874,10 +833,8 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -891,10 +848,8 @@ public class PolicyAdminServlet extends AdminServlet { if (implName == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -924,10 +879,8 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -955,10 +908,8 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -966,10 +917,8 @@ public class PolicyAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -978,62 +927,57 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Change ordering of policy instances * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void changePolicyInstanceOrdering(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - String policyOrder = - req.getParameter(Constants.PR_POLICY_ORDER); + String policyOrder = req.getParameter(Constants.PR_POLICY_ORDER); if (policyOrder == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1045,10 +989,8 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1056,10 +998,8 @@ public class PolicyAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1068,46 +1008,44 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify policy instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when * configuring cert policy constraints and extensions * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1120,10 +1058,8 @@ public class PolicyAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1132,15 +1068,14 @@ public class PolicyAdminServlet extends AdminServlet { } // Get the default config params for the implementation. - String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME).trim(); + String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME) + .trim(); if (implName == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1169,17 +1104,15 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp); return; } - // XXX + // XXX for (Enumeration n = req.getParameterNames(); n.hasMoreElements();) { String p = (String) n.nextElement(); String l = (String) req.getParameter(p); @@ -1189,15 +1122,10 @@ public class PolicyAdminServlet extends AdminServlet { } /* - for(Enumeration e = v.elements(); e.hasMoreElements(); ) - { - String nv = (String)e.nextElement(); - int index = nv.indexOf("="); - String key = nv.substring(0, index); - val = req.getParameter(key); - if (val != null) - ht.put(key, val); - } + * for(Enumeration e = v.elements(); e.hasMoreElements(); ) { String + * nv = (String)e.nextElement(); int index = nv.indexOf("="); String + * key = nv.substring(0, index); val = req.getParameter(key); if + * (val != null) ht.put(key, val); } */ try { @@ -1205,10 +1133,8 @@ public class PolicyAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1216,10 +1142,8 @@ public class PolicyAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1228,28 +1152,25 @@ public class PolicyAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java index 1cfab0b6..1ae8def1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -53,14 +52,12 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.registry.IPluginInfo; import com.netscape.certsrv.registry.IPluginRegistry; - /** * This class is an administration servlet for policy management. - * - * Each service (CA, KRA, RA) should be responsible - * for registering an instance of this with the remote - * administration subsystem. - * + * + * Each service (CA, KRA, RA) should be responsible for registering an instance + * of this with the remote administration subsystem. + * * @version $Revision$, $Date$ */ public class ProfileAdminServlet extends AdminServlet { @@ -72,8 +69,7 @@ public class ProfileAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "ProfileAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -96,8 +92,7 @@ public class ProfileAdminServlet extends AdminServlet { public static String MISSING_POLICY_ORDERING = "Missing policy ordering"; public static String BAD_CONFIGURATION_VAL = "Invalid configuration value."; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = - "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3"; /** * Constructs administration servlet. @@ -116,7 +111,8 @@ public class ProfileAdminServlet extends AdminServlet { if (authority != null) mAuthority = (IAuthority) CMS.getSubsystem(authority); mRegistry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY); - mProfileSub = (IProfileSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_PROFILE); + mProfileSub = (IProfileSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_PROFILE); } /** @@ -132,10 +128,12 @@ public class ProfileAdminServlet extends AdminServlet { if (ext_info instanceof IPolicyRule) { if (nvps.getPair(IPolicyRule.PROP_ENABLE) == null) { - nvps.add(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule"); + nvps.add(IPolicyRule.PROP_ENABLE, + "boolean;Enable this policy rule"); } if (nvps.getPair(PROP_PREDICATE) == null) { - nvps.add(PROP_PREDICATE, "string;Rules describing when this policy should run."); + nvps.add(PROP_PREDICATE, + "string;Rules describing when this policy should run."); } } } @@ -143,9 +141,8 @@ public class ProfileAdminServlet extends AdminServlet { /** * Serves HTTP admin request. */ - public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void service(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -153,7 +150,7 @@ public class ProfileAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.profile.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); - CMS.debug("ProfileAdminServlet: service scope: " + scope); + CMS.debug("ProfileAdminServlet: service scope: " + scope); if (scope.equals(ScopeDef.SC_PROFILE_RULES)) { processProfileRuleMgmt(req, resp); } else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) { @@ -176,33 +173,30 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp); } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return false; } return true; } public void processProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -222,8 +216,7 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -244,8 +237,7 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = super.getParameter(req, Constants.OP_SCOPE); @@ -266,8 +258,7 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -283,8 +274,7 @@ public class ProfileAdminServlet extends AdminServlet { } public void processProfileOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -300,8 +290,7 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -321,8 +310,7 @@ public class ProfileAdminServlet extends AdminServlet { } public void processPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -346,8 +334,7 @@ public class ProfileAdminServlet extends AdminServlet { * Process Policy Implementation Management. */ public void processPolicyImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -356,13 +343,11 @@ public class ProfileAdminServlet extends AdminServlet { return; listProfileImpls(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); } public void processProfileRuleMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); @@ -387,16 +372,14 @@ public class ProfileAdminServlet extends AdminServlet { return; modifyProfileInstance(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); } /** * Lists all registered profile impementations */ public void listProfileImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { Enumeration impls = mRegistry.getIds("profile"); NameValuePairs nvp = new NameValuePairs(); @@ -405,29 +388,30 @@ public class ProfileAdminServlet extends AdminServlet { String id = (String) impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo("profile", id); - nvp.add(id, info.getClassName() + "," + - info.getDescription(getLocale(req))); - } + nvp.add(id, + info.getClassName() + "," + + info.getDescription(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } /** * Add policy profile * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -452,10 +436,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -464,11 +446,9 @@ public class ProfileAdminServlet extends AdminServlet { } if (mProfileSub.isProfileEnable(profileId)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Profile is currently enabled"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Profile is currently enabled"), null, resp); return; } @@ -480,51 +460,42 @@ public class ProfileAdminServlet extends AdminServlet { try { if (!isValidId(setId)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid set id " + setId), - null, resp); - return; + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid set id " + setId), null, resp); + return; } if (!isValidId(pId)) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_CREATE_POLICY_FAILED", - "Invalid policy id " + pId), - null, resp); - return; + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", + "Invalid policy id " + pId), null, resp); + return; } - policy = profile.createProfilePolicy(setId, pId, - defImpl, conImpl); + policy = profile.createProfilePolicy(setId, pId, defImpl, + conImpl); } catch (EBaseException e1) { // error - CMS.debug("ProfileAdminServlet: addProfilePolicy " + - e1.toString()); + CMS.debug("ProfileAdminServlet: addProfilePolicy " + + e1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED", - e1.toString()), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_POLICY_FAILED", e1.toString()), + null, resp); return; } NameValuePairs nvp = new NameValuePairs(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -532,47 +503,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add profile input * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ - public void addProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void addProfileInput(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -595,10 +564,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -629,16 +596,13 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED", - e1.toString()), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_INPUT_FAILED", e1.toString()), + null, resp); return; } @@ -647,10 +611,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -658,47 +620,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add profile output * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -721,10 +681,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -749,23 +707,20 @@ public class ProfileAdminServlet extends AdminServlet { } try { - output = profile.createProfileOutput(outputId, outputImpl, - nvps); + output = profile + .createProfileOutput(outputId, outputImpl, nvps); } catch (EBaseException e1) { // error // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", - e1.toString()), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_CREATE_OUTPUT_FAILED", e1.toString()), + null, resp); return; } @@ -774,10 +729,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -785,47 +738,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete policy profile * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -857,10 +808,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -879,10 +828,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -894,10 +841,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -905,47 +850,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete profile input * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -968,8 +911,10 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("INPUTID")) inputId = req.getParameter(name); } - CMS.debug("ProfileAdminServlet: deleteProfileInput profileId -> " + profileId); - CMS.debug("ProfileAdminServlet: deleteProfileInput inputId -> " + inputId); + CMS.debug("ProfileAdminServlet: deleteProfileInput profileId -> " + + profileId); + CMS.debug("ProfileAdminServlet: deleteProfileInput inputId -> " + + inputId); IProfile profile = null; try { @@ -979,10 +924,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -996,10 +939,8 @@ public class ProfileAdminServlet extends AdminServlet { } catch (EBaseException e1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1011,10 +952,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1022,47 +961,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Delete profile output * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1085,8 +1022,10 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("OUTPUTID")) outputId = req.getParameter(name); } - CMS.debug("ProfileAdminServlet: deleteProfileOutput profileId -> " + profileId); - CMS.debug("ProfileAdminServlet: deleteProfileOutput outputId -> " + outputId); + CMS.debug("ProfileAdminServlet: deleteProfileOutput profileId -> " + + profileId); + CMS.debug("ProfileAdminServlet: deleteProfileOutput outputId -> " + + outputId); IProfile profile = null; try { @@ -1096,10 +1035,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1107,16 +1044,15 @@ public class ProfileAdminServlet extends AdminServlet { return; } - CMS.debug("ProfileAdminServlet: deleteProfileOutput profile -> " + profile); + CMS.debug("ProfileAdminServlet: deleteProfileOutput profile -> " + + profile); try { profile.deleteProfileOutput(outputId); } catch (EBaseException e1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1128,10 +1064,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1139,47 +1073,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add default policy profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1201,16 +1133,14 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1219,7 +1149,7 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + Enumeration names = req.getParameterNames(); while (names.hasMoreElements()) { @@ -1232,28 +1162,28 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name,req.getParameter(name)); + def.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) {} - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) { + } + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // defConfig.putString("params." + name, req.getParameter(name)); + // defConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1264,10 +1194,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1275,47 +1203,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Add policy constraints profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1337,16 +1263,14 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1369,28 +1293,28 @@ public class ProfileAdminServlet extends AdminServlet { continue; try { - con.setConfig(name,req.getParameter(name)); + con.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); - try { - profile.deleteProfilePolicy(setId, pId); - } catch (Exception e11) {} - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception."); + try { + profile.deleteProfilePolicy(setId, pId); + } catch (Exception e11) { + } + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // conConfig.putString("params." + name, req.getParameter(name)); + // conConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1402,10 +1326,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1413,47 +1335,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify default policy profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1475,16 +1395,14 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1492,7 +1410,7 @@ public class ProfileAdminServlet extends AdminServlet { IProfilePolicy policy = profile.getProfilePolicy(setId, pId); IPolicyDefault def = policy.getDefault(); IConfigStore defConfig = def.getConfigStore(); - + Enumeration names = req.getParameterNames(); while (names.hasMoreElements()) { @@ -1505,25 +1423,24 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; try { - def.setConfig(name,req.getParameter(name)); + def.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception."); + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - // defConfig.putString("params." + name, req.getParameter(name)); + // defConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1534,10 +1451,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1545,47 +1460,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile input configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1607,10 +1520,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1639,10 +1550,8 @@ public class ProfileAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1653,10 +1562,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1664,47 +1571,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile output configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1726,10 +1631,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1751,18 +1654,16 @@ public class ProfileAdminServlet extends AdminServlet { continue; if (name.equals("RS_ID")) continue; - outputConfig.putString("params." + name, - req.getParameter(name)); + outputConfig + .putString("params." + name, req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1773,10 +1674,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1784,47 +1683,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify policy constraints profile configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1846,16 +1743,14 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; - } + } StringTokenizer ss = new StringTokenizer(policyId, ":"); String setId = ss.nextToken(); @@ -1866,7 +1761,8 @@ public class ProfileAdminServlet extends AdminServlet { Enumeration names = req.getParameterNames(); - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + + policy + " con " + con); while (names.hasMoreElements()) { String name = (String) names.nextElement(); @@ -1877,27 +1773,27 @@ public class ProfileAdminServlet extends AdminServlet { if (name.equals("RS_ID")) continue; - // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name)); + // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + // + name + " val " + req.getParameter(name)); try { - con.setConfig(name,req.getParameter(name)); + con.setConfig(name, req.getParameter(name)); } catch (EPropertyException e) { - CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); - sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp); - return; + CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception."); + sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp); + return; } - //conConfig.putString("params." + name, req.getParameter(name)); + // conConfig.putString("params." + name, + // req.getParameter(name)); } try { profile.getConfigStore().commit(false); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1909,10 +1805,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1920,33 +1814,30 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } public void getPolicyDefaultConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -1958,9 +1849,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfilePolicy policy = null; @@ -1983,22 +1874,26 @@ public class ProfileAdminServlet extends AdminServlet { if (desc == null) { nvp.add(name, ";" + ";" + rule.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); + nvp.add(name, + desc.getSyntax() + ";" + ";" + + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + + rule.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); } public void getPolicyConstraintConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); - String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST); + String constraintsList = req + .getParameter(Constants.PR_CONSTRAINTS_LIST); // this one gets called when one of the elements in the default list get // selected, then it returns the list of supported constraintsPolicy if (constraintsList != null) { - + } StringTokenizer st = new StringTokenizer(id, ";"); @@ -2010,9 +1905,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } StringTokenizer ss = new StringTokenizer(policyId, ":"); @@ -2031,15 +1926,18 @@ public class ProfileAdminServlet extends AdminServlet { if (desc == null) { nvp.add(name, ";" + rule.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name)); + nvp.add(name, + desc.getSyntax() + ";" + + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + + rule.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); } public void getProfilePolicy(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); // only allow profile retrival if it is disabled @@ -2049,9 +1947,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfilePolicy() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2073,9 +1971,9 @@ public class ProfileAdminServlet extends AdminServlet { IPolicyConstraint con = policy.getConstraint(); IConfigStore conConfig = con.getConfigStore(); - nvp.add(setId + ":" + policy.getId(), - def.getName(getLocale(req)) + ";" + - con.getName(getLocale(req))); + nvp.add(setId + ":" + policy.getId(), + def.getName(getLocale(req)) + ";" + + con.getName(getLocale(req))); } } @@ -2083,17 +1981,16 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileOutput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileOutput() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileOutput() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2109,18 +2006,17 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, nvp, resp); } - public void getProfileInput(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void getProfileInput(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileInput() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileInput() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2136,10 +2032,9 @@ public class ProfileAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, nvp, resp); } - public void getInputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { - + public void getInputConfig(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); String profileId = st.nextToken(); @@ -2149,9 +2044,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getInputConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getInputConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfileInput profileInput = null; @@ -2162,24 +2057,24 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = (String) names.nextElement(); - IDescriptor desc = profileInput.getConfigDescriptor( - getLocale(req), name); + IDescriptor desc = profileInput.getConfigDescriptor(getLocale(req), + name); if (desc == null) { nvp.add(name, ";" + ";" + profileInput.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + - getNonNull(desc.getConstraint()) + ";" + - desc.getDescription(getLocale(req)) + ";" + - profileInput.getConfig(name)); + nvp.add(name, + desc.getSyntax() + ";" + + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + + profileInput.getConfig(name)); } } sendResponse(SUCCESS, null, nvp, resp); } - public void getOutputConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void getOutputConfig(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); StringTokenizer st = new StringTokenizer(id, ";"); @@ -2190,9 +2085,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(profileId); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getOutputConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getOutputConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } IProfileOutput profileOutput = null; @@ -2204,14 +2099,15 @@ public class ProfileAdminServlet extends AdminServlet { while (names.hasMoreElements()) { String name = (String) names.nextElement(); IDescriptor desc = profileOutput.getConfigDescriptor( - getLocale(req), name); + getLocale(req), name); if (desc == null) { nvp.add(name, ";" + ";" + profileOutput.getConfig(name)); } else { - nvp.add(name, desc.getSyntax() + ";" + - getNonNull(desc.getConstraint()) + ";" + - desc.getDescription(getLocale(req)) + ";" + - profileOutput.getConfig(name)); + nvp.add(name, + desc.getSyntax() + ";" + + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + + profileOutput.getConfig(name)); } } @@ -2219,8 +2115,7 @@ public class ProfileAdminServlet extends AdminServlet { } public void listProfileInstances(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { NameValuePairs nvp = new NameValuePairs(); Enumeration e = mProfileSub.getProfileIds(); @@ -2234,7 +2129,7 @@ public class ProfileAdminServlet extends AdminServlet { } catch (EBaseException e1) { // error } - + String status = null; if (mProfileSub.isProfileEnable(profileId)) { @@ -2250,8 +2145,7 @@ public class ProfileAdminServlet extends AdminServlet { } public void getProfileInstanceConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); IProfile profile = null; @@ -2259,9 +2153,9 @@ public class ProfileAdminServlet extends AdminServlet { try { profile = mProfileSub.getProfile(id); } catch (EBaseException e1) { - CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " + - "profile is null!" ); - throw new ServletException( e1.toString() ); + CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - " + + "profile is null!"); + throw new ServletException(e1.toString()); } NameValuePairs nvp = new NameValuePairs(); @@ -2269,8 +2163,7 @@ public class ProfileAdminServlet extends AdminServlet { nvp.add("name", profile.getName(getLocale(req))); nvp.add("desc", profile.getDescription(getLocale(req))); nvp.add("visible", Boolean.toString(profile.isVisible())); - nvp.add("enable", Boolean.toString( - mProfileSub.isProfileEnable(id))); + nvp.add("enable", Boolean.toString(mProfileSub.isProfileEnable(id))); String authid = profile.getAuthenticatorId(); @@ -2288,20 +2181,20 @@ public class ProfileAdminServlet extends AdminServlet { /** * Delete profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void deleteProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2314,10 +2207,8 @@ public class ProfileAdminServlet extends AdminServlet { if (id == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2327,51 +2218,47 @@ public class ProfileAdminServlet extends AdminServlet { String config = null; - ISubsystem subsystem = CMS.getSubsystem("ca"); + ISubsystem subsystem = CMS.getSubsystem("ca"); String subname = "ca"; - if (subsystem == null) - subname = "ra"; + if (subsystem == null) + subname = "ra"; try { - config = CMS.getConfigStore().getString("instanceRoot") + - "/profiles/" + subname + "/" + id + ".cfg"; + config = CMS.getConfigStore().getString("instanceRoot") + + "/profiles/" + subname + "/" + id + ".cfg"; } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); sendResponse(ERROR, null, null, resp); return; } - + try { mProfileSub.deleteProfile(id, config); } catch (EProfileException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), e.toString(), id), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), e.toString(), id), + null, resp); return; } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -2379,32 +2266,29 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } - public void - putUserPWPair(String combo) { + public void putUserPWPair(String combo) { int semicolon; semicolon = combo.indexOf(";"); @@ -2414,12 +2298,11 @@ public class ProfileAdminServlet extends AdminServlet { CMS.putPasswordCache(user, pw); } - public boolean isValidId(String id) - { + public boolean isValidId(String id) { for (int i = 0; i < id.length(); i++) { - char c = id.charAt(i); - if (!Character.isLetterOrDigit(c)) - return false; + char c = id.charAt(i); + if (!Character.isLetterOrDigit(c)) + return false; } return true; } @@ -2427,20 +2310,20 @@ public class ProfileAdminServlet extends AdminServlet { /** * Add profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void addProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2453,10 +2336,8 @@ public class ProfileAdminServlet extends AdminServlet { if (id == null || id.trim().equals("") || !isValidId(id)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2468,14 +2349,14 @@ public class ProfileAdminServlet extends AdminServlet { IProfile p = null; try { - p = mProfileSub.getProfile(id); + p = mProfileSub.getProfile(id); } catch (EProfileException e1) { } if (p != null) { sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp); return; } - + String impl = req.getParameter("impl"); String name = req.getParameter("name"); String desc = req.getParameter("desc"); @@ -2490,14 +2371,13 @@ public class ProfileAdminServlet extends AdminServlet { subname = "ra"; try { - config = CMS.getConfigStore().getString("instanceRoot") + "/profiles/" + subname + "/" + id + ".cfg"; + config = CMS.getConfigStore().getString("instanceRoot") + + "/profiles/" + subname + "/" + id + ".cfg"; } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2517,10 +2397,9 @@ public class ProfileAdminServlet extends AdminServlet { // create profile try { profile = mProfileSub.createProfile(id, impl, - info.getClassName(), - config); - profile.setName(getLocale(req), name); - profile.setDescription(getLocale(req), name); + info.getClassName(), config); + profile.setName(getLocale(req), name); + profile.setDescription(getLocale(req), name); if (visible != null && visible.equals("true")) { profile.setVisible(true); } else { @@ -2531,19 +2410,17 @@ public class ProfileAdminServlet extends AdminServlet { mProfileSub.createProfileConfig(id, impl, config); if (profile instanceof IProfileEx) { - // populates profile specific plugins such as - // policies, inputs and outputs - ((IProfileEx)profile).populate(); - } + // populates profile specific plugins such as + // policies, inputs and outputs + ((IProfileEx) profile).populate(); + } } catch (Exception e) { CMS.debug("ProfileAdminServlet: " + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2553,10 +2430,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -2564,47 +2439,45 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } /** * Modify profile instance * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when * configuring cert profile (general settings and cert profile; obsoletes * extensions and constraints policies) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred */ public void modifyProfileInstance(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2623,10 +2496,8 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2651,15 +2522,13 @@ public class ProfileAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); try { - profile.getConfigStore().commit(false); + profile.getConfigStore().commit(false); } catch (Exception e) { } @@ -2667,35 +2536,32 @@ public class ProfileAdminServlet extends AdminServlet { } catch (IOException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } } - protected String getNonNull(String s) { - if (s == null) - return ""; - return s; - } + protected String getNonNull(String s) { + if (s == null) + return ""; + return s; + } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java index 2842542e..32e610fa 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -68,12 +67,11 @@ import com.netscape.certsrv.publish.RulePlugin; import com.netscape.certsrv.security.ICryptoSubsystem; import com.netscape.cmsutil.password.IPasswordStore; - /** - * A class representing an publishing servlet for the - * Publishing subsystem. This servlet is responsible - * to serve configuration requests for the Publishing subsystem. - * + * A class representing an publishing servlet for the Publishing subsystem. This + * servlet is responsible to serve configuration requests for the Publishing + * subsystem. + * * @version $Revision$, $Date$ */ public class PublisherAdminServlet extends AdminServlet { @@ -85,8 +83,7 @@ public class PublisherAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "PublisherAdminServlet"; - private final static String PW_TAG_CA_LDAP_PUBLISHING = - "CA LDAP Publishing"; + private final static String PW_TAG_CA_LDAP_PUBLISHING = "CA LDAP Publishing"; public final static String NOMAPPER = "<NONE>"; private IPublisherProcessor mProcessor = null; private IAuthority mAuth = null; @@ -109,23 +106,25 @@ public class PublisherAdminServlet extends AdminServlet { mAuth = (IAuthority) CMS.getSubsystem(authority); if (mAuth != null) if (mAuth instanceof ICertificateAuthority) { - mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor(); - } else - throw new ServletException(authority + " does not have publishing processor!"); + mProcessor = ((ICertificateAuthority) mAuth) + .getPublisherProcessor(); + } else + throw new ServletException(authority + + " does not have publishing processor!"); } /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP admin request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); CMS.debug("PublisherAdminServlet: in service"); @@ -133,14 +132,13 @@ public class PublisherAdminServlet extends AdminServlet { String op = req.getParameter(Constants.OP_TYPE); if (op == null) { - //System.out.println("SRVLT_INVALID_PROTOCOL"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + // System.out.println("SRVLT_INVALID_PROTOCOL"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); return; } - // for the rest + // for the rest try { super.authenticate(req); @@ -149,8 +147,8 @@ public class PublisherAdminServlet extends AdminServlet { return; } } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); return; } try { @@ -159,9 +157,8 @@ public class PublisherAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -188,13 +185,12 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { getRuleInstConfig(req, resp); return; - } + } } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { @@ -213,21 +209,19 @@ public class PublisherAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_PROCESS)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) { testSetLDAPDest(req, resp); return; - } + } } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -242,7 +236,7 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) { listMapperInsts(req, resp); return; - } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { + } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { listRulePlugins(req, resp); return; } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { @@ -252,9 +246,8 @@ public class PublisherAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -275,13 +268,12 @@ public class PublisherAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_RULE_RULES)) { addRuleInst(req, resp, scope); return; - } + } } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) { @@ -304,31 +296,27 @@ public class PublisherAdminServlet extends AdminServlet { return; } } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp); return; } } else { - //System.out.println("SRVLT_INVALID_OP_SCOPE"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + // System.out.println("SRVLT_INVALID_OP_SCOPE"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } catch (EBaseException e) { sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; - } - //System.out.println("SRVLT_FAIL_PERFORM 2"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + } + // System.out.println("SRVLT_FAIL_PERFORM 2"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); return; } - private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor - p) { + private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor p) { Enumeration mappers = p.getMapperInsts().keys(); Enumeration publishers = p.getPublisherInsts().keys(); @@ -337,11 +325,11 @@ public class PublisherAdminServlet extends AdminServlet { for (; mappers.hasMoreElements();) { String name = (String) mappers.nextElement(); - if (map.length()== 0) { - map.append(name); + if (map.length() == 0) { + map.append(name); } else { - map.append(","); - map.append(name); + map.append(","); + map.append(name); } } StringBuffer publish = new StringBuffer(); @@ -355,16 +343,19 @@ public class PublisherAdminServlet extends AdminServlet { String epi[] = new String[] { "type;choice(cacert,crl,certs,xcert);The certType of the request", - "mapper;choice(" + map.toString() + ");Use the mapper to find the ldap dn to publish the certificate or crl", - "publisher;choice(" + publish.toString() + ");Use the publisher to publish the certificate or crl a directory etc", - "enable;boolean;", - "predicate;string;" - }; + "mapper;choice(" + + map.toString() + + ");Use the mapper to find the ldap dn to publish the certificate or crl", + "publisher;choice(" + + publish.toString() + + ");Use the publisher to publish the certificate or crl a directory etc", + "enable;boolean;", "predicate;string;" }; return new ExtendedPluginInfo(epi); } - private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { + private NameValuePairs getExtendedPluginInfo(Locale locale, + String implType, String implName) { IExtendedPluginInfo ext_info = null; Object impl = null; @@ -374,19 +365,20 @@ public class PublisherAdminServlet extends AdminServlet { // Should get the registered rules from processor // instead of plugin - // OLD: impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); + // OLD: impl = + // getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); impl = getExtendedPluginInfo(p_processor); } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) { IPublisherProcessor p_processor = mProcessor; - Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(implName - ); + Plugin plugin = (Plugin) p_processor.getMapperPlugins().get( + implName); impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); - } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER) - ) { + } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) { IPublisherProcessor p_processor = mProcessor; - Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(implName); + Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get( + implName); impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath()); } @@ -401,21 +393,22 @@ public class PublisherAdminServlet extends AdminServlet { if (ext_info == null) { nvps = new NameValuePairs(); } else { - nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale)); + nvps = convertStringArrayToNVPairs(ext_info + .getExtendedPluginInfo(locale)); } return nvps; } - /** - * retrieve extended plugin info such as brief description, type info - * from policy, authentication, - * need to add: listener, mapper and publishing plugins + /** + * retrieve extended plugin info such as brief description, type info from + * policy, authentication, need to add: listener, mapper and publishing + * plugins */ private void getExtendedPluginInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); int colon = id.indexOf(':'); @@ -423,19 +416,20 @@ public class PublisherAdminServlet extends AdminServlet { String implType = id.substring(0, colon); String implName = id.substring(colon + 1); - NameValuePairs params = - getExtendedPluginInfo(getLocale(req), implType, implName); + NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, + implName); sendResponse(SUCCESS, null, params, resp); } - - private void getLDAPDest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + + private void getLDAPDest(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mAuth.getConfigStore(); - IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); - IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); + IConfigStore publishcfg = config + .getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); + IConfigStore ldapcfg = publishcfg + .getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); Enumeration e = req.getParameterNames(); @@ -464,53 +458,63 @@ public class PublisherAdminServlet extends AdminServlet { if (name.equals(Constants.PR_PUBLISHING_QUEUE_STATUS)) continue; if (name.equals(Constants.PR_CERT_NAMES)) { - ICryptoSubsystem jss = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jss = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); params.add(name, jss.getAllCerts()); } else { String value = ldap.getString(name, ""); if (value == null || value.equals("")) { - if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + "." + ILdapConnInfo.PROP_HOST)) { - value = mConfig.getString(ConfigConstants.PR_MACHINE_NAME, null); - } else if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + "." + ILdapConnInfo.PROP_PORT)) { + if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + + "." + ILdapConnInfo.PROP_HOST)) { + value = mConfig.getString( + ConfigConstants.PR_MACHINE_NAME, null); + } else if (name + .equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + + "." + ILdapConnInfo.PROP_PORT)) { value = ILdapConnInfo.PROP_PORT_DEFAULT; - } else if (name.equals(ILdapBoundConnFactory.PROP_LDAPAUTHINFO + "." + ILdapAuthInfo.PROP_BINDDN)) { + } else if (name + .equals(ILdapBoundConnFactory.PROP_LDAPAUTHINFO + + "." + ILdapAuthInfo.PROP_BINDDN)) { value = ILdapAuthInfo.PROP_BINDDN_DEFAULT; } } params.add(name, value); } } - params.add(Constants.PR_PUBLISHING_ENABLE, - publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); - params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); - params.add(Constants.PR_PUBLISHING_QUEUE_THREADS, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); - params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); - params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); - params.add(Constants.PR_PUBLISHING_QUEUE_STATUS, - publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); - params.add(Constants.PR_ENABLE, - ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + params.add(Constants.PR_PUBLISHING_ENABLE, publishcfg.getString( + IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); + params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE, publishcfg.getString( + Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE)); + params.add(Constants.PR_PUBLISHING_QUEUE_THREADS, publishcfg.getString( + Constants.PR_PUBLISHING_QUEUE_THREADS, "3")); + params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, publishcfg + .getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40")); + params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY, publishcfg + .getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0")); + params.add(Constants.PR_PUBLISHING_QUEUE_STATUS, publishcfg.getString( + Constants.PR_PUBLISHING_QUEUE_STATUS, "200")); + params.add(Constants.PR_ENABLE, ldapcfg.getString( + IPublisherProcessor.PROP_ENABLE, Constants.FALSE)); sendResponse(SUCCESS, null, params, resp); } private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - //Save New Settings to the config file + // Save New Settings to the config file IConfigStore config = mAuth.getConfigStore(); - IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); - IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); + IConfigStore publishcfg = config + .getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); + IConfigStore ldapcfg = publishcfg + .getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); - //set enable flag - publishcfg.putString(IPublisherProcessor.PROP_ENABLE, req.getParameter(Constants.PR_PUBLISHING_ENABLE)); + // set enable flag + publishcfg.putString(IPublisherProcessor.PROP_ENABLE, + req.getParameter(Constants.PR_PUBLISHING_ENABLE)); String enable = req.getParameter(Constants.PR_ENABLE); ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, enable); @@ -518,8 +522,8 @@ public class PublisherAdminServlet extends AdminServlet { // need to disable the ldap module here mProcessor.setLdapConnModule(null); } - - //set reset of the parameters + + // set reset of the parameters Enumeration e = req.getParameterNames(); String pwd = null; @@ -536,9 +540,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -567,40 +571,37 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + commit(true); - /* Do a "PUT" of the new pw to the watchdog" - ** do not remove - cfu - if (pwd != null) - CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); + /* + * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu if + * (pwd != null) CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); */ // support publishing dirsrv with different pwd than internaldb // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+ prompt + " to password file"); + CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for " + + prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved"); -/* we'll shut down and restart the PublisherProcessor instead - // what a hack to do this without require restart server -// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); - ILdapConnModule connModule = mProcessor.getLdapConnModule(); - ILdapAuthInfo authInfo = null; - if (connModule != null) { - authInfo = connModule.getLdapAuthInfo(); - } - -// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); - if (authInfo != null) { - CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache"); - authInfo.addPassword(prompt, pwd); - } else - CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); -*/ + /* + * we'll shut down and restart the PublisherProcessor instead // what a + * hack to do this without require restart server // ILdapAuthInfo + * authInfo = CMS.getLdapAuthInfo(); ILdapConnModule connModule = + * mProcessor.getLdapConnModule(); ILdapAuthInfo authInfo = null; if + * (connModule != null) { authInfo = connModule.getLdapAuthInfo(); } + * + * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if (authInfo + * != null) { CMS.debug( + * "PublisherAdminServlet: setLDAPDest(): adding password to memory cache" + * ); authInfo.addPassword(prompt, pwd); } else + * CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null"); + */ try { CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor"); @@ -610,27 +611,32 @@ public class PublisherAdminServlet extends AdminServlet { } catch (Exception ex) { // force to save the config even there is error // ignore any exception - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP", + ex.toString())); } - //XXX See if we can dynamically in B2 + // XXX See if we can dynamically in B2 sendResponse(SUCCESS, null, null, resp); } - private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void testSetLDAPDest(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); CMS.debug("PublisherAdmineServlet: in testSetLDAPDest"); - //Save New Settings to the config file + // Save New Settings to the config file IConfigStore config = mAuth.getConfigStore(); - IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); - IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); + IConfigStore publishcfg = config + .getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE); + IConfigStore ldapcfg = publishcfg + .getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE); IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP); - //set enable flag - publishcfg.putString(IPublisherProcessor.PROP_ENABLE, - req.getParameter(Constants.PR_PUBLISHING_ENABLE)); + // set enable flag + publishcfg.putString(IPublisherProcessor.PROP_ENABLE, + req.getParameter(Constants.PR_PUBLISHING_ENABLE)); String ldapPublish = req.getParameter(Constants.PR_ENABLE); ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish); @@ -639,7 +645,7 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.setLdapConnModule(null); } - //set reset of the parameters + // set reset of the parameters Enumeration e = req.getParameterNames(); String pwd = null; @@ -656,9 +662,9 @@ public class PublisherAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_PUBLISHING_ENABLE)) continue; - // don't store password in the config file. - if (name.equals(Constants.PR_BIND_PASSWD)) - continue; // old style password read from config. + // don't store password in the config file. + if (name.equals(Constants.PR_BIND_PASSWD)) + continue; // old style password read from config. if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) { pwd = req.getParameter(name); continue; @@ -687,84 +693,112 @@ public class PublisherAdminServlet extends AdminServlet { /* Don't enter the publishing pw into the config store */ ldap.putString(name, req.getParameter(name)); } - + // test before commit - if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && - ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { - params.add("title", - "You've attempted to configure CMS to connect" + - " to a LDAP directory. The connection status is" + - " as follows:\n \n"); + if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) + && ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { + params.add("title", "You've attempted to configure CMS to connect" + + " to a LDAP directory. The connection status is" + + " as follows:\n \n"); LDAPConnection conn = null; - ILdapConnInfo connInfo = - CMS.getLdapConnInfo(ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPCONNINFO)); - //LdapAuthInfo authInfo = - //new LdapAuthInfo(ldap.getSubStore( - // ILdapBoundConnFactory.PROP_LDAPAUTHINFO)); - String host = connInfo.getHost(); + ILdapConnInfo connInfo = CMS.getLdapConnInfo(ldap + .getSubStore(ILdapBoundConnFactory.PROP_LDAPCONNINFO)); + // LdapAuthInfo authInfo = + // new LdapAuthInfo(ldap.getSubStore( + // ILdapBoundConnFactory.PROP_LDAPAUTHINFO)); + String host = connInfo.getHost(); int port = connInfo.getPort(); boolean secure = connInfo.getSecure(); - //int authType = authInfo.getAuthType(); + // int authType = authInfo.getAuthType(); String authType = ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_LDAPAUTHTYPE); + ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString( + ILdapAuthInfo.PROP_LDAPAUTHTYPE); int version = connInfo.getVersion(); String bindAs = null; String certNickName = null; if (authType.equals(ILdapAuthInfo.LDAP_SSLCLIENTAUTH_STR)) { try { - //certNickName = authInfo.getParms()[0]; + // certNickName = authInfo.getParms()[0]; certNickName = ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory( - certNickName)); + ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString( + ILdapAuthInfo.PROP_CLIENTCERTNICKNAME); + conn = new LDAPConnection( + CMS.getLdapJssSSLSocketFactory(certNickName)); CMS.debug("Publishing Test certNickName=" + certNickName); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection with certificate: " + + certNickName + + dashes(70 - 44 - certNickName.length()) + + " Success"); } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create ssl LDAPConnection with certificate: " + - certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex); - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create ssl LDAPConnection with certificate: " + + certNickName + + dashes(70 - 44 - certNickName.length()) + + " failure\n" + " exception: " + ex); + params.add( + Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add(Constants.PR_CONN_OK, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); - params.add(Constants.PR_AUTH_OK, - "Authentication: SSL client authentication" + - dashes(70 - 41) + " Success" + - "\nBind to the directory as: " + certNickName + - dashes(70 - 26 - certNickName.length()) + " Success"); + params.add( + Constants.PR_CONN_OK, + "Connect to directory server " + + host + + " at port " + + port + + dashes(70 + - 37 + - host.length() + - (Integer.valueOf(port)) + .toString().length()) + + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: SSL client authentication" + + dashes(70 - 41) + " Success" + + "\nBind to the directory as: " + + certNickName + + dashes(70 - 26 - certNickName.length()) + + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + - " Failure\n" + - " error: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + + " at port " + + port + + dashes(70 + - 37 + - host.length() + - (Integer.valueOf(port)) + .toString().length()) + + " Failure\n" + + " error: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + - " Failure"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + + " at port " + + port + + dashes(70 + - 37 + - host.length() + - (Integer.valueOf(port)) + .toString().length()) + + " Failure"); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add( + Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -772,100 +806,133 @@ public class PublisherAdminServlet extends AdminServlet { try { if (secure) { conn = new LDAPConnection( - CMS.getLdapJssSSLSocketFactory()); - params.add(Constants.PR_CONN_INITED, - "Create ssl LDAPConnection" + - dashes(70 - 25) + " Success"); + CMS.getLdapJssSSLSocketFactory()); + params.add(Constants.PR_CONN_INITED, + "Create ssl LDAPConnection" + dashes(70 - 25) + + " Success"); } else { conn = new LDAPConnection(); - params.add(Constants.PR_CONN_INITED, - "Create LDAPConnection" + - dashes(70 - 21) + " Success"); + params.add(Constants.PR_CONN_INITED, + "Create LDAPConnection" + dashes(70 - 21) + + " Success"); } } catch (Exception ex) { - params.add(Constants.PR_CONN_INIT_FAIL, - "Create LDAPConnection" + - dashes(70 - 21) + " Failure\n" + - "exception: " + ex); - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add(Constants.PR_CONN_INIT_FAIL, + "Create LDAPConnection" + dashes(70 - 21) + + " Failure\n" + "exception: " + ex); + params.add( + Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { conn.connect(host, port); - params.add(Constants.PR_CONN_OK, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success"); + params.add( + Constants.PR_CONN_OK, + "Connect to directory server " + + host + + " at port " + + port + + dashes(70 + - 37 + - host.length() + - (Integer.valueOf(port)) + .toString().length()) + + " Success"); } catch (LDAPException ex) { if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) { // need to intercept this because message from LDAP is // "DSA is unavailable" which confuses with DSA PKI. - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + - "\nerror: server unavailable"); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + + " at port " + + port + + dashes(70 + - 37 + - host.length() + - (Integer.valueOf(port)) + .toString().length()) + + " Failure" + + "\nerror: server unavailable"); } else { - params.add(Constants.PR_CONN_FAIL, - "Connect to directory server " + - host + " at port " + port + - dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" + - "\nexception: " + ex); + params.add(Constants.PR_CONN_FAIL, + "Connect to directory server " + + host + + " at port " + + port + + dashes(70 + - 37 + - host.length() + - (Integer.valueOf(port)) + .toString().length()) + + " Failure" + "\nexception: " + ex); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add( + Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } try { - //bindAs = authInfo.getParms()[0]; + // bindAs = authInfo.getParms()[0]; bindAs = ldap.getSubStore( - ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN); + ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString( + ILdapAuthInfo.PROP_BINDDN); conn.authenticate(version, bindAs, pwd); - params.add(Constants.PR_AUTH_OK, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Success" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + " Success"); + params.add(Constants.PR_AUTH_OK, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Success" + + "\nBind to the directory as: " + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Success"); } catch (LDAPException ex) { - if (ex.getLDAPResultCode() == - LDAPException.NO_SUCH_OBJECT) { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + "Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - "Failure" + "\nThe object doesn't exist. " + - "Please correct the value assigned in the" + - " \"Directory manager DN\" field."); - } else if (ex.getLDAPResultCode() == - LDAPException.INVALID_CREDENTIALS) { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - " Failure" + "\nInvalid password. " + - "Please correct the value assigned in the" + - " \"Password\" field."); + if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) { + params.add( + Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + + "Failure" + + "\nBind to the directory as: " + + bindAs + + dashes(70 - 26 - bindAs.length()) + + "Failure" + + "\nThe object doesn't exist. " + + "Please correct the value assigned in the" + + " \"Directory manager DN\" field."); + } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) { + params.add( + Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + + " Failure" + + "\nBind to the directory as: " + + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure" + + "\nInvalid password. " + + "Please correct the value assigned in the" + + " \"Password\" field."); } else { - params.add(Constants.PR_AUTH_FAIL, - "Authentication: Basic authentication" + - dashes(70 - 36) + " Failure" + - "\nBind to the directory as: " + bindAs + - dashes(70 - 26 - bindAs.length()) + - " Failure"); + params.add( + Constants.PR_AUTH_FAIL, + "Authentication: Basic authentication" + + dashes(70 - 36) + " Failure" + + "\nBind to the directory as: " + + bindAs + + dashes(70 - 26 - bindAs.length()) + + " Failure"); } - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "LDAP publishing will fail.\n" + - "Do you want to save the configuration anyway?"); + params.add( + Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "LDAP publishing will fail.\n" + + "Do you want to save the configuration anyway?"); sendResponse(SUCCESS, null, params, resp); return; } @@ -873,82 +940,83 @@ public class PublisherAdminServlet extends AdminServlet { } - //commit(true); - if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && - pwd != null) { + // commit(true); + if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && pwd != null) { - /* Do a "PUT" of the new pw to the watchdog" - ** do not remove - cfu - CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); + /* + * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu + * CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); */ // support publishing dirsrv with different pwd than internaldb // update passwordFile String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); IPasswordStore pwdStore = CMS.getPasswordStore(); - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+ - prompt + " to password file"); + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for " + + prompt + " to password file"); pwdStore.putPassword(prompt, pwd); pwdStore.commit(); CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved"); -/* we'll shut down and restart the PublisherProcessor instead - // what a hack to do this without require restart server -// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); - ILdapConnModule connModule = mProcessor.getLdapConnModule(); - ILdapAuthInfo authInfo = null; - if (connModule != null) { - authInfo = connModule.getLdapAuthInfo(); - } else - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null"); - -// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); - if (authInfo != null) { - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache"); - authInfo.addPassword(prompt, pwd); - } else - CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null"); -*/ + /* + * we'll shut down and restart the PublisherProcessor instead // + * what a hack to do this without require restart server // + * ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); ILdapConnModule + * connModule = mProcessor.getLdapConnModule(); ILdapAuthInfo + * authInfo = null; if (connModule != null) { authInfo = + * connModule.getLdapAuthInfo(); } else + * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null" + * ); + * + * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if + * (authInfo != null) { CMS.debug( + * "PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache" + * ); authInfo.addPassword(prompt, pwd); } else + * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null" + * ); + */ } - //params.add(Constants.PR_SAVE_OK, - // "\n \nConfiguration changes are now committed."); + // params.add(Constants.PR_SAVE_OK, + // "\n \nConfiguration changes are now committed."); mProcessor.shutdown(); if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { mProcessor.startup(); - //params.add("restarted", "Publishing is restarted."); + // params.add("restarted", "Publishing is restarted."); if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) { - ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority(); + ICertAuthority authority = (ICertAuthority) mProcessor + .getAuthority(); - if (!(authority instanceof ICertificateAuthority)) + if (!(authority instanceof ICertificateAuthority)) return; ICertificateAuthority ca = (ICertificateAuthority) authority; // publish ca cert try { mProcessor.publishCACert(ca.getCACert()); - CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT")); - params.add("publishCA", - "CA certificate is published."); + CMS.debug("PublisherAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT")); + params.add("publishCA", "CA certificate is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString())); - params.add("publishCA", - "Failed to publish CA certificate."); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", + ex.toString())); + params.add("publishCA", "Failed to publish CA certificate."); int index = ex.toString().indexOf("Failed to create CA"); if (index > -1) { - params.add("createError", - ex.toString().substring(index)); + params.add("createError", ex.toString() + .substring(index)); } mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "the CA certificate won't be published.\n" + - "Do you want to enable LDAP publishing anyway?"); + params.add( + Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CA certificate won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; @@ -958,65 +1026,65 @@ public class PublisherAdminServlet extends AdminServlet { CMS.debug("PublisherAdminServlet: about to update CRL"); ca.publishCRLNow(); CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL")); - params.add("publishCRL", - "CRL is published."); + params.add("publishCRL", "CRL is published."); } catch (Exception ex) { // exception not thrown - not seen as a fatal error. - log(ILogger.LL_FAILURE, - "Could not publish crl " + ex.toString()); - params.add("publishCRL", - "Failed to publish CRL."); + log(ILogger.LL_FAILURE, + "Could not publish crl " + ex.toString()); + params.add("publishCRL", "Failed to publish CRL."); mProcessor.shutdown(); // Do you want to enable LDAP publishing anyway - params.add(Constants.PR_SAVE_NOT, - "\n \nIf the problem is not fixed then " + - "the CRL won't be published.\n" + - "Do you want to enable LDAP publishing anyway?"); + params.add( + Constants.PR_SAVE_NOT, + "\n \nIf the problem is not fixed then " + + "the CRL won't be published.\n" + + "Do you want to enable LDAP publishing anyway?"); sendResponse(SUCCESS, null, params, resp); return; } } commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); params.add("restarted", "Publishing is restarted."); } else { commit(true); - params.add(Constants.PR_SAVE_OK, - "\n \nConfiguration changes are now committed."); - params.add("stopped", - "Publishing is stopped."); + params.add(Constants.PR_SAVE_OK, + "\n \nConfiguration changes are now committed."); + params.add("stopped", "Publishing is stopped."); } - //XXX See if we can dynamically in B2 + // XXX See if we can dynamically in B2 sendResponse(SUCCESS, null, params, resp); } - private synchronized void addMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // is the manager id unique? if (mProcessor.getMapperPlugins().containsKey((Object) id)) { - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_MAPPER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } @@ -1031,21 +1099,25 @@ public class PublisherAdminServlet extends AdminServlet { try { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } catch (IllegalArgumentException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } // is the class an ILdapMapper? try { if (ILdapMapper.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } @@ -1057,10 +1129,9 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -1068,8 +1139,8 @@ public class PublisherAdminServlet extends AdminServlet { MapperPlugin plugin = new MapperPlugin(id, classPath); mProcessor.getMapperPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", "")); NameValuePairs params = new NameValuePairs(); @@ -1087,54 +1158,54 @@ public class PublisherAdminServlet extends AdminServlet { return true; } - private synchronized void addMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp); return; } if (mProcessor.getMapperInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); return; } // get required parameters - String implname = req.getParameter( - Constants.PR_MAPPER_IMPL_NAME); + String implname = req.getParameter(Constants.PR_MAPPER_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // check if implementation exists. - MapperPlugin plugin = - (MapperPlugin) mProcessor.getMapperPlugins().get( + MapperPlugin plugin = (MapperPlugin) mProcessor.getMapperPlugins().get( implname); if (plugin == null) { - sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + sendResponse( + ERROR, + new EMapperPluginNotFound(CMS.getUserMessage( + getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", + implname)).toString(), null, resp); return; } Vector configParams = mProcessor.getMapperDefaultParams(implname); - IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + ".publish.mapper"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); @@ -1145,11 +1216,10 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), val); } } } @@ -1164,21 +1234,27 @@ public class PublisherAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1202,47 +1278,44 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // inited and commited ok. now add mapper instance to list. mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_MAPPER_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listMapperPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listMapperPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getMapperPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - MapperPlugin value = (MapperPlugin) - mProcessor.getMapperPlugins().get(name); + MapperPlugin value = (MapperPlugin) mProcessor.getMapperPlugins() + .get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { - ILdapMapper lp = (ILdapMapper) - Class.forName(c).newInstance(); + ILdapMapper lp = (ILdapMapper) Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { - sendResponse(ERROR, exp.toString(), null, - resp); + sendResponse(ERROR, exp.toString(), null, resp); return; } params.add(name, value.getClassPath() + "," + desc); @@ -1261,9 +1334,9 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listMapperInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listMapperInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getMapperInsts().keys(); @@ -1278,40 +1351,39 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does a`mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { - sendResponse(ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EMapperNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null, + resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. - ILdapMapper mapperInst = (ILdapMapper) - mProcessor.getMapperInstance(id); + // being used. + ILdapMapper mapperInst = (ILdapMapper) mProcessor.getMapperInstance(id); mProcessor.getMapperInsts().remove((Object) id); // remove the configuration. - IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.mapper"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -1319,85 +1391,82 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delMapperPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delMapperPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } if (mProcessor.getMapperPlugins().containsKey(id) == false) { - sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EMapperPluginNotFound(CMS.getUserMessage( + getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", + id)).toString(), null, resp); return; } // first check if any instances from this mapper // DON'T remove mapper if any instance - for (Enumeration e = mProcessor.getMapperInsts().keys(); - e.hasMoreElements();) { + for (Enumeration e = mProcessor.getMapperInsts().keys(); e + .hasMoreElements();) { String name = (String) e.nextElement(); ILdapMapper mapper = mProcessor.getMapperInstance(name); if (id.equals(getMapperPluginName(mapper))) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this mapper mProcessor.getMapperPlugins().remove((Object) id); - IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.mapper"); - IConfigStore instancesConfig = - destStore.getSubStore("impl"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.mapper"); + IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); // commiting try { mConfig.commit(true); } catch (EBaseException e) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getMapperConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getMapperConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1411,50 +1480,48 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getMapperInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void getMapperInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does mapper instance exist? if (mProcessor.getMapperInsts().containsKey(id) == false) { - sendResponse(ERROR, - new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EMapperNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null, + resp); return; } - ILdapMapper mapperInst = (ILdapMapper) - mProcessor.getMapperInstance(id); + ILdapMapper mapperInst = (ILdapMapper) mProcessor.getMapperInstance(id); Vector configParams = mapperInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_MAPPER_IMPL_NAME, - getMapperPluginName(mapperInst)); + params.add(Constants.PR_MAPPER_IMPL_NAME, + getMapperPluginName(mapperInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } @@ -1462,24 +1529,23 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modMapperInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modMapperInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // Does the manager instance exist? if (!mProcessor.getMapperInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); return; } @@ -1487,24 +1553,26 @@ public class PublisherAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_MAPPER_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // get plugin for implementation - MapperPlugin plugin = - (MapperPlugin) mProcessor.getMapperPlugins().get(implname); + MapperPlugin plugin = (MapperPlugin) mProcessor.getMapperPlugins().get( + implname); if (plugin == null) { - sendResponse(ERROR, - new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + sendResponse( + ERROR, + new EMapperPluginNotFound(CMS.getUserMessage( + getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", + implname)).toString(), null, resp); return; } // save old instance substore params in case new one fails. - ILdapMapper oldinst = - (ILdapMapper) mProcessor.getMapperInstance(id); + ILdapMapper oldinst = (ILdapMapper) mProcessor.getMapperInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -1515,8 +1583,7 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) oldConfigParms.elementAt(i); int index = kv.indexOf('='); - saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + saveParams.add(kv.substring(0, index), kv.substring(index + 1)); } } @@ -1524,9 +1591,8 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + - ".publish.mapper"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.mapper"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -1557,26 +1623,31 @@ public class PublisherAdminServlet extends AdminServlet { ILdapMapper newMgrInst = null; try { - newMgrInst = (ILdapMapper) - Class.forName(className).newInstance(); + newMgrInst = (ILdapMapper) Class.forName(className).newInstance(); } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } // initialize the mapper @@ -1586,26 +1657,23 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // don't commit in this case and cleanup the new substore. restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(getLocale(req)), null, - resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; } catch (Throwable e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, e.toString(), null, - resp); + sendResponse(ERROR, e.toString(), null, resp); return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -1614,45 +1682,46 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst)); mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); + CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // is the rule id unique? if (mProcessor.getRulePlugins().containsKey((Object) id)) { - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage( + "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)) + .toString(getLocale(req)), null, resp); return; } String classPath = req.getParameter(Constants.PR_RULE_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage("CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage("CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } IConfigStore destStore = null; - destStore = mConfig.getSubStore( - mAuth.getId() + ".publish.rule"); + destStore = mConfig.getSubStore(mAuth.getId() + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("impl"); // Does the class exist? @@ -1661,21 +1730,25 @@ public class PublisherAdminServlet extends AdminServlet { try { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } catch (IllegalArgumentException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } // is the class an ILdapRule? try { if (ILdapRule.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } @@ -1687,10 +1760,9 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -1698,8 +1770,8 @@ public class PublisherAdminServlet extends AdminServlet { RulePlugin plugin = new RulePlugin(id, classPath); mProcessor.getRulePlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -1707,57 +1779,55 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp); return; } if (mProcessor.getRuleInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); return; } // get required parameters - String implname = req.getParameter( - Constants.PR_RULE_IMPL_NAME); + String implname = req.getParameter(Constants.PR_RULE_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // check if implementation exists. - RulePlugin plugin = - (RulePlugin) mProcessor.getRulePlugins().get( + RulePlugin plugin = (RulePlugin) mProcessor.getRulePlugins().get( implname); if (plugin == null) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage( + getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)) + .toString(), null, resp); return; } Vector configParams = mProcessor.getRuleDefaultParams(implname); - IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + ".publish.rule"); - IConfigStore instancesConfig = - destStore.getSubStore("instance"); + IConfigStore instancesConfig = destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); if (configParams != null) { @@ -1767,13 +1837,12 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(kv.substring(0, index)); if (val == null) { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), val); } } } @@ -1788,21 +1857,27 @@ public class PublisherAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -1827,41 +1902,39 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // inited and commited ok. now add manager instance to list. mProcessor.getRuleInsts().put(id, ruleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_RULE_IMPL_NAME, implname); sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void listRulePlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listRulePlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getRulePlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - RulePlugin value = (RulePlugin) - mProcessor.getRulePlugins().get(name); + RulePlugin value = (RulePlugin) mProcessor.getRulePlugins().get( + name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { - ILdapRule lp = (ILdapRule) - Class.forName(c).newInstance(); + ILdapRule lp = (ILdapRule) Class.forName(c).newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -1872,17 +1945,17 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listRuleInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listRuleInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); String insts = null; Enumeration e = mProcessor.getRuleInsts().keys(); for (; e.hasMoreElements();) { String name = (String) e.nextElement(); - ILdapRule value = (ILdapRule) - mProcessor.getRuleInsts().get((Object) name); + ILdapRule value = (ILdapRule) mProcessor.getRuleInsts().get( + (Object) name); String enabled = value.enabled() ? "enabled" : "disabled"; params.add(name, value.getInstanceName() + ";visible;" + enabled); @@ -1901,47 +1974,46 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void delRulePlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delRulePlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does rule exist? if (mProcessor.getRulePlugins().containsKey(id) == false) { - sendResponse(ERROR, - new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(), + null, resp); return; } // first check if any instances from this rule // DON'T remove rule if any instance - for (Enumeration e = mProcessor.getRuleInsts().elements(); - e.hasMoreElements();) { - ILdapRule rule = (ILdapRule) - e.nextElement(); + for (Enumeration e = mProcessor.getRuleInsts().elements(); e + .hasMoreElements();) { + ILdapRule rule = (ILdapRule) e.nextElement(); if (id.equals(getRulePluginName(rule))) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this rule mProcessor.getRulePlugins().remove((Object) id); - IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".rule"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + ".rule"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -1949,27 +2021,25 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void delRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void delRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1977,24 +2047,24 @@ public class PublisherAdminServlet extends AdminServlet { // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { - sendResponse(ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new ERuleNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), null, + resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. - ILdapRule ruleInst = (ILdapRule) - mProcessor.getRuleInsts().get(id); + // being used. + ILdapRule ruleInst = (ILdapRule) mProcessor.getRuleInsts().get(id); mProcessor.getRuleInsts().remove((Object) id); // remove the configuration. - IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.rule"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2002,26 +2072,24 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } sendResponse(SUCCESS, null, params, resp); return; - } + } - private synchronized void getRuleConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getRuleConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -2035,50 +2103,47 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } sendResponse(0, null, params, resp); return; } - private synchronized void getRuleInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void getRuleInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does rule instance exist? if (mProcessor.getRuleInsts().containsKey(id) == false) { - sendResponse(ERROR, - new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new ERuleNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), null, + resp); return; } - ILdapRule ruleInst = (ILdapRule) - mProcessor.getRuleInsts().get(id); + ILdapRule ruleInst = (ILdapRule) mProcessor.getRuleInsts().get(id); Vector configParams = ruleInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_RULE_IMPL_NAME, - getRulePluginName(ruleInst)); + params.add(Constants.PR_RULE_IMPL_NAME, getRulePluginName(ruleInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } @@ -2086,23 +2151,22 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void modRuleInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modRuleInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // Does the manager instance exist? if (!mProcessor.getRuleInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); return; } @@ -2110,26 +2174,26 @@ public class PublisherAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_RULE_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } - // get plugin for implementation - RulePlugin plugin = - (RulePlugin) mProcessor.getRulePlugins().get(implname); + // get plugin for implementation + RulePlugin plugin = (RulePlugin) mProcessor.getRulePlugins().get( + implname); if (plugin == null) { sendResponse(ERROR, - //new ERulePluginNotFound(implname).toString(getLocale(req)), - "", - null, resp); + // new ERulePluginNotFound(implname).toString(getLocale(req)), + "", null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. - ILdapRule oldinst = - (ILdapRule) mProcessor.getRuleInsts().get((Object) id); + ILdapRule oldinst = (ILdapRule) mProcessor.getRuleInsts().get( + (Object) id); Vector oldConfigParms = oldinst.getInstanceParams(); NameValuePairs saveParams = new NameValuePairs(); @@ -2140,8 +2204,7 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) oldConfigParms.elementAt(i); int index = kv.indexOf('='); - saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + saveParams.add(kv.substring(0, index), kv.substring(index + 1)); } } @@ -2149,9 +2212,8 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = - mConfig.getSubStore( - mAuth.getId() + ".publish.rule"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.rule"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // create new substore. @@ -2171,8 +2233,7 @@ public class PublisherAdminServlet extends AdminServlet { String val = req.getParameter(key); if (val == null) { - substore.put(key, - kv.substring(index + 1)); + substore.put(key, kv.substring(index + 1)); } else { if (val.equals(NOMAPPER)) val = ""; @@ -2191,21 +2252,27 @@ public class PublisherAdminServlet extends AdminServlet { } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2224,16 +2291,15 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -2241,47 +2307,48 @@ public class PublisherAdminServlet extends AdminServlet { mProcessor.getRuleInsts().put(id, newRuleInst); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id)); NameValuePairs params = new NameValuePairs(); sendResponse(SUCCESS, null, params, resp); return; } - private synchronized void addPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // is the manager id unique? if (mProcessor.getPublisherPlugins().containsKey((Object) id)) { - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(), + null, resp); return; } String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS); if (classPath == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp); return; } IConfigStore destStore = null; - destStore = mConfig.getSubStore( - mAuth.getId() + ".publish.publisher"); + destStore = mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("impl"); // Does the class exist? @@ -2290,21 +2357,25 @@ public class PublisherAdminServlet extends AdminServlet { try { newImpl = Class.forName(classPath); } catch (ClassNotFoundException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } catch (IllegalArgumentException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_NO_CLASS"), null, resp); return; } // is the class an ILdapPublisher? try { if (ILdapPublisher.class.isAssignableFrom(newImpl) == false) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } } catch (NullPointerException e) { // unlikely, only if newImpl null. - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp); return; } @@ -2316,10 +2387,9 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -2327,8 +2397,8 @@ public class PublisherAdminServlet extends AdminServlet { PublisherPlugin plugin = new PublisherPlugin(id, classPath); mProcessor.getPublisherPlugins().put(id, plugin); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2336,56 +2406,56 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void addPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void addPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } if (!isValidID(id)) { - sendResponse(ERROR, "Invalid ID '" + id + "'", - null, resp); + sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp); return; } if (mProcessor.getPublisherInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); return; } // get required parameters - String implname = req.getParameter( - Constants.PR_PUBLISHER_IMPL_NAME); + String implname = req.getParameter(Constants.PR_PUBLISHER_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } // check if implementation exists. - PublisherPlugin plugin = - (PublisherPlugin) mProcessor.getPublisherPlugins().get( - implname); + PublisherPlugin plugin = (PublisherPlugin) mProcessor + .getPublisherPlugins().get(implname); if (plugin == null) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage( + getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)) + .toString(), null, resp); return; } Vector configParams = mProcessor.getPublisherDefaultParams(implname); - IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); IConfigStore substore = instancesConfig.makeSubStore(id); @@ -2404,15 +2474,14 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { substore.put(kv, ""); } else { - substore.put(kv.substring(0, index), - kv.substring(index + 1)); + substore.put(kv.substring(0, index), + kv.substring(index + 1)); } } else { if (index == -1) { substore.put(kv, val); } else { - substore.put(kv.substring(0, index), - val); + substore.put(kv.substring(0, index), val); } } } @@ -2424,25 +2493,32 @@ public class PublisherAdminServlet extends AdminServlet { ILdapPublisher publisherInst = null; try { - publisherInst = (ILdapPublisher) Class.forName(className).newInstance(); + publisherInst = (ILdapPublisher) Class.forName(className) + .newInstance(); } catch (ClassNotFoundException e) { // cleanup instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { instancesConfig.removeSubStore(id); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2466,17 +2542,17 @@ public class PublisherAdminServlet extends AdminServlet { } catch (EBaseException e) { // clean up. instancesConfig.removeSubStore(id); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // inited and commited ok. now add manager instance to list. - mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst)); + mProcessor.getPublisherInsts().put(id, + new PublisherProxy(true, publisherInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id)); NameValuePairs params = new NameValuePairs(); @@ -2485,24 +2561,24 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void listPublisherPlugins(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listPublisherPlugins(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = mProcessor.getPublisherPlugins().keys(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); - PublisherPlugin value = (PublisherPlugin) - mProcessor.getPublisherPlugins().get(name); + PublisherPlugin value = (PublisherPlugin) mProcessor + .getPublisherPlugins().get(name); // get Description - String c = value.getClassPath(); + String c = value.getClassPath(); String desc = "unknown"; try { - ILdapPublisher lp = (ILdapPublisher) - Class.forName(c).newInstance(); + ILdapPublisher lp = (ILdapPublisher) Class.forName(c) + .newInstance(); desc = lp.getDescription(); } catch (Exception exp) { @@ -2523,9 +2599,9 @@ public class PublisherAdminServlet extends AdminServlet { } } - private synchronized void listPublisherInsts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listPublisherInsts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); String insts = null; @@ -2543,48 +2619,50 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherPlugin(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherPlugin(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does publisher exist? if (mProcessor.getPublisherPlugins().containsKey(id) == false) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage( + getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)) + .toString(), null, resp); return; } // first check if any instances from this publisher // DON'T remove publisher if any instance - for (Enumeration e = mProcessor.getPublisherInsts().keys(); - e.hasMoreElements();) { + for (Enumeration e = mProcessor.getPublisherInsts().keys(); e + .hasMoreElements();) { String name = (String) e.nextElement(); - ILdapPublisher publisher = - mProcessor.getPublisherInstance(name); + ILdapPublisher publisher = mProcessor.getPublisherInstance(name); if (id.equals(getPublisherPluginName(publisher))) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_IN_USE"), null, resp); return; } } - + // then delete this publisher mProcessor.getPublisherPlugins().remove((Object) id); - IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("impl"); instancesConfig.removeSubStore(id); @@ -2592,9 +2670,8 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } @@ -2602,18 +2679,17 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void delPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) throws ServletException, + private synchronized void delPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -2621,22 +2697,24 @@ public class PublisherAdminServlet extends AdminServlet { // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { - sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } // only remove from memory // cannot shutdown because we don't keep track of whether it's - // being used. + // being used. ILdapPublisher publisherInst = mProcessor.getPublisherInstance(id); mProcessor.getPublisherInsts().remove((Object) id); // remove the configuration. - IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); instancesConfig.removeSubStore(id); @@ -2644,10 +2722,9 @@ public class PublisherAdminServlet extends AdminServlet { try { mConfig.commit(true); } catch (EBaseException e) { - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } sendResponse(SUCCESS, null, params, resp); @@ -2655,25 +2732,23 @@ public class PublisherAdminServlet extends AdminServlet { } /** - * used for getting the required configuration parameters (with - * possible default values) for a particular plugin - * implementation name specified in the RS_ID. Actually, there is - * no logic in here to set any default value here...there's no - * default value for any parameter in this publishing subsystem - * at this point. Later, if we do have one (or some), it can be - * added. The interface remains the same. + * used for getting the required configuration parameters (with possible + * default values) for a particular plugin implementation name specified in + * the RS_ID. Actually, there is no logic in here to set any default value + * here...there's no default value for any parameter in this publishing + * subsystem at this point. Later, if we do have one (or some), it can be + * added. The interface remains the same. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String implname = req.getParameter(Constants.RS_ID); if (implname == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -2690,8 +2765,7 @@ public class PublisherAdminServlet extends AdminServlet { if (index == -1) { params.add(kv, ""); } else { - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } } @@ -2699,43 +2773,43 @@ public class PublisherAdminServlet extends AdminServlet { return; } - private synchronized void getInstConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void getInstConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // does publisher instance exist? if (mProcessor.getPublisherInsts().containsKey(id) == false) { - sendResponse(ERROR, - new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), - null, resp); + sendResponse( + ERROR, + new EPublisherNotFound(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(), + null, resp); return; } - ILdapPublisher publisherInst = (ILdapPublisher) - mProcessor.getPublisherInstance(id); + ILdapPublisher publisherInst = (ILdapPublisher) mProcessor + .getPublisherInstance(id); Vector configParams = publisherInst.getInstanceParams(); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_PUBLISHER_IMPL_NAME, - getPublisherPluginName(publisherInst)); + params.add(Constants.PR_PUBLISHER_IMPL_NAME, + getPublisherPluginName(publisherInst)); // implName is always required so always send it. if (configParams != null) { for (int i = 0; i < configParams.size(); i++) { String kv = (String) configParams.elementAt(i); int index = kv.indexOf('='); - params.add(kv.substring(0, index), - kv.substring(index + 1)); + params.add(kv.substring(0, index), kv.substring(index + 1)); } } @@ -2744,33 +2818,30 @@ public class PublisherAdminServlet extends AdminServlet { } /** - * Modify publisher instance. - * This will actually create a new instance with new configuration - * parameters and replace the old instance, if the new instance - * created and initialized successfully. - * The old instance is left running. so this is very expensive. - * Restart of server recommended. + * Modify publisher instance. This will actually create a new instance with + * new configuration parameters and replace the old instance, if the new + * instance created and initialized successfully. The old instance is left + * running. so this is very expensive. Restart of server recommended. */ - private synchronized void modPublisherInst(HttpServletRequest req, - HttpServletResponse resp, String scope) - throws ServletException, IOException, EBaseException { + private synchronized void modPublisherInst(HttpServletRequest req, + HttpServletResponse resp, String scope) throws ServletException, + IOException, EBaseException { // expensive operation. String id = req.getParameter(Constants.RS_ID); if (id == null) { - //System.out.println("SRVLT_NULL_RS_ID"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + // System.out.println("SRVLT_NULL_RS_ID"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // Does the manager instance exist? if (!mProcessor.getPublisherInsts().containsKey((Object) id)) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp); return; } @@ -2778,22 +2849,26 @@ public class PublisherAdminServlet extends AdminServlet { String implname = req.getParameter(Constants.PR_PUBLISHER_IMPL_NAME); if (implname == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp); return; } - // get plugin for implementation - PublisherPlugin plugin = - (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname); + // get plugin for implementation + PublisherPlugin plugin = (PublisherPlugin) mProcessor + .getPublisherPlugins().get(implname); if (plugin == null) { - sendResponse(ERROR, - new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(), - null, resp); + sendResponse( + ERROR, + new EPublisherPluginNotFound(CMS.getUserMessage( + getLocale(req), + "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)) + .toString(), null, resp); return; } - // save old instance substore params in case new one fails. + // save old instance substore params in case new one fails. ILdapPublisher oldinst = mProcessor.getPublisherInstance(id); Vector oldConfigParms = oldinst.getInstanceParams(); @@ -2807,14 +2882,16 @@ public class PublisherAdminServlet extends AdminServlet { String kv = (String) oldConfigParms.elementAt(i); int index = kv.indexOf('='); if (index > -1) { - if (kv.substring(0, index).equalsIgnoreCase("caObjectClass")) { + if (kv.substring(0, index) + .equalsIgnoreCase("caObjectClass")) { pubType = "cacert"; - } else if (kv.substring(0, index).equalsIgnoreCase("crlObjectClass")) { + } else if (kv.substring(0, index).equalsIgnoreCase( + "crlObjectClass")) { pubType = "crl"; } - saveParams.add(kv.substring(0, index), - kv.substring(index + 1)); + saveParams.add(kv.substring(0, index), + kv.substring(index + 1)); } } } @@ -2823,17 +2900,23 @@ public class PublisherAdminServlet extends AdminServlet { // remove old substore. - IConfigStore destStore = - mConfig.getSubStore(mAuth.getId() + ".publish.publisher"); + IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + + ".publish.publisher"); IConfigStore instancesConfig = destStore.getSubStore("instance"); // get objects added and deleted if (pubType.equals("cacert")) { - saveParams.add("caObjectClassAdded", instancesConfig.getString(id + ".caObjectClassAdded", "")); - saveParams.add("caObjectClassDeleted", instancesConfig.getString(id + ".caObjectClassDeleted", "")); + saveParams.add("caObjectClassAdded", + instancesConfig.getString(id + ".caObjectClassAdded", "")); + saveParams + .add("caObjectClassDeleted", + instancesConfig.getString(id + + ".caObjectClassDeleted", "")); } else if (pubType.equals("crl")) { - saveParams.add("crlObjectClassAdded", instancesConfig.getString(id + ".crlObjectClassAdded", "")); - saveParams.add("crlObjectClassDeleted", instancesConfig.getString(id + ".crlObjectClassDeleted", "")); + saveParams.add("crlObjectClassAdded", + instancesConfig.getString(id + ".crlObjectClassAdded", "")); + saveParams.add("crlObjectClassDeleted", instancesConfig.getString( + id + ".crlObjectClassDeleted", "")); } // create new substore. @@ -2859,9 +2942,9 @@ public class PublisherAdminServlet extends AdminServlet { } // process any changes to the ldap object class definitions - if (pubType.equals("cacert")) { + if (pubType.equals("cacert")) { processChangedOC(saveParams, substore, "caObjectClass"); - substore.put("pubtype", "cacert"); + substore.put("pubtype", "cacert"); } if (pubType.equals("crl")) { @@ -2875,25 +2958,32 @@ public class PublisherAdminServlet extends AdminServlet { ILdapPublisher newMgrInst = null; try { - newMgrInst = (ILdapPublisher) Class.forName(className).newInstance(); + newMgrInst = (ILdapPublisher) Class.forName(className) + .newInstance(); } catch (ClassNotFoundException e) { // cleanup restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (InstantiationException e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } catch (IllegalAccessException e) { restore(instancesConfig, id, saveParams); - sendResponse(ERROR, - new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), - null, resp); + sendResponse( + ERROR, + new ELdapException(CMS.getUserMessage(getLocale(req), + "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(), + null, resp); return; } @@ -2912,25 +3002,25 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // initialized ok. commiting + // initialized ok. commiting try { mConfig.commit(true); } catch (EBaseException e) { // clean up. restore(instancesConfig, id, saveParams); - //System.out.println("SRVLT_FAIL_COMMIT"); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"), - null, resp); + // System.out.println("SRVLT_FAIL_COMMIT"); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp); return; } // commited ok. replace instance. - mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst)); + mProcessor.getPublisherInsts().put(id, + new PublisherProxy(true, newMgrInst)); - mProcessor.log(ILogger.LL_INFO, - CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); + mProcessor.log(ILogger.LL_INFO, + CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id)); NameValuePairs params = new NameValuePairs(); @@ -2938,61 +3028,65 @@ public class PublisherAdminServlet extends AdminServlet { return; } - // convenience function - takes list1, list2. Returns what is in list1 + // convenience function - takes list1, list2. Returns what is in list1 // but not in list2 private String[] getExtras(String[] list1, String[] list2) { - Vector <String> extras = new Vector<String>(); - for (int i=0; i< list1.length; i++) { - boolean match=false; - for (int j=0; j < list2.length; j++) { - if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { - match = true; - break; - } - } - if (!match) extras.add(list1[i].trim()); - } - - return (String[])extras.toArray(new String[extras.size()]); + Vector<String> extras = new Vector<String>(); + for (int i = 0; i < list1.length; i++) { + boolean match = false; + for (int j = 0; j < list2.length; j++) { + if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) { + match = true; + break; + } + } + if (!match) + extras.add(list1[i].trim()); + } + + return (String[]) extras.toArray(new String[extras.size()]); } - // convenience function - takes list1, list2. Concatenates the two + // convenience function - takes list1, list2. Concatenates the two // lists removing duplicates private String[] joinLists(String[] list1, String[] list2) { - Vector <String> sum = new Vector<String>(); - for (int i=0; i< list1.length; i++) { - sum.add(list1[i]); - } - - for (int i=0; i < list2.length; i++) { - boolean match=false; - for (int j=0; j < list1.length; j++) { - if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { - match = true; - break; - } - } - if (!match) sum.add(list2[i].trim()); - } - - return (String[])sum.toArray(new String[sum.size()]); + Vector<String> sum = new Vector<String>(); + for (int i = 0; i < list1.length; i++) { + sum.add(list1[i]); + } + + for (int i = 0; i < list2.length; i++) { + boolean match = false; + for (int j = 0; j < list1.length; j++) { + if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) { + match = true; + break; + } + } + if (!match) + sum.add(list2[i].trim()); + } + + return (String[]) sum.toArray(new String[sum.size()]); } // convenience funtion. Takes a string array and delimiter // and returns a String with the concatenation private static String join(String[] s, String delimiter) { - if (s.length == 0) return ""; + if (s.length == 0) + return ""; StringBuffer buffer = new StringBuffer(s[0]); if (s.length > 1) { - for (int i=1; i< s.length; i++) { + for (int i = 1; i < s.length; i++) { buffer.append(delimiter).append(s[i].trim()); } } return buffer.toString(); } - private void processChangedOC(NameValuePairs saveParams, IConfigStore newstore, String objName) { + private void processChangedOC(NameValuePairs saveParams, + IConfigStore newstore, String objName) { String newOC = null, oldOC = null; String oldAdded = null, oldDeleted = null; @@ -3005,36 +3099,38 @@ public class PublisherAdminServlet extends AdminServlet { oldAdded = saveParams.getValue(objName + "Added"); oldDeleted = saveParams.getValue(objName + "Deleted"); - if ((oldOC == null) || (newOC == null)) return; - if (oldOC.equalsIgnoreCase(newOC)) return; + if ((oldOC == null) || (newOC == null)) + return; + if (oldOC.equalsIgnoreCase(newOC)) + return; - String [] oldList = oldOC.split(","); - String [] newList = newOC.split(","); - String [] deletedList = getExtras(oldList, newList); - String [] addedList = getExtras(newList, oldList); + String[] oldList = oldOC.split(","); + String[] newList = newOC.split(","); + String[] deletedList = getExtras(oldList, newList); + String[] addedList = getExtras(newList, oldList); // CMS.debug("addedList = " + join(addedList, ",")); // CMS.debug("deletedList = " + join(deletedList, ",")); - if ((addedList.length ==0) && (deletedList.length == 0)) - return; // no changes + if ((addedList.length == 0) && (deletedList.length == 0)) + return; // no changes if (oldAdded != null) { // CMS.debug("oldAdded is " + oldAdded); - String [] oldAddedList = oldAdded.split(","); + String[] oldAddedList = oldAdded.split(","); addedList = joinLists(addedList, oldAddedList); } if (oldDeleted != null) { // CMS.debug("oldDeleted is " + oldDeleted); - String [] oldDeletedList = oldDeleted.split(","); + String[] oldDeletedList = oldDeleted.split(","); deletedList = joinLists(deletedList, oldDeletedList); } String[] addedList1 = getExtras(addedList, deletedList); String[] deletedList1 = getExtras(deletedList, addedList); - //create the final strings and write to config + // create the final strings and write to config String addedListStr = join(addedList1, ","); String deletedListStr = join(deletedList1, ","); @@ -3046,8 +3142,8 @@ public class PublisherAdminServlet extends AdminServlet { } // convenience routine. - private static void restore(IConfigStore store, - String id, NameValuePairs saveParams) { + private static void restore(IConfigStore store, String id, + NameValuePairs saveParams) { store.removeSubStore(id); IConfigStore rstore = store.makeSubStore(id); @@ -3057,7 +3153,7 @@ public class PublisherAdminServlet extends AdminServlet { String key = (String) keys.nextElement(); String value = saveParams.getValue(key); - if (value != null) + if (value != null) rstore.put(key, value); } } @@ -3078,7 +3174,7 @@ public class PublisherAdminServlet extends AdminServlet { public void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, + "PublishingAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java index 35bbb91a..97590e0b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -36,13 +35,11 @@ import com.netscape.certsrv.common.ScopeDef; import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequestListener; - /** - * A class representings an administration servlet for Registration - * Authority. This servlet is responsible to serve RA - * administrative operations such as configuration parameter - * updates. - * + * A class representings an administration servlet for Registration Authority. + * This servlet is responsible to serve RA administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public class RAAdminServlet extends AdminServlet { @@ -53,15 +50,17 @@ public class RAAdminServlet extends AdminServlet { protected static final String PROP_ENABLED = "enabled"; - /*========================================================== - * variables - *==========================================================*/ + /* + * ========================================================== variables + * ========================================================== + */ private final static String INFO = "RAAdminServlet"; private IRegistrationAuthority mRA = null; - /*========================================================== - * constructors - *==========================================================*/ + /* + * ========================================================== constructors + * ========================================================== + */ /** * Constructs RA servlet. @@ -70,9 +69,10 @@ public class RAAdminServlet extends AdminServlet { super(); } - /*========================================================== - * public methods - *==========================================================*/ + /* + * ========================================================== public methods + * ========================================================== + */ /** * Initializes this servlet. @@ -90,35 +90,34 @@ public class RAAdminServlet extends AdminServlet { } /** - * Serves HTTP request. Each request is authenticated to - * the authenticate manager. + * Serves HTTP request. Each request is authenticated to the authenticate + * manager. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); - //get all operational flags + // get all operational flags String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); - //check operational flags + // check operational flags if ((op == null) || (scope == null)) { sendResponse(1, "Invalid Protocol", null, resp); return; } - //authenticate the user + // authenticate the user super.authenticate(req); - //perform services + // perform services try { AUTHZ_RES_NAME = "certServer.ra.configuration"; if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -143,9 +142,8 @@ public class RAAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GENERAL)) { @@ -157,7 +155,7 @@ public class RAAdminServlet extends AdminServlet { } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) { setNotificationReqCompConfig(req, resp); return; - }else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { + } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) { setNotificationRevCompConfig(req, resp); return; } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) { @@ -169,22 +167,23 @@ public class RAAdminServlet extends AdminServlet { } } } catch (Exception e) { - //System.out.println("XXX >>>" + e.toString() + "<<<"); + // System.out.println("XXX >>>" + e.toString() + "<<<"); sendResponse(1, "Unknown operation", null, resp); } return; } - /*========================================================== - * private methods - *==========================================================*/ - + /* + * ========================================================== private + * methods========================================================== + */ + /* * handle getting completion (cert issued) notification config info */ private void getNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc) throws ServletException, + HttpServletResponse resp, IConfigStore rc) throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -203,35 +202,37 @@ public class RAAdminServlet extends AdminServlet { params.add(name, rc.getString(name, "")); } - params.add(Constants.PR_ENABLE, - rc.getString(PROP_ENABLED, Constants.FALSE)); - //System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + rc.getString(PROP_ENABLED, Constants.FALSE)); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } private void getNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); + IConfigStore rc = nc + .getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); getNotificationCompConfig(req, resp, rc); } private void getNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); + IConfigStore rc = nc + .getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); getNotificationCompConfig(req, resp, rc); @@ -241,16 +242,17 @@ public class RAAdminServlet extends AdminServlet { * handle getting request in queue notification config info */ private void getNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); + IConfigStore riq = nc + .getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); Enumeration e = req.getParameterNames(); @@ -268,9 +270,9 @@ public class RAAdminServlet extends AdminServlet { params.add(name, riq.getString(name, "")); } - params.add(Constants.PR_ENABLE, - riq.getString(PROP_ENABLED, Constants.FALSE)); - //System.out.println("Send: "+params.toString()); + params.add(Constants.PR_ENABLE, + riq.getString(PROP_ENABLED, Constants.FALSE)); + // System.out.println("Send: "+params.toString()); sendResponse(SUCCESS, null, params, resp); } @@ -278,15 +280,16 @@ public class RAAdminServlet extends AdminServlet { * handle setting request in queue notification config info */ private void setNotificationRIQConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); + IConfigStore riq = nc + .getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE); - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -321,9 +324,10 @@ public class RAAdminServlet extends AdminServlet { * handle setting request complete notification config info */ private void setNotificationCompConfig(HttpServletRequest req, - HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException, + HttpServletResponse resp, IConfigStore rc, + IRequestListener thisListener) throws ServletException, IOException, EBaseException { - //set rest of the parameters + // set rest of the parameters Enumeration e = req.getParameterNames(); while (e.hasMoreElements()) { @@ -355,33 +359,35 @@ public class RAAdminServlet extends AdminServlet { } private void setNotificationReqCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); + IConfigStore rc = nc + .getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener()); - + } private void setNotificationRevCompConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore config = mRA.getConfigStore(); - IConfigStore nc = - config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); + IConfigStore nc = config + .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE); - IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); + IConfigStore rc = nc + .getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE); setNotificationCompConfig(req, resp, rc, mRA.getCertRevokedListener()); } private void getConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; @@ -395,15 +401,10 @@ public class RAAdminServlet extends AdminServlet { } /* - Enumeration enum = req.getParameterNames(); - NameValuePairs params = new NameValuePairs(); - while (enum.hasMoreElements()) { - String key = (String)enum.nextElement(); - if (key.equals("RS_ID")) { - String val = req.getParameter(key); - if (val.equals("CA Connector")) - } - } + * Enumeration enum = req.getParameterNames(); NameValuePairs params = + * new NameValuePairs(); while (enum.hasMoreElements()) { String key = + * (String)enum.nextElement(); if (key.equals("RS_ID")) { String val = + * req.getParameter(key); if (val.equals("CA Connector")) } } */ Enumeration enum1 = req.getParameterNames(); @@ -427,13 +428,13 @@ public class RAAdminServlet extends AdminServlet { } private void setConnectorConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { IConfigStore raConfig = mRA.getConfigStore(); IConfigStore connectorConfig = raConfig.getSubStore("connector"); IConfigStore caConnectorConfig = null; - // String nickname = raConfig.getString("certNickname", ""); + // String nickname = raConfig.getString("certNickname", ""); if (isCAConnector(req)) { caConnectorConfig = connectorConfig.getSubStore("CA"); @@ -455,12 +456,10 @@ public class RAAdminServlet extends AdminServlet { continue; if (name.equals(Constants.OP_SCOPE)) continue; -/* - if (name.equals("nickName")) { - caConnectorConfig.putString(name, nickname); - continue; - } -*/ + /* + * if (name.equals("nickName")) { + * caConnectorConfig.putString(name, nickname); continue; } + */ caConnectorConfig.putString(name, req.getParameter(name)); } } @@ -526,50 +525,41 @@ public class RAAdminServlet extends AdminServlet { return false; } - //reading the RA general information + // reading the RA general information private void readGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); - String value = "false"; - if (eeGateway != null) { - IConfigStore eeConfig = eeGateway.getConfigStore(); - if (eeConfig != null) - value = eeConfig.getString("enabled", "true"); - } - params.add(Constants.PR_EE_ENABLED, value); + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); String value = + * "false"; if (eeGateway != null) { IConfigStore eeConfig = + * eeGateway.getConfigStore(); if (eeConfig != null) value = + * eeConfig.getString("enabled", "true"); } + * params.add(Constants.PR_EE_ENABLED, value); */ - + sendResponse(SUCCESS, null, params, resp); } - //mdify RA General Information + // mdify RA General Information private void modifyGeneralConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { /* - ISubsystem eeGateway = - SubsystemRegistry.getInstance().get("eeGateway"); - IConfigStore eeConfig = null; - if (eeGateway != null) - eeConfig = eeGateway.getConfigStore(); - - Enumeration enum = req.getParameterNames(); - while (enum.hasMoreElements()) { - String key = (String)enum.nextElement(); - if (key.equals(Constants.PR_EE_ENABLED)) { - if (eeConfig != null) - eeConfig.putString("enabled", - req.getParameter(Constants.PR_EE_ENABLED)); - } - } - + * ISubsystem eeGateway = + * SubsystemRegistry.getInstance().get("eeGateway"); IConfigStore + * eeConfig = null; if (eeGateway != null) eeConfig = + * eeGateway.getConfigStore(); + * + * Enumeration enum = req.getParameterNames(); while + * (enum.hasMoreElements()) { String key = (String)enum.nextElement(); + * if (key.equals(Constants.PR_EE_ENABLED)) { if (eeConfig != null) + * eeConfig.putString("enabled", + * req.getParameter(Constants.PR_EE_ENABLED)); } } */ sendResponse(RESTART, null, null, resp); commit(true); diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java index be9eb456..39f6b6f9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.util.Enumeration; @@ -41,7 +40,7 @@ import com.netscape.certsrv.registry.IPluginRegistry; /** * This implements the administration servlet for registry subsystem. - * + * * @version $Revision$, $Date$ */ public class RegistryAdminServlet extends AdminServlet { @@ -53,8 +52,7 @@ public class RegistryAdminServlet extends AdminServlet { public final static String PROP_AUTHORITY = "authority"; private final static String INFO = "RegistryAdminServlet"; - private final static String PW_PASSWORD_CACHE_ADD = - "PASSWORD_CACHE_ADD"; + private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD"; public final static String PROP_PREDICATE = "predicate"; private IAuthority mAuthority = null; @@ -103,9 +101,8 @@ public class RegistryAdminServlet extends AdminServlet { /** * Serves HTTP admin request. */ - public void service(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void service(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { super.service(req, resp); super.authenticate(req); @@ -113,7 +110,7 @@ public class RegistryAdminServlet extends AdminServlet { AUTHZ_RES_NAME = "certServer.registry.configuration"; String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - + if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) { if (op.equals(OpDef.OP_READ)) if (!readAuthorize(req, resp)) @@ -124,25 +121,23 @@ public class RegistryAdminServlet extends AdminServlet { } } - private boolean readAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean readAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return false; } return true; } - private boolean modifyAuthorize(HttpServletRequest req, - HttpServletResponse resp) throws IOException { + private boolean modifyAuthorize(HttpServletRequest req, + HttpServletResponse resp) throws IOException { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return false; } return true; @@ -151,9 +146,8 @@ public class RegistryAdminServlet extends AdminServlet { /** * Process Policy Implementation Management. */ - public void processImplMgmt(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void processImplMgmt(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { // Get operation type String op = req.getParameter(Constants.OP_TYPE); String scope = req.getParameter(Constants.OP_SCOPE); @@ -175,17 +169,15 @@ public class RegistryAdminServlet extends AdminServlet { return; addImpl(req, resp); } else - sendResponse(ERROR, INVALID_POLICY_IMPL_OP, - null, resp); + sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp); } - public void addImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void addImpl(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); - String scope = req.getParameter(Constants.OP_SCOPE); + String scope = req.getParameter(Constants.OP_SCOPE); String classPath = req.getParameter(Constants.PR_POLICY_CLASS); String desc = req.getParameter(Constants.PR_POLICY_DESC); @@ -198,17 +190,16 @@ public class RegistryAdminServlet extends AdminServlet { IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath); try { - mRegistry.addPluginInfo(scope, id, info); + mRegistry.addPluginInfo(scope, id, info); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); } - public void deleteImpl(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void deleteImpl(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -225,13 +216,13 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); try { - mRegistry.removePluginInfo(scope, id); + mRegistry.removePluginInfo(scope, id); } catch (Exception e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } sendResponse(SUCCESS, null, nvp, resp); @@ -240,9 +231,8 @@ public class RegistryAdminServlet extends AdminServlet { /** * Lists all registered profile impementations */ - public void listImpls(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + public void listImpls(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); Enumeration impls = mRegistry.getIds(scope); @@ -252,15 +242,17 @@ public class RegistryAdminServlet extends AdminServlet { String id = (String) impls.nextElement(); IPluginInfo info = mRegistry.getPluginInfo(scope, id); - nvp.add(id, info.getClassName() + "," + - info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req))); - } + nvp.add(id, + info.getClassName() + "," + + info.getDescription(getLocale(req)) + "," + + info.getName(getLocale(req))); + } sendResponse(SUCCESS, null, nvp, resp); } - public void getSupportedConstraintPolicies(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void getSupportedConstraintPolicies(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { String id = req.getParameter(Constants.RS_ID); if (id == null) { @@ -272,8 +264,8 @@ public class RegistryAdminServlet extends AdminServlet { try { IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id); String className = info.getClassName(); - IPolicyDefault policyDefaultClass = (IPolicyDefault) - Class.forName(className).newInstance(); + IPolicyDefault policyDefaultClass = (IPolicyDefault) Class.forName( + className).newInstance(); if (policyDefaultClass != null) { Enumeration impls = mRegistry.getIds("constraintPolicy"); @@ -282,28 +274,37 @@ public class RegistryAdminServlet extends AdminServlet { String constraintID = (String) impls.nextElement(); IPluginInfo constraintInfo = mRegistry.getPluginInfo( "constraintPolicy", constraintID); - IPolicyConstraint policyConstraintClass = (IPolicyConstraint) - Class.forName(constraintInfo.getClassName()).newInstance(); + IPolicyConstraint policyConstraintClass = (IPolicyConstraint) Class + .forName(constraintInfo.getClassName()) + .newInstance(); - CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName()); + CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + + constraintInfo.getClassName()); if (policyConstraintClass.isApplicable(policyDefaultClass)) { - CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName()); - nvp.add(constraintID, constraintInfo.getClassName() + "," + - constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req))); + CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + + constraintInfo.getClassName()); + nvp.add(constraintID, + constraintInfo.getClassName() + + "," + + constraintInfo + .getDescription(getLocale(req)) + + "," + + constraintInfo + .getName(getLocale(req))); } } } } catch (Exception ex) { - CMS.debug("RegistyAdminServlet: getSupportConstraintPolicies: " + ex.toString()); + CMS.debug("RegistyAdminServlet: getSupportConstraintPolicies: " + + ex.toString()); CMS.debug(ex); } sendResponse(SUCCESS, null, nvp, resp); } public void getProfileImplConfig(HttpServletRequest req, - HttpServletResponse resp) - throws ServletException, IOException { + HttpServletResponse resp) throws ServletException, IOException { // Get the policy impl id. String id = req.getParameter(Constants.RS_ID); @@ -320,15 +321,14 @@ public class RegistryAdminServlet extends AdminServlet { sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp); return; } - + NameValuePairs nvp = new NameValuePairs(); String className = info.getClassName(); IConfigTemplate template = null; try { - template = (IConfigTemplate) - Class.forName(className).newInstance(); + template = (IConfigTemplate) Class.forName(className).newInstance(); } catch (Exception e) { } if (template != null) { @@ -336,22 +336,30 @@ public class RegistryAdminServlet extends AdminServlet { if (names != null) { while (names.hasMoreElements()) { - String name = (String) names.nextElement(); - CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name); - IDescriptor desc = template.getConfigDescriptor(getLocale(req), name); + String name = (String) names.nextElement(); + CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + + name); + IDescriptor desc = template.getConfigDescriptor( + getLocale(req), name); if (desc != null) { - try { - String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue()); - - CMS.debug("RegistryAdminServlet: getProfileImpl " + value); - nvp.add(name, value); - } catch (Exception e) { - - CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name); - } + try { + String value = getNonNull(desc.getSyntax()) + ";" + + getNonNull(desc.getConstraint()) + ";" + + desc.getDescription(getLocale(req)) + ";" + + getNonNull(desc.getDefaultValue()); + + CMS.debug("RegistryAdminServlet: getProfileImpl " + + value); + nvp.add(name, value); + } catch (Exception e) { + + CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + + name); + } } else { - CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name); + CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + + name); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java index bd96bbec..2ef01b24 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; @@ -58,16 +57,14 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Cert; - /** - * A class representing an administration servlet for - * User/Group Manager. It communicates with client - * SDK to allow remote administration of User/Group + * A class representing an administration servlet for User/Group Manager. It + * communicates with client SDK to allow remote administration of User/Group * manager. - * - * This servlet will be registered to remote - * administration subsystem by usrgrp manager. - * + * + * This servlet will be registered to remote administration subsystem by usrgrp + * manager. + * * @version $Revision$, $Date$ */ public class UsrGrpAdminServlet extends AdminServlet { @@ -83,22 +80,20 @@ public class UsrGrpAdminServlet extends AdminServlet { private final static String RES_OCSP_GROUP = "certServer.ocsp.group"; private final static String RES_TKS_GROUP = "certServer.tks.group"; private final static String SYSTEM_USER = "$System$"; - // private final static String RES_GROUP = "root.common.goldfish"; + // private final static String RES_GROUP = "root.common.goldfish"; private final static String BACK_SLASH = "\\"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private IUGSubsystem mMgr = null; private IAuthzSubsystem mAuthz = null; - private static String [] mMultiRoleGroupEnforceList = null; - private final static String MULTI_ROLE_ENABLE= "multiroles.enable"; + private static String[] mMultiRoleGroupEnforceList = null; + private final static String MULTI_ROLE_ENABLE = "multiroles.enable"; private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList"; - /** * Constructs User/Group manager servlet. */ @@ -126,17 +121,17 @@ public class UsrGrpAdminServlet extends AdminServlet { * Serves incoming User/Group management request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); String scope = super.getParameter(req, Constants.OP_SCOPE); String op = super.getParameter(req, Constants.OP_TYPE); if (op == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), - null, resp); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL")); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp); return; } @@ -147,64 +142,57 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); return; } // authorization // temporary test before servlets are exposed with authtoken /* - SessionContext sc = SessionContext.getContext(); - AuthToken authToken = (AuthToken) sc.get(SessionContext.AUTH_TOKEN); - - AuthzToken authzTok = null; - CMS.debug("UserGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); - // hardcoded for now .. just testing - try { - authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read"); - } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); - } - if (AuthzToken.AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS))) { - // audit would have been needed here if this weren't just a test... - - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); - - sendResponse(ERROR, - MessageFormatter.getLocalizedString( - getLocale(req), - AdminResources.class.getName(), - AdminResources.SRVLT_FAIL_AUTHS), - null, resp); - return; - } + * SessionContext sc = SessionContext.getContext(); AuthToken authToken + * = (AuthToken) sc.get(SessionContext.AUTH_TOKEN); + * + * AuthzToken authzTok = null; CMS.debug("UserGrpAdminServlet: " + + * CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); // hardcoded for + * now .. just testing try { authzTok = mAuthz.authorize("DirAclAuthz", + * authToken, RES_GROUP, "read"); } catch (EBaseException e) { + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); } if + * (AuthzToken + * .AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS + * ))) { // audit would have been needed here if this weren't just a + * test... + * + * log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS")); + * + * sendResponse(ERROR, MessageFormatter.getLocalizedString( + * getLocale(req), AdminResources.class.getName(), + * AdminResources.SRVLT_FAIL_AUTHS), null, resp); return; } */ - try { ISubsystem subsystem = CMS.getSubsystem("ca"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_CA_GROUP; subsystem = CMS.getSubsystem("ra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_RA_GROUP; subsystem = CMS.getSubsystem("kra"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_KRA_GROUP; subsystem = CMS.getSubsystem("ocsp"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_OCSP_GROUP; subsystem = CMS.getSubsystem("tks"); - if (subsystem != null) + if (subsystem != null) AUTHZ_RES_NAME = RES_TKS_GROUP; if (scope != null) { if (scope.equals(ScopeDef.SC_USER_TYPE)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } @@ -215,9 +203,8 @@ public class UsrGrpAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -233,9 +220,8 @@ public class UsrGrpAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -251,9 +237,8 @@ public class UsrGrpAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_ADD)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -269,9 +254,8 @@ public class UsrGrpAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_DELETE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -284,9 +268,8 @@ public class UsrGrpAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_GROUPS)) { @@ -296,33 +279,30 @@ public class UsrGrpAdminServlet extends AdminServlet { findUsers(req, resp); return; } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), - null, resp); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE")); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp); return; } } } // if } catch (EBaseException e) { log(ILogger.LL_FAILURE, e.toString()); - sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); - log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"), - null, resp); + log(ILogger.LL_FAILURE, + CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM")); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp); return; } } - private void getUserType(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getUserType(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String id = super.getParameter(req, Constants.RS_ID); IUser user = mMgr.getUser(id); @@ -337,44 +317,42 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * Retrieves configuration parameters of - * authentication manager. + * Retrieves configuration parameters of authentication manager. */ - private synchronized void getConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void getConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { super.getConfig(mMgr.getConfigStore(), req, resp); } /** - * Sets configuration parameters of - * User/Group manager. + * Sets configuration parameters of User/Group manager. */ - private synchronized void setConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void setConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { super.setConfig(mMgr.getConfigStore(), req, resp); } /** * Lists configuration parameters. */ - private synchronized void listConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void listConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { super.listConfig(mMgr.getConfigStore(), req, resp); } /** - * Searches for users in LDAP directory. List uids only - * + * Searches for users in LDAP directory. List uids only + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUsers(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void findUsers(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); @@ -384,7 +362,8 @@ public class UsrGrpAdminServlet extends AdminServlet { e = mMgr.listUsers("*"); } catch (Exception ex) { sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), + null, resp); return; } @@ -412,27 +391,25 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * List user information. Certificates covered in a separate - * protocol for findUserCerts(). List of group memberships are - * also provided. - * + * List user information. Certificates covered in a separate protocol for + * findUserCerts(). List of group memberships are also provided. + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void findUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -445,7 +422,8 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { e.printStackTrace(); sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), + null, resp); return; } @@ -456,15 +434,15 @@ public class UsrGrpAdminServlet extends AdminServlet { params.add(Constants.PR_USER_STATE, user.getState()); // get list of groups, and get a list of those that this - // uid belongs to + // uid belongs to Enumeration e = null; try { e = mMgr.findGroups("*"); } catch (Exception ex) { ex.printStackTrace(); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -474,7 +452,7 @@ public class UsrGrpAdminServlet extends AdminServlet { IGroup group = (IGroup) e.nextElement(); if (group.isMember(id) == true) { - if (grpString.length()!=0) { + if (grpString.length() != 0) { grpString.append(","); } grpString.append(group.getGroupID()); @@ -487,34 +465,33 @@ public class UsrGrpAdminServlet extends AdminServlet { return; } - log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } /** * List user certificate(s) - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findUserCerts(HttpServletRequest req, - HttpServletResponse resp, Locale clientLocale) - throws ServletException, - IOException, EBaseException { + private synchronized void findUserCerts(HttpServletRequest req, + HttpServletResponse resp, Locale clientLocale) + throws ServletException, IOException, EBaseException { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -526,32 +503,33 @@ public class UsrGrpAdminServlet extends AdminServlet { user = mMgr.getUser(id); } catch (Exception e) { e.printStackTrace(); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } if (user == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp); return; } - X509Certificate[] certs = - (X509Certificate[]) user.getX509Certificates(); + X509Certificate[] certs = (X509Certificate[]) user + .getX509Certificates(); if (certs != null) { for (int i = 0; i < certs.length; i++) { ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]); - // add base64 encoding - String base64 = CMS.getEncodedCert(certs[i]); - + // add base64 encoding + String base64 = CMS.getEncodedCert(certs[i]); + // pretty print certs params.add(getCertificateString(certs[i]), - print.toString(clientLocale) + "\n" + base64); + print.toString(clientLocale) + "\n" + base64); } sendResponse(SUCCESS, null, params, resp); return; @@ -570,20 +548,20 @@ public class UsrGrpAdminServlet extends AdminServlet { } // note that it did not represent a certificate fully - return cert.getVersion() + ";" + cert.getSerialNumber().toString() + - ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + return cert.getVersion() + ";" + cert.getSerialNumber().toString() + + ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); } /** * Searchess for groups in LDAP server - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group */ - private synchronized void findGroups(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void findGroups(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = null; @@ -592,7 +570,9 @@ public class UsrGrpAdminServlet extends AdminServlet { e = mMgr.listGroups("*"); } catch (Exception ex) { ex.printStackTrace(); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), + null, resp); return; } @@ -611,25 +591,23 @@ public class UsrGrpAdminServlet extends AdminServlet { } /** - * finds a group - * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * finds a group Request/Response Syntax: + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin */ - private synchronized void findGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void findGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -639,7 +617,9 @@ public class UsrGrpAdminServlet extends AdminServlet { e = mMgr.findGroups(id); } catch (Exception ex) { ex.printStackTrace(); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), + null, resp); return; } @@ -647,15 +627,14 @@ public class UsrGrpAdminServlet extends AdminServlet { IGroup group = (IGroup) e.nextElement(); params.add(Constants.PR_GROUP_GROUP, group.getGroupID()); - params.add(Constants.PR_GROUP_DESC, - group.getDescription()); + params.add(Constants.PR_GROUP_DESC, group.getDescription()); Enumeration members = group.getMemberNames(); StringBuffer membersString = new StringBuffer(); if (members != null) { while (members.hasMoreElements()) { - if (membersString.length()!=0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -670,10 +649,11 @@ public class UsrGrpAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); return; } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST")); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp); return; } @@ -682,25 +662,26 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Adds a new user to LDAP server * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void addUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -711,58 +692,52 @@ public class UsrGrpAdminServlet extends AdminServlet { String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } if (id.indexOf(BACK_SLASH) != -1) { // backslashes (BS) are not allowed - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_RS_ID_BS"), null, resp); return; } if (id.equals(SYSTEM_USER)) { // backslashes (BS) are not allowed - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", id)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", id)); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_SPECIAL_ID", id), null, resp); return; } @@ -770,22 +745,21 @@ public class UsrGrpAdminServlet extends AdminServlet { String fname = super.getParameter(req, Constants.PR_USER_FULLNAME); if ((fname == null) || (fname.length() == 0)) { - String msg = CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "full name"); + String msg = CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_ADD_FAILED_1", "full name"); log(ILogger.LL_FAILURE, msg); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); sendResponse(ERROR, msg, null, resp); return; - } else + } else user.setFullName(fname); String email = super.getParameter(req, Constants.PR_USER_EMAIL); @@ -803,16 +777,14 @@ public class UsrGrpAdminServlet extends AdminServlet { if (!passwdCheck.isGoodPassword(pword)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); throw new EUsrGrpException(passwdCheck.getReason(pword)); - //UsrGrpResources.BAD_PASSWD); + // UsrGrpResources.BAD_PASSWD); } user.setPassword(pword); @@ -856,18 +828,17 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } - + if (e.hasMoreElements()) { IGroup group = (IGroup) e.nextElement(); @@ -879,36 +850,34 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage( + getLocale(req), + "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } // for audit log SessionContext sContext = SessionContext.getContext(); - String adminId = (String) sContext.get(SessionContext.USER_ID); - + String adminId = (String) sContext + .get(SessionContext.USER_ID); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, id, groupName} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, id, groupName }); } NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -919,61 +888,54 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); if (user.getUserID() == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_ADD_FAILED"), null, resp); } return; } catch (LDAPException e) { String errMsg = "addUser()" + e.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", + e.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } catch (Exception e) { log(ILogger.LL_FAILURE, e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_ADD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -981,53 +943,51 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Adds a certificate to a user * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void addUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1038,20 +998,18 @@ public class UsrGrpAdminServlet extends AdminServlet { String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1065,10 +1023,8 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1082,7 +1038,8 @@ public class UsrGrpAdminServlet extends AdminServlet { // Base64 decode cert try { - byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil + .AtoB(certsString)); X509Certificate cert = new X509CertImpl(bCert); certs = new X509Certificate[1]; @@ -1092,12 +1049,14 @@ public class UsrGrpAdminServlet extends AdminServlet { boolean assending = true; // could it be a pkcs7 blob? - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_IS_PK_BLOB")); - byte p7Cert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_IS_PK_BLOB")); + byte p7Cert[] = (byte[]) (com.netscape.osutil.OSUtil + .AtoB(certsString)); try { CryptoManager manager = CryptoManager.getInstance(); - + PKCS7 pkcs7 = new PKCS7(p7Cert); X509Certificate p7certs[] = pkcs7.getCertificates(); @@ -1105,15 +1064,14 @@ public class UsrGrpAdminServlet extends AdminServlet { if (p7certs.length == 0) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } // fix for 370099 - cert ordering can not be assumed @@ -1122,37 +1080,44 @@ public class UsrGrpAdminServlet extends AdminServlet { // self-signed and alone? take it. otherwise test // the ordering - if (p7certs[0].getSubjectDN().toString().equals( - p7certs[0].getIssuerDN().toString()) && - (p7certs.length == 1)) { + if (p7certs[0].getSubjectDN().toString() + .equals(p7certs[0].getIssuerDN().toString()) + && (p7certs.length == 1)) { certs[0] = p7certs[0]; - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT")); - } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) { + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT")); + } else if (p7certs[0].getIssuerDN().toString() + .equals(p7certs[1].getSubjectDN().toString())) { certs[0] = p7certs[0]; - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_ACEND_ORD")); - } else if (p7certs[1].getIssuerDN().toString().equals(p7certs[0].getSubjectDN().toString())) { + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_ACEND_ORD")); + } else if (p7certs[1].getIssuerDN().toString() + .equals(p7certs[0].getSubjectDN().toString())) { assending = false; - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_DESC_ORD")); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_DESC_ORD")); certs[0] = p7certs[p7certs.length - 1]; } else { // not a chain, or in random order - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN")); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length))); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", + String.valueOf(p7certs.length))); int j = 0; int jBegin = 0; @@ -1167,72 +1132,82 @@ public class UsrGrpAdminServlet extends AdminServlet { } // store the chain into cert db, except for the user cert for (j = jBegin; j < jEnd; j++) { - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN()))); - org.mozilla.jss.crypto.X509Certificate leafCert = - null; - - leafCert = - manager.importCACertPackage(p7certs[j].getEncoded()); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage( + "ADMIN_SRVLT_CERT_IN_CHAIN", String + .valueOf(j), String + .valueOf(p7certs[j] + .getSubjectDN()))); + org.mozilla.jss.crypto.X509Certificate leafCert = null; + + leafCert = manager.importCACertPackage(p7certs[j] + .getEncoded()); if (leafCert == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NULL")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NULL")); } else { - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL")); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL")); } if (leafCert instanceof InternalCertificate) { - ((InternalCertificate) leafCert).setSSLTrust( - InternalCertificate.VALID_CA | - InternalCertificate.TRUSTED_CA | - InternalCertificate.TRUSTED_CLIENT_CA); + ((InternalCertificate) leafCert) + .setSSLTrust(InternalCertificate.VALID_CA + | InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_NOT_INTERNAL_CERT", String.valueOf(p7certs[j].getSubjectDN()))); } } /* - } catch (CryptoManager.UserCertConflictException ex) { - // got a "user cert" in the chain, most likely the CA - // cert of this instance, which has a private key. Ignore - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", ex.toString())); - */ + * } catch (CryptoManager.UserCertConflictException ex) { // + * got a "user cert" in the chain, most likely the CA // + * cert of this instance, which has a private key. Ignore + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", + * ex.toString())); + */ } catch (Exception ex) { - //----- - log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", ex.toString())); + // ----- + log(ILogger.LL_FAILURE, + CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", + ex.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp); return; } } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_O_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("USRGRP_SRVLT_CERT_O_ERROR", + e.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp); return; } try { - CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_BEFORE_VALIDITY")); + CMS.debug("UsrGrpAdminServlet: " + + CMS.getLogMessage("ADMIN_SRVLT_BEFORE_VALIDITY")); certs[0].checkValidity(); // throw exception if fails user.setX509Certificates(certs); @@ -1241,10 +1216,8 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1252,55 +1225,50 @@ public class UsrGrpAdminServlet extends AdminServlet { return; } catch (CertificateExpiredException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_ADD_CERT_EXPIRED", String.valueOf(certs[0].getSubjectDN()))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp); return; } catch (CertificateNotYetValidException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "USRGRP_SRVLT_CERT_NOT_YET_VALID", String.valueOf(certs[0].getSubjectDN()))); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp); return; } catch (LDAPException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - if (e.getLDAPResultCode() == - LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); + if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp); } else { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_MOD_FAILED"), null, resp); } return; } catch (Exception e) { @@ -1308,82 +1276,78 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Removes a certificate for a user * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * In this method, "certDN" is actually a combination of version, - * serialNumber, issuerDN, and SubjectDN. + * serialNumber, issuerDN, and SubjectDN. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void modifyUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1394,20 +1358,18 @@ public class UsrGrpAdminServlet extends AdminServlet { String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1420,10 +1382,8 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1438,10 +1398,8 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1452,81 +1410,76 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } // } catch( EBaseException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit1; + // // rethrow the specific exception to be handled later + // throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** - * removes a user. user not removed if belongs to any group - * (Administrators should remove the user from "uniquemember" of - * any group he/she belongs to before trying to remove the user - * itself. + * removes a user. user not removed if belongs to any group (Administrators + * should remove the user from "uniquemember" of any group he/she belongs to + * before trying to remove the user itself. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void removeUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1534,7 +1487,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); boolean mustDelete = false; int index = 0; @@ -1545,20 +1498,18 @@ public class UsrGrpAdminServlet extends AdminServlet { } if (id == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } // get list of groups, and see if uid belongs to any @@ -1571,14 +1522,13 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_INTERNAL_ERROR"), null, resp); return; } @@ -1591,16 +1541,14 @@ public class UsrGrpAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), null, resp); return; } } @@ -1613,10 +1561,8 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1625,24 +1571,19 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception ex) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1650,53 +1591,51 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * Adds a new group in local scope. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void addGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void addGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1704,32 +1643,28 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } IGroup group = mMgr.createGroup(id); - String members = super.getParameter(req, - Constants.PR_GROUP_USER); - String desc = super.getParameter(req, - Constants.PR_GROUP_DESC); + String members = super.getParameter(req, Constants.PR_GROUP_USER); + String desc = super.getParameter(req, Constants.PR_GROUP_DESC); if (desc != null) { group.set("description", (Object) desc); @@ -1752,10 +1687,8 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -1764,25 +1697,19 @@ public class UsrGrpAdminServlet extends AdminServlet { } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_GROUP_ADD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1790,53 +1717,51 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * removes a group * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void removeGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void removeGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1844,24 +1769,22 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -1870,22 +1793,16 @@ public class UsrGrpAdminServlet extends AdminServlet { NameValuePairs params = new NameValuePairs(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); sendResponse(SUCCESS, null, params, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -1893,56 +1810,54 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } /** * modifies a group * <P> - * - * last person of the super power group "Certificate - * Server Administrators" can never be removed. + * + * last person of the super power group "Certificate Server Administrators" + * can never be removed. * <P> - * - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#group + * + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#group * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyGroup(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void modifyGroup(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1950,31 +1865,28 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } IGroup group = mMgr.createGroup(id); - String desc = super.getParameter(req, - Constants.PR_GROUP_DESC); + String desc = super.getParameter(req, Constants.PR_GROUP_DESC); if (desc != null) { group.set("description", (Object) desc); @@ -1997,20 +1909,20 @@ public class UsrGrpAdminServlet extends AdminServlet { if (multiRole) { group.addMemberName(memberName); } else { - if( isGroupInMultiRoleEnforceList(groupName)) { + if (isGroupInMultiRoleEnforceList(groupName)) { if (!isDuplicate(groupName, memberName)) { group.addMemberName(memberName); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberName)); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_DUPLICATE_ROLES", memberName)); } } else { group.addMemberName(memberName); @@ -2027,10 +1939,8 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -2040,25 +1950,19 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_GROUP_MODIFY_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2066,61 +1970,58 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } - private boolean isGroupInMultiRoleEnforceList(String groupName) - { + private boolean isGroupInMultiRoleEnforceList(String groupName) { String groupList = null; if (groupName == null || groupName.equals("")) { return true; } if (mMultiRoleGroupEnforceList == null) { - try { - groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); - } catch (Exception e) { - } - - if (groupList != null && !groupList.equals("")) { - mMultiRoleGroupEnforceList = groupList.split(","); - for (int j = 0 ; j < mMultiRoleGroupEnforceList.length; j++) { - mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim(); - } - } - } - - if (mMultiRoleGroupEnforceList == null) - return true; - - for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { - if (groupName.equals(mMultiRoleGroupEnforceList[i])) { - return true; - } - } - return false; + try { + groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); + } catch (Exception e) { + } + + if (groupList != null && !groupList.equals("")) { + mMultiRoleGroupEnforceList = groupList.split(","); + for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) { + mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j] + .trim(); + } + } + } + + if (mMultiRoleGroupEnforceList == null) + return true; + + for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) { + if (groupName.equals(mMultiRoleGroupEnforceList[i])) { + return true; + } + } + return false; } private boolean isDuplicate(String groupName, String memberName) { @@ -2129,7 +2030,7 @@ public class UsrGrpAdminServlet extends AdminServlet { // Let's not mess with users that are already a member of this group boolean isMember = false; try { - isMember = mMgr.isMemberOf(memberName,groupName); + isMember = mMgr.isMemberOf(memberName, groupName); } catch (Exception e) { } @@ -2163,25 +2064,26 @@ public class UsrGrpAdminServlet extends AdminServlet { /** * Modifies an existing user in local scope. * <P> - * + * * Request/Response Syntax: - * http://warp.mcom.com/server/certificate/columbo/design/ - * ui/admin-protocol-definition.html#user-admin + * http://warp.mcom.com/server/certificate/columbo/design/ + * ui/admin-protocol-definition.html#user-admin * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring * role information (anything under users/groups) * </ul> + * * @param req HTTP servlet request * @param resp HTTP servlet response * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException an error has occurred */ - private synchronized void modifyUser(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private synchronized void modifyUser(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2189,24 +2091,22 @@ public class UsrGrpAdminServlet extends AdminServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - //get id first + // get id first String id = super.getParameter(req, Constants.RS_ID); if (id == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp); return; } @@ -2214,17 +2114,15 @@ public class UsrGrpAdminServlet extends AdminServlet { String fname = super.getParameter(req, Constants.PR_USER_FULLNAME); if ((fname == null) || (fname.length() == 0)) { - String msg = - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name"); + String msg = CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_MOD_FAILED", "full name"); log(ILogger.LL_FAILURE, msg); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2246,16 +2144,14 @@ public class UsrGrpAdminServlet extends AdminServlet { if (!passwdCheck.isGoodPassword(pword)) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); throw new EUsrGrpException(passwdCheck.getReason(pword)); - //UsrGrpResources.BAD_PASSWD); + // UsrGrpResources.BAD_PASSWD); } user.setPassword(pword); @@ -2277,10 +2173,8 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -2291,24 +2185,19 @@ public class UsrGrpAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_USRGRP_USER_MOD_FAILED"), null, resp); return; } } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2316,35 +2205,32 @@ public class UsrGrpAdminServlet extends AdminServlet { throw eAudit1; } catch (IOException eAudit2) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit3; + // // rethrow the specific exception to be handled later + // throw eAudit3; } } private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, - level, "UsrGrpAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, level, + "UsrGrpAdminServlet: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index f5f06bec..55b1449a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -99,10 +99,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cms.servlet.common.Utils; import com.netscape.cmsutil.xml.XMLObject; - /** * This is the base class of all CS servlet. - * + * * @version $Revision$, $Date$ */ public abstract class CMSServlet extends HttpServlet { @@ -127,76 +126,49 @@ public abstract class CMSServlet extends HttpServlet { public final static String AUTHZ_CONFIG_STORE = "authz"; public final static String AUTHZ_SRC_XML = "web.xml"; public final static String PROP_AUTHZ_MGR = "AuthzMgr"; - public final static String PROP_ACL = "ACLinfo"; + public final static String PROP_ACL = "ACLinfo"; public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; private final static String FAILED = "1"; private final static String HDR_LANG = "accept-language"; - - // final error message - if error and exception templates don't work + + // final error message - if error and exception templates don't work // send out this text string directly to output. public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg"; public final static String ERROR_MSG_TOKEN = "$ERROR_MSG"; - public final static String FINAL_ERROR_MSG = - "<HTML>\n" + - "<BODY BGCOLOR=white>\n" + - "<P>\n" + - "The Certificate System has encountered " + - "an unrecoverable error.\n" + - "<P>\n" + - "Error Message:<BR>\n" + - "<I>$ERROR_MSG</I>\n" + - "<P>\n" + - "Please contact your local administrator for assistance.\n" + - "</BODY>\n" + - "</HTML>\n"; + public final static String FINAL_ERROR_MSG = "<HTML>\n" + + "<BODY BGCOLOR=white>\n" + "<P>\n" + + "The Certificate System has encountered " + + "an unrecoverable error.\n" + "<P>\n" + "Error Message:<BR>\n" + + "<I>$ERROR_MSG</I>\n" + "<P>\n" + + "Please contact your local administrator for assistance.\n" + + "</BODY>\n" + "</HTML>\n"; // properties from configuration. - protected final static String - PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; - protected final static String - UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; - protected final static String - PROP_SUCCESS_TEMPLATE = "successTemplate"; - protected final static String - SUCCESS_TEMPLATE = "/GenSuccess.template"; - protected final static String - PROP_PENDING_TEMPLATE = "pendingTemplate"; - protected final static String - PENDING_TEMPLATE = "/GenPending.template"; - protected final static String - PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; - protected final static String - SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; - protected final static String - PROP_REJECTED_TEMPLATE = "rejectedTemplate"; - protected final static String - REJECTED_TEMPLATE = "/GenRejected.template"; - protected final static String - PROP_ERROR_TEMPLATE = "errorTemplate"; - protected final static String - ERROR_TEMPLATE = "/GenError.template"; - protected final static String - PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; - protected final static String - EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; - - private final static String - PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; - protected final static String - PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; - private final static String - PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; - private final static String - PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; - private final static String - PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; - private final static String - PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; - private final static String - PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; + protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate"; + protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template"; + protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate"; + protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template"; + protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate"; + protected final static String PENDING_TEMPLATE = "/GenPending.template"; + protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate"; + protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template"; + protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate"; + protected final static String REJECTED_TEMPLATE = "/GenRejected.template"; + protected final static String PROP_ERROR_TEMPLATE = "errorTemplate"; + protected final static String ERROR_TEMPLATE = "/GenError.template"; + protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; + protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template"; + + private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; + protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; + private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; + private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; + private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; + private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; + private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; protected final static String RA_AGENT_GROUP = "Registration Manager Agents"; protected final static String CA_AGENT_GROUP = "Certificate Manager Agents"; @@ -206,25 +178,19 @@ public abstract class CMSServlet extends HttpServlet { protected final static String ADMIN_GROUP = "Administrators"; // default http params NOT to save in request.(config values added to list ) - private static final String - PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; - private static final String[] - DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", - "challengePassword", "confirmChallengePassword" }; + private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams"; + private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password", + "passwd", "challengePassword", "confirmChallengePassword" }; // default http headers to save in request. (config values added to list) - private static final String - PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; - private static final String[] - SAVE_HTTP_HEADERS = { "accept-language", "user-agent", }; + private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders"; + private static final String[] SAVE_HTTP_HEADERS = { "accept-language", + "user-agent", }; // request prefixes to distinguish from other request attributes. - public static final String - PFX_HTTP_HEADER = "HTTP_HEADER"; - public static final String - PFX_HTTP_PARAM = "HTTP_PARAM"; - public static final String - PFX_AUTH_TOKEN = "AUTH_TOKEN"; + public static final String PFX_HTTP_HEADER = "HTTP_HEADER"; + public static final String PFX_HTTP_PARAM = "HTTP_PARAM"; + public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN"; /* input http params */ protected final static String AUTHMGR_PARAM = "authenticator"; @@ -232,10 +198,9 @@ public abstract class CMSServlet extends HttpServlet { /* fixed credential passed to auth managers */ protected final static String CERT_AUTH_CRED = "sslClientCert"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = "javax.servlet.request.X509Certificate"; - // members. + // members. protected boolean mRenderResult = true; protected String mFinalErrorMsg = FINAL_ERROR_MSG; @@ -243,7 +208,7 @@ public abstract class CMSServlet extends HttpServlet { protected ServletConfig mServletConfig = null; protected ServletContext mServletContext = null; - private CMSFileLoader mFileLoader = null; + private CMSFileLoader mFileLoader = null; protected Vector mDontSaveHttpParams = new Vector(); protected Vector mSaveHttpHeaders = new Vector(); @@ -251,14 +216,14 @@ public abstract class CMSServlet extends HttpServlet { protected String mId = null; protected IConfigStore mConfig = null; - // the authority, RA, CA, KRA this servlet is serving. + // the authority, RA, CA, KRA this servlet is serving. protected IAuthority mAuthority = null; protected IRequestQueue mRequestQueue = null; // system logger. protected ILogger mLogger = CMS.getLogger(); protected int mLogCategory = ILogger.S_OTHER; - private MessageDigest mSHADigest = null; + private MessageDigest mSHADigest = null; protected String mGetClientCert = "false"; protected String mAuthMgr = null; @@ -269,19 +234,14 @@ public abstract class CMSServlet extends HttpServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); protected String mOutputTemplatePath = null; - private IUGSubsystem mUG = (IUGSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_UG); - - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = - "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private IUGSubsystem mUG = (IUGSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_UG); + + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public CMSServlet() { } @@ -323,38 +283,36 @@ public abstract class CMSServlet extends HttpServlet { String authority = sc.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) - CMS.getSubsystem(authority); + mAuthority = (IAuthority) CMS.getSubsystem(authority); if (mAuthority != null) mRequestQueue = mAuthority.getRequestQueue(); - // set default templates. + // set default templates. setDefaultTemplates(sc); // for logging to the right authority category. if (mAuthority == null) { mLogCategory = ILogger.S_OTHER; } else { - if (mAuthority instanceof ICertificateAuthority) + if (mAuthority instanceof ICertificateAuthority) mLogCategory = ILogger.S_CA; - else if (mAuthority instanceof IRegistrationAuthority) + else if (mAuthority instanceof IRegistrationAuthority) mLogCategory = ILogger.S_RA; - else if (mAuthority instanceof IKeyRecoveryAuthority) + else if (mAuthority instanceof IKeyRecoveryAuthority) mLogCategory = ILogger.S_KRA; - else + else mLogCategory = ILogger.S_OTHER; } try { - // get final error message. + // get final error message. // used when templates can't even be loaded. - String eMsg = - sc.getInitParameter(PROP_FINAL_ERROR_MSG); + String eMsg = sc.getInitParameter(PROP_FINAL_ERROR_MSG); if (eMsg != null) mFinalErrorMsg = eMsg; - // get any configured templates. + // get any configured templates. Enumeration templs = mTemplates.elements(); while (templs.hasMoreElements()) { @@ -363,13 +321,11 @@ public abstract class CMSServlet extends HttpServlet { if (templ == null || templ.mPropName == null) { continue; } - String tName = - sc.getInitParameter(templ.mPropName); + String tName = sc.getInitParameter(templ.mPropName); if (tName != null) templ.mTemplateName = tName; - String fillerName = - sc.getInitParameter(templ.mFillerPropName); + String fillerName = sc.getInitParameter(templ.mFillerPropName); if (fillerName != null) { ICMSTemplateFiller filler = newFillerObject(fillerName); @@ -379,32 +335,32 @@ public abstract class CMSServlet extends HttpServlet { } } - // get http params NOT to store in a IRequest and - // get http headers TO store in a IRequest. + // get http params NOT to store in a IRequest and + // get http headers TO store in a IRequest. getDontSaveHttpParams(sc); getSaveHttpHeaders(sc); } catch (Exception e) { - // should never occur since we provide defaults above. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + // should never occur since we provide defaults above. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } try { mSHADigest = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS", + e.toString())); throw new ServletException(e.toString()); } } - + public String getId() { return mId; } - + public String getAuthMgr() { return mAuthMgr; } @@ -416,56 +372,51 @@ public abstract class CMSServlet extends HttpServlet { return false; } - public void outputHttpParameters(HttpServletRequest httpReq) - { - CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); + public void outputHttpParameters(HttpServletRequest httpReq) { + CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.startsWith("p12Password") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("CMSServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || pn.endsWith("password") + || pn.endsWith("passwd") || pn.endsWith("pwd") + || pn.equalsIgnoreCase("admin_password_again") + || pn.equalsIgnoreCase("directoryManagerPwd") + || pn.equalsIgnoreCase("bindpassword") + || pn.equalsIgnoreCase("bindpwd") + || pn.equalsIgnoreCase("passwd") + || pn.equalsIgnoreCase("password") + || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") + || pn.equalsIgnoreCase("pwdagain") + || pn.startsWith("p12Password") + || pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("CMSServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - public void service(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException, IOException { + public void service(HttpServletRequest httpReq, HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException( - "CS server is not ready to serve."); + throw new IOException("CS server is not ready to serve."); try { if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { String currentName = Thread.currentThread().getName(); - Thread.currentThread().setName(currentName + "-" + httpReq.getServletPath()); + Thread.currentThread().setName( + currentName + "-" + httpReq.getServletPath()); } } catch (Exception e) { } @@ -473,16 +424,17 @@ public abstract class CMSServlet extends HttpServlet { httpReq.setCharacterEncoding("UTF-8"); if (CMS.debugOn()) { - outputHttpParameters(httpReq); + outputHttpParameters(httpReq); } CMS.debug("CMSServlet: " + mId + " start to service."); String className = this.getClass().getName(); - // get a cms request + // get a cms request CMSRequest cmsRequest = newCMSRequest(); - // set argblock - cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",toHashtable(httpReq))); + // set argblock + cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params", + toHashtable(httpReq))); // set http request cmsRequest.setHttpReq(httpReq); @@ -511,30 +463,36 @@ public abstract class CMSServlet extends HttpServlet { ICommandQueue iCommandQueue = CMS.getCommandQueue(); try { - if (iCommandQueue.registerProcess((Object) cmsRequest, (Object) this) == false) { + if (iCommandQueue.registerProcess((Object) cmsRequest, + (Object) this) == false) { cmsRequest.setStatus(CMSRequest.ERROR); renderResult(cmsRequest); SessionContext.releaseContext(); return; - } + } long startTime = CMS.getCurrentDate().getTime(); process(cmsRequest); renderResult(cmsRequest); Date endDate = CMS.getCurrentDate(); long endTime = endDate.getTime(); if (CMS.debugOn()) { - CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime)); + CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + + " id=" + mId + " time=" + (endTime - startTime)); } - iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); + iCommandQueue + .unRegisterProccess((Object) cmsRequest, (Object) this); } catch (EBaseException e) { - iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); - // ByteArrayOutputStream os = new ByteArrayOutputStream(); for debugging only + iCommandQueue + .unRegisterProccess((Object) cmsRequest, (Object) this); + // ByteArrayOutputStream os = new ByteArrayOutputStream(); for + // debugging only // PrintStream ps = new PrintStream(os); - //e.printStackTrace(ps); + // e.printStackTrace(ps); log(e.toString()); renderException(cmsRequest, e); } catch (Exception ex) { - iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this); + iCommandQueue + .unRegisterProccess((Object) cmsRequest, (Object) this); ByteArrayOutputStream os = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(os); @@ -551,39 +509,36 @@ public abstract class CMSServlet extends HttpServlet { /** * Create a new CMSRequest object. This should be overriden by servlets - * implementing different types of request - * @return a new CMSRequest object + * implementing different types of request + * + * @return a new CMSRequest object */ protected CMSRequest newCMSRequest() { return new CMSRequest(); } /** - * process an HTTP request. Servlets must override this with their - * own implementation - * @throws EBaseException if the servlet was unable to satisfactorily - * process the request + * process an HTTP request. Servlets must override this with their own + * implementation + * + * @throws EBaseException if the servlet was unable to satisfactorily + * process the request */ - protected void process(CMSRequest cmsRequest) - throws EBaseException - { + protected void process(CMSRequest cmsRequest) throws EBaseException { } - /** - * Output a template. - * If an error occurs while outputing the template the exception template - * is used to display the error. + * Output a template. If an error occurs while outputing the template the + * exception template is used to display the error. * * @param cmsReq the CS request */ - protected void renderResult(CMSRequest cmsReq) - throws IOException { + protected void renderResult(CMSRequest cmsReq) throws IOException { if (!mRenderResult) return; Integer status = cmsReq.getStatus(); - + CMSLoadTemplate ltempl = (CMSLoadTemplate) mTemplates.get(status); if (ltempl == null || ltempl.mTemplateName == null) { @@ -594,13 +549,12 @@ public abstract class CMSServlet extends HttpServlet { renderTemplate(cmsReq, ltempl.mTemplateName, filler); } - + private static final String PRESERVED = "preserved"; public static final String TEMPLATE_NAME = "templateName"; - + protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent, - String argBlockName, IArgBlock argBlock) - { + String argBlockName, IArgBlock argBlock) { Node argBlockContainer = xmlObj.createContainer(parent, argBlockName); if (argBlock != null) { @@ -614,15 +568,15 @@ public abstract class CMSServlet extends HttpServlet { } } - protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) - { + protected void outputXML(HttpServletResponse httpResp, + CMSTemplateParams params) { XMLObject xmlObj = null; try { xmlObj = new XMLObject(); Node root = xmlObj.createRoot("xml"); outputArgBlockAsXML(xmlObj, root, "header", params.getHeader()); - outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); + outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed()); Enumeration records = params.queryRecords(); Node recordsNode = xmlObj.createContainer(root, "records"); @@ -644,20 +598,19 @@ public abstract class CMSServlet extends HttpServlet { } } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException { + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException { try { IArgBlock httpParams = cmsReq.getHttpParams(); Locale[] locale = new Locale[1]; - CMSTemplate template = - getTemplate(templateName, cmsReq.getHttpReq(), locale); + CMSTemplate template = getTemplate(templateName, + cmsReq.getHttpReq(), locale); CMSTemplateParams templateParams = null; if (filler != null) { - templateParams = filler.getTemplateParams( - cmsReq, mAuthority, locale[0], null); + templateParams = filler.getTemplateParams(cmsReq, mAuthority, + locale[0], null); } // just output arg blocks as XML @@ -670,8 +623,7 @@ public abstract class CMSServlet extends HttpServlet { } if (httpParams != null) { - String httpTemplateName = - httpParams.getValueAsString( + String httpTemplateName = httpParams.getValueAsString( TEMPLATE_NAME, null); if (httpTemplateName != null) { @@ -679,14 +631,13 @@ public abstract class CMSServlet extends HttpServlet { } } - if (templateParams == null) + if (templateParams == null) templateParams = new CMSTemplateParams(null, null); - // #359630 - // inject preserved http parameter into the template + // #359630 + // inject preserved http parameter into the template if (httpParams != null) { - String preserved = httpParams.getValueAsString( - PRESERVED, null); + String preserved = httpParams.getValueAsString(PRESERVED, null); if (preserved != null) { IArgBlock fixed = templateParams.getFixed(); @@ -704,52 +655,56 @@ public abstract class CMSServlet extends HttpServlet { cmsReq.getHttpResp().setContentLength(bos.size()); bos.writeTo(cmsReq.getHttpResp().getOutputStream()); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString())); - renderException(cmsReq, - new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, + e.toString())); + renderException( + cmsReq, + new ECMSGWException(CMS + .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); return; } } /** - * Output exception (unexpected error) template - * This is different from other templates in that if an exception occurs - * while rendering the exception a message is printed out directly. - * If the message gets an error an IOException is thrown. - * In others if an exception occurs while rendering the template the - * exception template (this) is called. + * Output exception (unexpected error) template This is different from other + * templates in that if an exception occurs while rendering the exception a + * message is printed out directly. If the message gets an error an + * IOException is thrown. In others if an exception occurs while rendering + * the template the exception template (this) is called. * <p> + * * @param cmsReq the CS request to pass to template filler if any. * @param e the unexpected exception */ - protected void renderException(CMSRequest cmsReq, EBaseException e) - throws IOException { + protected void renderException(CMSRequest cmsReq, EBaseException e) + throws IOException { try { Locale[] locale = new Locale[1]; - CMSLoadTemplate loadTempl = - (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION); - CMSTemplate template = getTemplate(loadTempl.mTemplateName, + CMSLoadTemplate loadTempl = (CMSLoadTemplate) mTemplates + .get(CMSRequest.EXCEPTION); + CMSTemplate template = getTemplate(loadTempl.mTemplateName, cmsReq.getHttpReq(), locale); ICMSTemplateFiller filler = loadTempl.mFiller; CMSTemplateParams templateParams = null; // When an exception occurs the exit is non-local which probably // will leave the requestStatus value set to something other - // than CMSRequest.EXCEPTION, so force the requestStatus to - // EXCEPTION since it must be that if we're here. + // than CMSRequest.EXCEPTION, so force the requestStatus to + // EXCEPTION since it must be that if we're here. cmsReq.setStatus(CMSRequest.EXCEPTION); if (filler != null) { - templateParams = filler.getTemplateParams( - cmsReq, mAuthority, locale[0], e); + templateParams = filler.getTemplateParams(cmsReq, mAuthority, + locale[0], e); } if (templateParams == null) { - templateParams = new CMSTemplateParams(null, CMS.createArgBlock()); + templateParams = new CMSTemplateParams(null, + CMS.createArgBlock()); } if (e != null) { - templateParams.getFixed().set( - ICMSTemplateFiller.EXCEPTION, e.toString(locale[0])); + templateParams.getFixed().set(ICMSTemplateFiller.EXCEPTION, + e.toString(locale[0])); } // just output arg blocks as XML @@ -772,25 +727,24 @@ public abstract class CMSServlet extends HttpServlet { } } - public void renderFinalError(CMSRequest cmsReq, Exception ex) - throws IOException { - // this template is the last resort for all other unexpected - // errors in other templates so we can only output text. + public void renderFinalError(CMSRequest cmsReq, Exception ex) + throws IOException { + // this template is the last resort for all other unexpected + // errors in other templates so we can only output text. HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); ServletOutputStream out = httpResp.getOutputStream(); - - // replace $ERRORMSG with exception message if included. + + // replace $ERRORMSG with exception message if included. String finalErrMsg = mFinalErrorMsg; int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN); if (tokenIdx != -1) { - finalErrMsg = - mFinalErrorMsg.substring(0, tokenIdx) + - ex.toString() + - mFinalErrorMsg.substring( - tokenIdx + ERROR_MSG_TOKEN.length()); + finalErrMsg = mFinalErrorMsg.substring(0, tokenIdx) + + ex.toString() + + mFinalErrorMsg.substring(tokenIdx + + ERROR_MSG_TOKEN.length()); } out.println(finalErrMsg); return; @@ -803,31 +757,23 @@ public abstract class CMSServlet extends HttpServlet { SSLSocket s = null; /* - try { - s = (SSLSocket) ((HTTPRequest) httpReq).getConnection().getSocket(); - } catch (ClassCastException e) { - CMS.getLogger().log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); - // ignore. - return; - } - try { - s.invalidateSession(); - s.resetHandshake(); - }catch (SocketException se) { - } + * try { s = (SSLSocket) ((HTTPRequest) + * httpReq).getConnection().getSocket(); } catch (ClassCastException e) + * { CMS.getLogger().log( ILogger.EV_SYSTEM, ILogger.S_OTHER, + * ILogger.LL_WARN, CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); // + * ignore. return; } try { s.invalidateSession(); s.resetHandshake(); + * }catch (SocketException se) { } */ return; } /** - * construct a authentication credentials to pass into authentication + * construct a authentication credentials to pass into authentication * manager. */ - public static AuthCredentials getAuthCreds( - IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + public static AuthCredentials getAuthCreds(IAuthManager authMgr, + IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); @@ -837,8 +783,7 @@ public abstract class CMSServlet extends HttpServlet { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert }); } else { String value = argBlock.getValueAsString(reqCred); @@ -854,32 +799,33 @@ public abstract class CMSServlet extends HttpServlet { /** * get ssl client authenticated certificate */ - protected X509Certificate - getSSLClientCertificate(HttpServletRequest httpReq) - throws EBaseException { + protected X509Certificate getSSLClientCertificate(HttpServletRequest httpReq) + throws EBaseException { X509Certificate cert = null; - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, - CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, + CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT")); - // iws60 support Java Servlet Spec V2.2, attribute + // iws60 support Java Servlet Spec V2.2, attribute // javax.servlet.request.X509Certificate now contains array // of X509Certificates instead of one X509Certificate object - X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); + X509Certificate[] allCerts = (X509Certificate[]) httpReq + .getAttribute(CERT_ATTR); if (allCerts == null || allCerts.length == 0) { - throw new EBaseException("You did not provide a valid certificate for this operation"); + throw new EBaseException( + "You did not provide a valid certificate for this operation"); } cert = allCerts[0]; if (cert == null) { // just don't have a cert. - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL")); return null; - } + } // convert to sun's x509 cert interface. try { @@ -888,53 +834,58 @@ public abstract class CMSServlet extends HttpServlet { cert = new X509CertImpl(certEncoded); } catch (CertificateEncodingException e) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage())); + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", + e.getMessage())); return null; } catch (CertificateException e) { mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage())); + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", + e.getMessage())); return null; } - return cert; + return cert; } /** * get a template based on result status. */ - protected CMSTemplate getTemplate( - String templateName, HttpServletRequest httpReq, Locale[] locale) - throws EBaseException, IOException { + protected CMSTemplate getTemplate(String templateName, + HttpServletRequest httpReq, Locale[] locale) throws EBaseException, + IOException { // this converts to system dependent file seperator char. if (mServletConfig == null) { - CMS.debug( "CMSServlet:getTemplate() - mServletConfig is null!" ); + CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!"); return null; } if (mServletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = - mServletConfig.getServletContext().getRealPath("/" + templateName); + String realpath = mServletConfig.getServletContext().getRealPath( + "/" + templateName); if (realpath == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName)); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } File realpathFile = new File(realpath); - File templateFile = - getLangFile(httpReq, realpathFile, locale); + File templateFile = getLangFile(httpReq, realpathFile, locale); String charSet = httpReq.getCharacterEncoding(); if (charSet == null) { charSet = "UTF8"; } - CMSTemplate template = - (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet); + CMSTemplate template = (CMSTemplate) mFileLoader.getCMSFile( + templateFile, charSet); return template; } @@ -943,13 +894,12 @@ public abstract class CMSServlet extends HttpServlet { * log according to authority category. */ protected void log(int event, int level, String msg) { - mLogger.log(event, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(event, mLogCategory, level, "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, "Servlet " + mId + + ": " + msg); } /** @@ -962,11 +912,10 @@ public abstract class CMSServlet extends HttpServlet { for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) { mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]); } - dontSaveParams = sc.getInitParameter( - PROP_DONT_SAVE_HTTP_PARAMS); + dontSaveParams = sc.getInitParameter(PROP_DONT_SAVE_HTTP_PARAMS); if (dontSaveParams != null) { - StringTokenizer params = - new StringTokenizer(dontSaveParams, ","); + StringTokenizer params = new StringTokenizer(dontSaveParams, + ","); while (params.hasMoreTokens()) { String param = params.nextToken(); @@ -976,8 +925,8 @@ public abstract class CMSServlet extends HttpServlet { } } catch (Exception e) { // should never happen - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); + log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", + PROP_DONT_SAVE_HTTP_PARAMS, e.toString())); // default just in case. for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) { mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]); @@ -997,12 +946,10 @@ public abstract class CMSServlet extends HttpServlet { } // now get from config file if there's more. - String saveHeaders = - sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); + String saveHeaders = sc.getInitParameter(PROP_SAVE_HTTP_HEADERS); - if (saveHeaders != null) { - StringTokenizer headers = - new StringTokenizer(saveHeaders, ","); + if (saveHeaders != null) { + StringTokenizer headers = new StringTokenizer(saveHeaders, ","); while (headers.hasMoreTokens()) { String hdr = headers.nextToken(); @@ -1012,7 +959,8 @@ public abstract class CMSServlet extends HttpServlet { } } catch (Exception e) { // should never happen - log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_SAVE_HTTP_HEADERS, e.toString())); + log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", + PROP_SAVE_HTTP_HEADERS, e.toString())); return; } } @@ -1020,9 +968,8 @@ public abstract class CMSServlet extends HttpServlet { /** * save http headers in a IRequest. */ - protected void saveHttpHeaders( - HttpServletRequest httpReq, IRequest req) - throws EBaseException { + protected void saveHttpHeaders(HttpServletRequest httpReq, IRequest req) + throws EBaseException { Hashtable headers = new Hashtable(); Enumeration hdrs = mSaveHttpHeaders.elements(); @@ -1040,8 +987,7 @@ public abstract class CMSServlet extends HttpServlet { /** * save http headers in a IRequest. */ - protected void saveHttpParams( - IArgBlock httpParams, IRequest req) { + protected void saveHttpParams(IArgBlock httpParams, IRequest req) { Hashtable saveParams = new Hashtable(); Enumeration names = httpParams.elements(); @@ -1075,17 +1021,18 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting a cert record given a serial number. */ protected ICertRecord getCertRecord(BigInteger serialNo) { - if (mAuthority == null || - !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); + if (mAuthority == null + || !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NON_CERT_AUTH")); return null; } - ICertificateRepository certdb = - (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); + ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); if (certdb == null) { - log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_CERT_DB_NULL", + mAuthority.toString())); return null; } ICertRecord certRecord = null; @@ -1093,16 +1040,17 @@ public abstract class CMSServlet extends HttpServlet { try { certRecord = certdb.readCertificateRecord(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", + serialNo.toString(16), e.toString())); return null; } return certRecord; } /** - * handy routine for validating if a cert is from this CA. - * mAuthority must be a CA. + * handy routine for validating if a cert is from this CA. mAuthority must + * be a CA. */ protected boolean isCertFromCA(X509Certificate cert) { BigInteger serialno = cert.getSerialNumber(); @@ -1114,8 +1062,8 @@ public abstract class CMSServlet extends HttpServlet { } /** - * handy routine for checking if a list of certs is from this CA. - * mAuthortiy must be a CA. + * handy routine for checking if a list of certs is from this CA. mAuthortiy + * must be a CA. */ protected boolean areCertsFromCA(X509Certificate[] certs) { for (int i = certs.length - 1; i >= 0; i--) { @@ -1126,21 +1074,22 @@ public abstract class CMSServlet extends HttpServlet { } /** - * handy routine for getting a certificate from the certificate - * repository. mAuthority must be a CA. + * handy routine for getting a certificate from the certificate repository. + * mAuthority must be a CA. */ protected X509Certificate getX509Certificate(BigInteger serialNo) { - if (mAuthority == null || - !(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); + if (mAuthority == null + || !(mAuthority instanceof ICertificateAuthority)) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_CERT_AUTH")); return null; } - ICertificateRepository certdb = - (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository(); + ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); if (certdb == null) { - log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_CERT_DB_NULL", + mAuthority.toString())); return null; } X509Certificate cert = null; @@ -1148,29 +1097,31 @@ public abstract class CMSServlet extends HttpServlet { try { cert = certdb.getX509Certificate(serialNo); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CERT_REC", + serialNo.toString(16), e.toString())); return null; } return cert; } /** - * instantiate a new filler from a class name, + * instantiate a new filler from a class name, + * * @return null if can't be instantiated, new instance otherwise. */ protected ICMSTemplateFiller newFillerObject(String fillerClass) { ICMSTemplateFiller filler = null; try { - filler = (ICMSTemplateFiller) - Class.forName(fillerClass).newInstance(); + filler = (ICMSTemplateFiller) Class.forName(fillerClass) + .newInstance(); } catch (Exception e) { if ((e instanceof RuntimeException)) { throw (RuntimeException) e; } else { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); + log(ILogger.LL_WARN, CMS.getLogMessage( + "CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString())); return null; } } @@ -1178,18 +1129,17 @@ public abstract class CMSServlet extends HttpServlet { } /** - * set default templates. - * subclasses can override, and should override at least the success - * template + * set default templates. subclasses can override, and should override at + * least the success template */ protected void setDefaultTemplates(ServletConfig sc) { // Subclasses should override these for diff templates and params in - // their constructors. - // Set a template name to null to not use these standard ones. - // When template name is set to null nothing will be displayed. + // their constructors. + // Set a template name to null to not use these standard ones. + // When template name is set to null nothing will be displayed. // Servlet is assumed to have rendered its own output. - // The only exception is the unexpected error template where the - // default one will always be used if template name is null. + // The only exception is the unexpected error template where the + // default one will always be used if template name is null. String successTemplate = null; String errorTemplate = null; String unauthorizedTemplate = null; @@ -1205,110 +1155,94 @@ public abstract class CMSServlet extends HttpServlet { } try { - successTemplate = sc.getInitParameter( - PROP_SUCCESS_TEMPLATE); + successTemplate = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); if (successTemplate == null) { successTemplate = SUCCESS_TEMPLATE; if (gateway != null) - //successTemplate = "/"+gateway+successTemplate; - successTemplate = "/"+gateway+successTemplate; + // successTemplate = "/"+gateway+successTemplate; + successTemplate = "/" + gateway + successTemplate; } - errorTemplate = sc.getInitParameter( - PROP_ERROR_TEMPLATE); + errorTemplate = sc.getInitParameter(PROP_ERROR_TEMPLATE); if (errorTemplate == null) { errorTemplate = ERROR_TEMPLATE; - if (gateway != null) - //errorTemplate = "/"+gateway+errorTemplate; - errorTemplate = "/"+gateway+errorTemplate; + if (gateway != null) + // errorTemplate = "/"+gateway+errorTemplate; + errorTemplate = "/" + gateway + errorTemplate; } - unauthorizedTemplate = sc.getInitParameter( - PROP_UNAUTHORIZED_TEMPLATE); + unauthorizedTemplate = sc + .getInitParameter(PROP_UNAUTHORIZED_TEMPLATE); if (unauthorizedTemplate == null) { unauthorizedTemplate = UNAUTHORIZED_TEMPLATE; if (gateway != null) - //unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; - unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; + // unauthorizedTemplate = "/"+gateway+unauthorizedTemplate; + unauthorizedTemplate = "/" + gateway + unauthorizedTemplate; } - pendingTemplate = sc.getInitParameter( - PROP_PENDING_TEMPLATE); + pendingTemplate = sc.getInitParameter(PROP_PENDING_TEMPLATE); if (pendingTemplate == null) { pendingTemplate = PENDING_TEMPLATE; if (gateway != null) - //pendingTemplate = "/"+gateway+pendingTemplate; - pendingTemplate = "/"+gateway+pendingTemplate; + // pendingTemplate = "/"+gateway+pendingTemplate; + pendingTemplate = "/" + gateway + pendingTemplate; } - svcpendingTemplate = sc.getInitParameter( - PROP_SVC_PENDING_TEMPLATE); + svcpendingTemplate = sc.getInitParameter(PROP_SVC_PENDING_TEMPLATE); if (svcpendingTemplate == null) { svcpendingTemplate = SVC_PENDING_TEMPLATE; if (gateway != null) - //svcpendingTemplate = "/"+gateway+svcpendingTemplate; - svcpendingTemplate = "/"+gateway+svcpendingTemplate; + // svcpendingTemplate = "/"+gateway+svcpendingTemplate; + svcpendingTemplate = "/" + gateway + svcpendingTemplate; } - rejectedTemplate = sc.getInitParameter( - PROP_REJECTED_TEMPLATE); + rejectedTemplate = sc.getInitParameter(PROP_REJECTED_TEMPLATE); if (rejectedTemplate == null) { rejectedTemplate = REJECTED_TEMPLATE; if (gateway != null) - //rejectedTemplate = "/"+gateway+rejectedTemplate; - rejectedTemplate = "/"+gateway+rejectedTemplate; + // rejectedTemplate = "/"+gateway+rejectedTemplate; + rejectedTemplate = "/" + gateway + rejectedTemplate; } - unexpectedErrorTemplate = sc.getInitParameter( - PROP_EXCEPTION_TEMPLATE); + unexpectedErrorTemplate = sc + .getInitParameter(PROP_EXCEPTION_TEMPLATE); if (unexpectedErrorTemplate == null) { unexpectedErrorTemplate = EXCEPTION_TEMPLATE; if (gateway != null) - //unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; - unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate; + // unexpectedErrorTemplate = + // "/"+gateway+unexpectedErrorTemplate; + unexpectedErrorTemplate = "/" + gateway + + unexpectedErrorTemplate; } } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + // this should never happen. + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } - mTemplates.put( - CMSRequest.UNAUTHORIZED, - new CMSLoadTemplate( + mTemplates.put(CMSRequest.UNAUTHORIZED, new CMSLoadTemplate( PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER, - unauthorizedTemplate, null)); - mTemplates.put( - CMSRequest.SUCCESS, - new CMSLoadTemplate( + unauthorizedTemplate, null)); + mTemplates.put(CMSRequest.SUCCESS, new CMSLoadTemplate( PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, - successTemplate, new GenSuccessTemplateFiller())); - mTemplates.put( - CMSRequest.PENDING, - new CMSLoadTemplate( + successTemplate, new GenSuccessTemplateFiller())); + mTemplates.put(CMSRequest.PENDING, new CMSLoadTemplate( PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER, pendingTemplate, new GenPendingTemplateFiller())); - mTemplates.put( - CMSRequest.SVC_PENDING, - new CMSLoadTemplate( + mTemplates.put(CMSRequest.SVC_PENDING, new CMSLoadTemplate( PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER, svcpendingTemplate, new GenSvcPendingTemplateFiller())); - mTemplates.put( - CMSRequest.REJECTED, - new CMSLoadTemplate( + mTemplates.put(CMSRequest.REJECTED, new CMSLoadTemplate( PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER, rejectedTemplate, new GenRejectedTemplateFiller())); - mTemplates.put( - CMSRequest.ERROR, - new CMSLoadTemplate( - PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, - errorTemplate, new GenErrorTemplateFiller())); - mTemplates.put( - CMSRequest.EXCEPTION, - new CMSLoadTemplate( - PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER, - unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller())); + mTemplates.put(CMSRequest.ERROR, new CMSLoadTemplate( + PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, errorTemplate, + new GenErrorTemplateFiller())); + mTemplates.put(CMSRequest.EXCEPTION, + new CMSLoadTemplate(PROP_EXCEPTION_TEMPLATE, + PROP_EXCEPTION_TEMPLATE_FILLER, + unexpectedErrorTemplate, + new GenUnexpectedErrorTemplateFiller())); } /** @@ -1317,8 +1251,7 @@ public abstract class CMSServlet extends HttpServlet { public static boolean clientIsNav(HttpServletRequest httpReq) { String useragent = httpReq.getHeader("user-agent"); - if (useragent.startsWith("Mozilla") && - useragent.indexOf("MSIE") == -1) + if (useragent.startsWith("Mozilla") && useragent.indexOf("MSIE") == -1) return true; return false; } @@ -1339,40 +1272,36 @@ public abstract class CMSServlet extends HttpServlet { * set using cartman JS. (no other way to tell) */ private static String CMMF_RESPONSE = "cmmfResponse"; + public static boolean doCMMFResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false)) return true; - else + else return false; } private static final String IMPORT_CERT = "importCert"; private static final String IMPORT_CHAIN = "importCAChain"; private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType"; - // default mime type - private static final String - NS_X509_USER_CERT = "application/x-x509-user-cert"; - private static final String - NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; + // default mime type + private static final String NS_X509_USER_CERT = "application/x-x509-user-cert"; + private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert"; // CMC mime types - public static final String - SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; - public static final String - SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; - public static final String - FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; - public static final String - FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10"; + public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; + public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime"; + public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime"; /** * handy routine to check if client want full enrollment response */ public static String FULL_RESPONSE = "fullResponse"; + public static boolean doFullResponse(IArgBlock httpParams) { if (httpParams.getValueAsBoolean(FULL_RESPONSE, false)) return true; - else + else return false; } @@ -1380,24 +1309,22 @@ public abstract class CMSServlet extends HttpServlet { * @return false if import cert directly set to false. * @return true if import cert directly is true and import cert. */ - protected boolean checkImportCertToNav( - HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert) - throws EBaseException { + protected boolean checkImportCertToNav(HttpServletResponse httpResp, + IArgBlock httpParams, X509CertImpl cert) throws EBaseException { if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) { return false; } - boolean importCAChain = - httpParams.getValueAsBoolean(IMPORT_CHAIN, true); + boolean importCAChain = httpParams + .getValueAsBoolean(IMPORT_CHAIN, true); // XXX Temporary workaround because of problem with passing Mime type - boolean emailCert = - httpParams.getValueAsBoolean("emailCert", false); - String importMimeType = (emailCert) ? - httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : - httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); - - // String importMimeType = - // httpParams.getValueAsString( - // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); + boolean emailCert = httpParams.getValueAsBoolean("emailCert", false); + String importMimeType = (emailCert) ? httpParams.getValueAsString( + IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : httpParams + .getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); + + // String importMimeType = + // httpParams.getValueAsString( + // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT); importCertToNav(httpResp, cert, importMimeType, importCAChain); return true; } @@ -1405,18 +1332,16 @@ public abstract class CMSServlet extends HttpServlet { /** * handy routine to import cert to old navigator in nav mime type. */ - public void importCertToNav( - HttpServletResponse httpResp, X509CertImpl cert, - String contentType, boolean importCAChain) - throws EBaseException { + public void importCertToNav(HttpServletResponse httpResp, + X509CertImpl cert, String contentType, boolean importCAChain) + throws EBaseException { ServletOutputStream out = null; byte[] encoding = null; - CMS.debug("CMSServlet: importCertToNav " + - "contentType=" + contentType + " " + - "importCAChain=" + importCAChain); - try { - out = httpResp.getOutputStream(); + CMS.debug("CMSServlet: importCertToNav " + "contentType=" + contentType + + " " + "importCAChain=" + importCAChain); + try { + out = httpResp.getOutputStream(); // CA chain. if (importCAChain) { CertificateChain caChain = null; @@ -1426,9 +1351,8 @@ public abstract class CMSServlet extends HttpServlet { caChain = ((ICertAuthority) mAuthority).getCACertChain(); caCerts = caChain.getChain(); - // set user + CA cert chain in pkcs7 - X509CertImpl[] userChain = - new X509CertImpl[caCerts.length + 1]; + // set user + CA cert chain in pkcs7 + X509CertImpl[] userChain = new X509CertImpl[caCerts.length + 1]; userChain[0] = cert; int m = 1, n = 0; @@ -1437,14 +1361,13 @@ public abstract class CMSServlet extends HttpServlet { userChain[m] = (X509CertImpl) caCerts[n]; /* - System.out.println( - m+"th Cert "+userChain[m].toString()); + * System.out.println( + * m+"th Cert "+userChain[m].toString()); */ } p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - userChain, - new SignerInfo[0]); + new ContentInfo(new byte[0]), userChain, + new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos, false); @@ -1456,16 +1379,20 @@ public abstract class CMSServlet extends HttpServlet { } httpResp.setContentType(contentType); out.write(encoding); - } catch (IOException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); + } catch (IOException e) { + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT")); } catch (CertificateEncodingException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); + mLogger.log( + ILogger.EV_SYSTEM, + ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } @@ -1483,15 +1410,16 @@ public abstract class CMSServlet extends HttpServlet { String[] x1 = token.getInStringArray(n); if (x1 != null) { for (int i = 0; i < x1.length; i++) { - CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n + - "(" + i + ")=" + x1[i]); - req.setExtData(IRequest.AUTH_TOKEN + "-" + n + "(" + i + ")", - x1[i]); + CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n + + "(" + i + ")=" + x1[i]); + req.setExtData(IRequest.AUTH_TOKEN + "-" + n + "(" + i + + ")", x1[i]); } } else { String x = token.getInString(n); if (x != null) { - CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n + "=" + x); + CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n + + "=" + x); req.setExtData(IRequest.AUTH_TOKEN + "-" + n, x); } } @@ -1511,77 +1439,76 @@ public abstract class CMSServlet extends HttpServlet { * handy routine for getting agent's relative path */ protected String getRelPath(IAuthority authority) { - if (authority instanceof ICertificateAuthority) + if (authority instanceof ICertificateAuthority) return "ca/"; - else if (authority instanceof IRegistrationAuthority) + else if (authority instanceof IRegistrationAuthority) return "ra/"; - else if (authority instanceof IKeyRecoveryAuthority) + else if (authority instanceof IKeyRecoveryAuthority) return "kra/"; - else + else return "/"; } /** - * A system certificate such as the CA signing certificate - * should not be allowed to delete. - * The main purpose is to avoid revoking the self signed + * A system certificate such as the CA signing certificate should not be + * allowed to delete. The main purpose is to avoid revoking the self signed * CA certificate accidentially. */ protected boolean isSystemCertificate(BigInteger serialNo) { if (!(mAuthority instanceof ICertificateAuthority)) { return false; } - X509Certificate caCert = - ((ICertificateAuthority)mAuthority).getCACert(); + X509Certificate caCert = ((ICertificateAuthority) mAuthority) + .getCACert(); if (caCert != null) { - /* only check this if we are self-signed */ - if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { - if (caCert.getSerialNumber().equals(serialNo)) { - return true; + /* only check this if we are self-signed */ + if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) { + if (caCert.getSerialNumber().equals(serialNo)) { + return true; + } } - } } return false; } /** * make a CRL entry from a serial number and revocation reason. + * * @return a RevokedCertImpl that can be entered in a CRL. */ - protected RevokedCertImpl formCRLEntry( - BigInteger serialNo, RevocationReason reason) - throws EBaseException { + protected RevokedCertImpl formCRLEntry(BigInteger serialNo, + RevocationReason reason) throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_CRL_REASON", + reason.toString(), e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); } - RevokedCertImpl crlentry = - new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts); + RevokedCertImpl crlentry = new RevokedCertImpl(serialNo, + CMS.getCurrentDate(), crlentryexts); return crlentry; } /** * check if a certificate (serial number) is revoked on a CA. + * * @return true if cert is marked revoked in the CA's database. - * @return false if cert is not marked revoked. + * @return false if cert is not marked revoked. */ - protected boolean certIsRevoked(BigInteger serialNum) - throws EBaseException { + protected boolean certIsRevoked(BigInteger serialNum) throws EBaseException { ICertRecord certRecord = getCertRecord(serialNum); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum))); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_INVALID_CERT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", + String.valueOf(serialNum))); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_INVALID_CERT")); } if (certRecord.getStatus().equals(ICertRecord.STATUS_REVOKED)) return true; @@ -1590,7 +1517,7 @@ public abstract class CMSServlet extends HttpServlet { public static String generateSalt() { Random rnd = new Random(); - String salt = new Integer( rnd.nextInt() ).toString(); + String salt = new Integer(rnd.nextInt()).toString(); return salt; } @@ -1607,9 +1534,8 @@ public abstract class CMSServlet extends HttpServlet { * @param realpathFile the file to get. * @param locale array of at least one to be filled with locale found. */ - public static File getLangFile( - HttpServletRequest req, File realpathFile, Locale[] locale) - throws IOException { + public static File getLangFile(HttpServletRequest req, File realpathFile, + Locale[] locale) throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -1626,7 +1552,7 @@ public abstract class CMSServlet extends HttpServlet { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -1654,9 +1580,8 @@ public abstract class CMSServlet extends HttpServlet { break; } - String langfilepath = - parent + File.separatorChar + - lang + File.separatorChar + name; + String langfilepath = parent + File.separatorChar + lang + + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -1687,20 +1612,18 @@ public abstract class CMSServlet extends HttpServlet { return new Locale(lang.substring(0, dash), lang.substring(dash + 1)); } - public IAuthToken authenticate(CMSRequest req) - throws EBaseException { + public IAuthToken authenticate(CMSRequest req) throws EBaseException { return authenticate(req, mAuthMgr); } public IAuthToken authenticate(HttpServletRequest httpReq) - throws EBaseException { + throws EBaseException { return authenticate(httpReq, mAuthMgr); } - public IAuthToken authenticate(CMSRequest req, String authMgrName) - throws EBaseException { - IAuthToken authToken = authenticate(req.getHttpReq(), - authMgrName); + public IAuthToken authenticate(CMSRequest req, String authMgrName) + throws EBaseException { + IAuthToken authToken = authenticate(req.getHttpReq(), authMgrName); saveAuthToken(authToken, req.getIRequest()); return authToken; @@ -1709,19 +1632,19 @@ public abstract class CMSServlet extends HttpServlet { /** * Authentication * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication - * fails (in case of SSL-client auth, only webserver env can pick up the - * SSL violation; CS authMgr can pick up cert mis-match, so this event - * is used) - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication - * succeeded + * fails (in case of SSL-client auth, only webserver env can pick up the SSL + * violation; CS authMgr can pick up cert mis-match, so this event is used) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when + * authentication succeeded * </ul> + * * @exception EBaseException an error has occurred */ - public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName) - throws EBaseException { + public IAuthToken authenticate(HttpServletRequest httpReq, + String authMgrName) throws EBaseException { String auditMessage = null; String auditSubjectID = ILogger.UNIDENTIFIED; String auditAuthMgrID = ILogger.UNIDENTIFIED; @@ -1750,19 +1673,19 @@ public abstract class CMSServlet extends HttpServlet { // // check ssl client authentication if specified. // - X509Certificate clientCert = null; + X509Certificate clientCert = null; - if (getClientCert != null && getClientCert.equals("true")) { + if (getClientCert != null && getClientCert.equals("true")) { CMS.debug("CMSServlet: retrieving SSL certificate"); clientCert = getSSLClientCertificate(httpReq); } // // check authentication by auth manager if any. - // + // if (authMgrName == null) { - // Fixed Blackflag Bug #613900: Since this code block does + // Fixed Blackflag Bug #613900: Since this code block does // NOT actually constitute an authentication failure, but // rather the case in which a given servlet has been correctly // configured to NOT require an authentication manager, the @@ -1794,11 +1717,9 @@ public abstract class CMSServlet extends HttpServlet { auditAuthMgrID = authMgrName; } AuthToken authToken = CMSGateway.checkAuthManager(httpReq, - httpArgs, - clientCert, - authMgrName); + httpArgs, clientCert, authMgrName); if (authToken == null) { - return null; + return null; } String userid = authToken.getInString(IAuthToken.USER_ID); @@ -1807,28 +1728,21 @@ public abstract class CMSServlet extends HttpServlet { if (userid != null) { ctx.put(SessionContext.USER_ID, userid); } - + // reset the "auditSubjectID" auditSubjectID = auditSubjectID(); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - auditAuthMgrID); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + auditSubjectID, ILogger.SUCCESS, auditAuthMgrID); audit(auditMessage); return authToken; } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditAuthMgrID, - auditUID); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_FAIL, + auditSubjectID, ILogger.FAILURE, auditAuthMgrID, auditUID); audit(auditMessage); // rethrow the specific exception to be handled later @@ -1836,8 +1750,8 @@ public abstract class CMSServlet extends HttpServlet { } } - public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, - String exp) throws EBaseException { + public AuthzToken authorize(String authzMgrName, String resource, + IAuthToken authToken, String exp) throws EBaseException { AuthzToken authzToken = null; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1852,56 +1766,40 @@ public abstract class CMSServlet extends HttpServlet { authzToken = mAuthz.authorize(authzMgrName, authToken, exp); if (authzToken != null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - auditACLResource, - auditOperation); + LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, auditSubjectID, + ILogger.SUCCESS, auditACLResource, auditOperation); audit(auditMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.SUCCESS, - auditGroupID); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditSubjectID, + ILogger.SUCCESS, auditGroupID); audit(auditMessage); } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, auditSubjectID, + ILogger.FAILURE, auditACLResource, auditOperation); audit(auditMessage); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.FAILURE, - auditGroupID); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditSubjectID, + ILogger.FAILURE, auditGroupID); audit(auditMessage); } return authzToken; } catch (Exception e) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, ILogger.FAILURE, auditACLResource, + auditOperation); audit(auditMessage); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.FAILURE, - auditGroupID); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.FAILURE, auditGroupID); audit(auditMessage); throw new EBaseException(e.toString()); @@ -1911,29 +1809,29 @@ public abstract class CMSServlet extends HttpServlet { /** * Authorize must occur after Authenticate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization * has failed - * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization - * is successful - * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a - * role (in current CS that's when one accesses a role port) + * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when + * authorization is successful + * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes + * a role (in current CS that's when one accesses a role port) * </ul> + * * @param authzMgrName string representing the name of the authorization - * manager + * manager * @param authToken the authentication token * @param resource a string representing the ACL resource id as defined in - * the ACL resource list + * the ACL resource list * @param operation a string representing one of the operations as defined - * within the ACL statement (e. g. - "read" for an ACL statement containing - * "(read,write)") + * within the ACL statement (e. g. - "read" for an ACL statement + * containing "(read,write)") * @exception EBaseException an error has occurred * @return the authorization token */ public AuthzToken authorize(String authzMgrName, IAuthToken authToken, - String resource, String operation) - throws EBaseException { + String resource, String operation) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditGroupID = auditGroupID(); @@ -1941,19 +1839,19 @@ public abstract class CMSServlet extends HttpServlet { String auditACLResource = resource; String auditOperation = operation; - SessionContext auditContext = SessionContext.getExistingContext(); String authManagerId = null; - if(auditContext != null) { - authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID); - - if(authManagerId != null && authManagerId.equals("TokenAuth")) { - if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { - CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); - auditID = auditGroupID; - } + if (auditContext != null) { + authManagerId = (String) auditContext + .get(SessionContext.AUTH_MANAGER_ID); + + if (authManagerId != null && authManagerId.equals("TokenAuth")) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) + || auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID"); + auditID = auditGroupID; + } } } @@ -1968,7 +1866,7 @@ public abstract class CMSServlet extends HttpServlet { } if (authzMgrName == null) { - // Fixed Blackflag Bug #613900: Since this code block does + // Fixed Blackflag Bug #613900: Since this code block does // NOT actually constitute an authorization failure, but // rather the case in which a given servlet has been correctly // configured to NOT require an authorization manager, the @@ -1980,47 +1878,35 @@ public abstract class CMSServlet extends HttpServlet { } try { - AuthzToken authzTok = mAuthz.authorize(authzMgrName, - authToken, - resource, - operation); + AuthzToken authzTok = mAuthz.authorize(authzMgrName, authToken, + resource, operation); if (authzTok != null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - auditACLResource, - auditOperation); + LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, auditSubjectID, + ILogger.SUCCESS, auditACLResource, auditOperation); audit(auditMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditID, - ILogger.SUCCESS, - auditGroups(auditSubjectID)); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditID, + ILogger.SUCCESS, auditGroups(auditSubjectID)); audit(auditMessage); } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, auditSubjectID, + ILogger.FAILURE, auditACLResource, auditOperation); audit(auditMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditID, - ILogger.FAILURE, - auditGroups(auditSubjectID)); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditID, + ILogger.FAILURE, auditGroups(auditSubjectID)); audit(auditMessage); } @@ -2028,42 +1914,31 @@ public abstract class CMSServlet extends HttpServlet { return authzTok; } catch (EBaseException eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, ILogger.FAILURE, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditID, - ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditID, ILogger.FAILURE, auditGroups(auditSubjectID)); audit(auditMessage); return null; } catch (Exception eAudit1) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, - auditSubjectID, - ILogger.FAILURE, - auditACLResource, - auditOperation); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, + auditSubjectID, ILogger.FAILURE, auditACLResource, + auditOperation); audit(auditMessage); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - auditSubjectID, - ILogger.FAILURE, - auditGroups(auditSubjectID)); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + auditSubjectID, ILogger.FAILURE, + auditGroups(auditSubjectID)); audit(auditMessage); @@ -2073,11 +1948,11 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -2088,21 +1963,17 @@ public abstract class CMSServlet extends HttpServlet { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -2119,8 +1990,7 @@ public abstract class CMSServlet extends HttpServlet { CMS.debug("CMSServlet: auditSubjectID auditContext " + auditContext); if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); + subjectID = (String) auditContext.get(SessionContext.USER_ID); CMS.debug("CMSServlet auditSubjectID: subjectID: " + subjectID); if (subjectID != null) { @@ -2137,12 +2007,11 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Log Group ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "gid" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "gid" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditGroupID() { @@ -2159,8 +2028,7 @@ public abstract class CMSServlet extends HttpServlet { CMS.debug("CMSServlet: auditGroupID auditContext " + auditContext); if (auditContext != null) { - groupID = (String) - auditContext.get(SessionContext.GROUP_ID); + groupID = (String) auditContext.get(SessionContext.GROUP_ID); CMS.debug("CMSServlet auditGroupID: groupID: " + groupID); if (groupID != null) { @@ -2177,14 +2045,14 @@ public abstract class CMSServlet extends HttpServlet { /** * Signed Audit Groups - * - * This method is called to extract all "groups" associated - * with the "auditSubjectID()". + * + * This method is called to extract all "groups" associated with the + * "auditSubjectID()". * <P> - * + * * @param id string containing the signed audit log message SubjectID - * @return a delimited string of groups associated - * with the "auditSubjectID()" + * @return a delimited string of groups associated with the + * "auditSubjectID()" */ private String auditGroups(String SubjectID) { // if no signed audit object exists, bail @@ -2192,8 +2060,7 @@ public abstract class CMSServlet extends HttpServlet { return null; } - if ((SubjectID == null) || - (SubjectID.equals(ILogger.UNIDENTIFIED))) { + if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -2211,7 +2078,7 @@ public abstract class CMSServlet extends HttpServlet { IGroup group = (IGroup) groups.nextElement(); if (group.isMember(SubjectID) == true) { - if (membersString.length()!= 0) { + if (membersString.length() != 0) { membersString.append(", "); } @@ -2219,7 +2086,7 @@ public abstract class CMSServlet extends HttpServlet { } } - if (membersString.length()!=0) { + if (membersString.length() != 0) { return membersString.toString(); } else { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -2238,23 +2105,24 @@ public abstract class CMSServlet extends HttpServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } - protected void outputResult(HttpServletResponse httpResp, - String contentType, byte[] content) { + protected void outputResult(HttpServletResponse httpResp, + String contentType, byte[] content) { try { OutputStream os = httpResp.getOutputStream(); - + httpResp.setContentType(contentType); httpResp.setContentLength(content.length); os.write(content); os.flush(); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", + e.toString())); return; } } @@ -2263,11 +2131,13 @@ public abstract class CMSServlet extends HttpServlet { outputError(httpResp, FAILURE, errorString, null); } - protected void outputError(HttpServletResponse httpResp, String errorString, String requestId) { + protected void outputError(HttpServletResponse httpResp, + String errorString, String requestId) { outputError(httpResp, FAILURE, errorString, null); } - protected void outputError(HttpServletResponse httpResp, String status, String errorString, String requestId) { + protected void outputError(HttpServletResponse httpResp, String status, + String errorString, String requestId) { XMLObject xmlObj = null; try { xmlObj = new XMLObject(); @@ -2288,34 +2158,39 @@ public abstract class CMSServlet extends HttpServlet { } catch (Exception ee) { CMS.debug("Failed to send XML output to the server."); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", + ee.toString())); } } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) - { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i+1) < v.length())) { - int nextC = v.charAt(i+1); - if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || - nextC == '<' || nextC == '>' || nextC == '#' || - nextC == ';' || nextC == '\r' || nextC == '\n' || - nextC == '\\' || nextC == '"')) { - if (doubleEscape) result.append('\\'); + if (c == ',' || c == '=' || c == '+' || c == '<' || c == '>' + || c == '#' || c == ';' || c == '\r' || c == '\n' + || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i + 1) < v.length())) { + int nextC = v.charAt(i + 1); + if ((c == 0x5c) + && (nextC == ',' || nextC == '=' || nextC == '+' + || nextC == '<' || nextC == '>' + || nextC == '#' || nextC == ';' + || nextC == '\r' || nextC == '\n' + || nextC == '\\' || nextC == '"')) { + if (doubleEscape) + result.append('\\'); } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) result.append('\\'); + if (doubleEscape) + result.append('\\'); } } if (c == '\r') { @@ -2323,11 +2198,10 @@ public abstract class CMSServlet extends HttpServlet { } else if (c == '\n') { result.append("0A"); } else { - result.append((char)c); + result.append((char) c); } } return result; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java index 64c59c5a..c68a1755 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.File; import java.io.IOException; import java.io.PrintWriter; @@ -32,11 +31,10 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.cmsutil.util.Utils; - /** - * This servlet is started by the web server at startup, and - * it starts the CMS framework. - * + * This servlet is started by the web server at startup, and it starts the CMS + * framework. + * * @version $Revision$, $Date$ */ public class CMSStartServlet extends HttpServlet { @@ -55,34 +53,33 @@ public class CMSStartServlet extends HttpServlet { if (!f.exists()) { int index = path.lastIndexOf("CS.cfg"); if (index != -1) { - old_path = path.substring(0, index)+"CMS.cfg"; + old_path = path.substring(0, index) + "CMS.cfg"; } File f1 = new File(old_path); if (f1.exists()) { // The following block of code moves "CMS.cfg" to "CS.cfg". try { - if( Utils.isNT() ) { + if (Utils.isNT()) { // NT is very picky on the path - Utils.exec( "copy " + - f1.getAbsolutePath().replace( '/', '\\' ) + - " " + - f.getAbsolutePath().replace( '/', '\\' ) ); + Utils.exec("copy " + + f1.getAbsolutePath().replace('/', '\\') + " " + + f.getAbsolutePath().replace('/', '\\')); } else { // Create a copy of the original file which // preserves the original file permissions. - Utils.exec( "cp -p " + f1.getAbsolutePath() + " " + - f.getAbsolutePath() ); + Utils.exec("cp -p " + f1.getAbsolutePath() + " " + + f.getAbsolutePath()); } // Remove the original file if and only if // the backup copy was successful. - if( f.exists() ) { + if (f.exists()) { f1.delete(); // Make certain that the new file has // the correct permissions. - if( !Utils.isNT() ) { - Utils.exec( "chmod 00660 " + f.getAbsolutePath() ); + if (!Utils.isNT()) { + Utils.exec("chmod 00660 " + f.getAbsolutePath()); } } } catch (Exception e) { @@ -96,7 +93,7 @@ public class CMSStartServlet extends HttpServlet { } public void doGet(HttpServletRequest req, HttpServletResponse res) - throws ServletException, IOException { + throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java index 8d853f0b..c53d6c52 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; @@ -33,10 +32,10 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * This is the servlet that displays the html page for the corresponding input id. - * + * This is the servlet that displays the html page for the corresponding input + * id. + * * @version $Revision$, $Date$ */ public class DisplayHtmlServlet extends CMSServlet { @@ -55,7 +54,7 @@ public class DisplayHtmlServlet extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); + mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); mTemplates.remove(CMSRequest.SUCCESS); } @@ -68,18 +67,19 @@ public class DisplayHtmlServlet extends CMSServlet { IAuthToken authToken = authenticate(cmsReq); try { - String realpath = - mServletConfig.getServletContext().getRealPath("/" + mHTMLPath); + String realpath = mServletConfig.getServletContext().getRealPath( + "/" + mHTMLPath); if (realpath == null) { - mLogger.log( - ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")) ; + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath)); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } File file = new File(realpath); long flen = file.length(); - byte[] bin = new byte[(int)flen]; + byte[] bin = new byte[(int) flen]; FileInputStream ins = new FileInputStream(file); int len = 0; @@ -92,9 +92,11 @@ public class DisplayHtmlServlet extends CMSServlet { ins.close(); bos.close(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java index 9607fbe2..45a404c5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -39,14 +38,13 @@ import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** - * Return some javascript to the request which contains the list of - * dynamic data in the CMS system. + * Return some javascript to the request which contains the list of dynamic data + * in the CMS system. * <p> - * This allows the requestor (browser) to make decisions about what - * to present in the UI, depending on how CMS is configured - * + * This allows the requestor (browser) to make decisions about what to present + * in the UI, depending on how CMS is configured + * * @version $Revision$, $Date$ */ public class DynamicVariablesServlet extends CMSServlet { @@ -83,10 +81,10 @@ public class DynamicVariablesServlet extends CMSServlet { private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()"; private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6); private String VAR_CLA_CRL_URL_VALUE = null; - + private String mAuthMgrCacheString = ""; - private long mAuthMgrCacheTime = 0; - private final int AUTHMGRCACHE = 10; //number of seconds to cache list of + private long mAuthMgrCacheTime = 0; + private final int AUTHMGRCACHE = 10; // number of seconds to cache list of // authmanagers for private Hashtable dynvars = null; private String mGetClientCert = "false"; @@ -99,8 +97,7 @@ public class DynamicVariablesServlet extends CMSServlet { IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING); try { - mCrlurl = - config.getString(PROP_CRLURL, ""); + mCrlurl = config.getString(PROP_CRLURL, ""); } catch (EBaseException e) { } } @@ -119,33 +116,38 @@ public class DynamicVariablesServlet extends CMSServlet { /** * Reads the following variables from the servlet config: * <ul> - * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request - * <li><strong>GetClientCert</strong> - whether to request client auth for this request - * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client - * <li><strong>dynamicVariables</strong> - a string of the form: - * serverdate=serverdate(),subsystemname=subsystemname(), - * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() + * <li><strong>AuthMgr</strong> - the authentication manager to use to + * authenticate the request + * <li><strong>GetClientCert</strong> - whether to request client auth for + * this request + * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to + * the client + * <li><strong>dynamicVariables</strong> - a string of the form: + * serverdate=serverdate(),subsystemname=subsystemname(), + * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl() * </ul> - * The dynamicVariables string is parsed by splitting on commas. - * When services, the HTTP request provides a piece of javascript - * code as follows. + * The dynamicVariables string is parsed by splitting on commas. When + * services, the HTTP request provides a piece of javascript code as + * follows. * <p> * Each sub expression "lhs=rhs()" forms a javascript statement of the form - * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the - * rhs. The possible values for the rhs() function are: + * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs. + * The possible values for the rhs() function are: * <ul> - * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client - * clock is set correctly) + * <li><strong>serverdate()</strong> - the timestamp of the server (used to + * ensure that the client clock is set correctly) * <li><strong>subsystemname()</strong> - * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https) + * <li><strong>http()</strong> - "true" or "false" - is this an http + * connection (as opposed to https) * <li>authmgrs() - a comma separated list of authentication managers - * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is - * defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl' + * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. + * This is defined in the CMS configuration parameter + * 'cloning.cloneMasterCrlUrl' * </ul> + * * @see javax.servlet.Servlet#init(ServletConfig) */ - public void init(ServletConfig sc) throws ServletException { super.init(sc); mAuthMgr = sc.getInitParameter(PROP_AUTHMGR); @@ -182,7 +184,8 @@ public class DynamicVariablesServlet extends CMSServlet { } else if (varvalue.equalsIgnoreCase(VAR_CLA_CRL_URL_STRING)) { varcode = VAR_CLA_CRL_URL; } else { - throw new ServletException("bad configuration parameter in " + PROP_DYNVAR); + throw new ServletException( + "bad configuration parameter in " + PROP_DYNVAR); } if (varcode != null) { dynvars.put(varcode, (Object) varname); @@ -193,20 +196,19 @@ public class DynamicVariablesServlet extends CMSServlet { } } - public void service(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException, IOException { + public void service(HttpServletRequest httpReq, HttpServletResponse httpResp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException( - "CMS server is not ready to serve."); + throw new IOException("CMS server is not ready to serve."); if (mAuthMgr != null) { try { IAuthToken token = authenticate(httpReq); } catch (EBaseException e) { - mServletCtx.log(CMS.getLogMessage("CMSGW_FILE_NO_ACCESS", e.toString())); + mServletCtx.log(CMS.getLogMessage("CMSGW_FILE_NO_ACCESS", + e.toString())); httpResp.sendError(HttpServletResponse.SC_FORBIDDEN); return; } @@ -214,7 +216,7 @@ public class DynamicVariablesServlet extends CMSServlet { httpResp.setContentType("application/x-javascript"); httpResp.setHeader("Pragma", "no-cache"); - + try { ServletOutputStream os = httpResp.getOutputStream(); @@ -227,47 +229,40 @@ public class DynamicVariablesServlet extends CMSServlet { Integer varcode = (Integer) k.nextElement(); if (varcode.equals(VAR_SERVERDATE)) { - toBeWritten = dynvars.get(varcode) + - "=" + - getServerDate() + - ";\n"; + toBeWritten = dynvars.get(varcode) + "=" + + getServerDate() + ";\n"; os.print(toBeWritten); } if (varcode.equals(VAR_SUBSYSTEMNAME)) { if (getSubsystemName() != null) { - toBeWritten = dynvars.get(varcode) + - "=" + "\"" + - getSubsystemName() + "\"" + - ";\n"; + toBeWritten = dynvars.get(varcode) + "=" + "\"" + + getSubsystemName() + "\"" + ";\n"; os.print(toBeWritten); } } if (varcode.equals(VAR_HTTP)) { if (getHttp(httpReq) != null) { - toBeWritten = dynvars.get(varcode) + - "=" + "\"" + - getHttp(httpReq) + "\"" + - ";\n"; + toBeWritten = dynvars.get(varcode) + "=" + "\"" + + getHttp(httpReq) + "\"" + ";\n"; os.print(toBeWritten); } } if (varcode.equals(VAR_CLA_CRL_URL)) { if (getImportCrlUrl() != null) { - toBeWritten = dynvars.get(varcode) + - "=" + "\"" + - getImportCrlUrl() + "\"" + - ";\n"; + toBeWritten = dynvars.get(varcode) + "=" + "\"" + + getImportCrlUrl() + "\"" + ";\n"; os.print(toBeWritten); } } if (varcode.equals(VAR_AUTHMGRS)) { toBeWritten = ""; - IAuthSubsystem as = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem as = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); Enumeration ame = as.getAuthManagers(); Date d = CMS.getCurrentDate(); @@ -278,10 +273,12 @@ public class DynamicVariablesServlet extends CMSServlet { StringBuffer sb = new StringBuffer(); while (ame.hasMoreElements()) { - IAuthManager am = (IAuthManager) ame.nextElement(); + IAuthManager am = (IAuthManager) ame + .nextElement(); String amName = am.getImplName(); - AuthMgrPlugin ap = as.getAuthManagerPluginImpl(amName); + AuthMgrPlugin ap = as + .getAuthManagerPluginImpl(amName); if (ap.isVisible()) { sb.append("authmanager["); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java index 3b8f8bd4..784ba40f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; import java.util.Enumeration; @@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve information. - * + * * @version $Revision$, $Date$ */ public class GetStats extends CMSServlet { @@ -62,9 +60,9 @@ public class GetStats extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template - * file "getOCSPInfo.template" to render the result page. - * + * initialize the servlet. This servlet uses the template file + * "getOCSPInfo.template" to render the result page. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,14 +77,12 @@ public class GetStats extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -94,14 +90,14 @@ public class GetStats extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -118,10 +114,11 @@ public class GetStats extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -130,12 +127,12 @@ public class GetStats extends CMSServlet { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); StatsEvent st = statsSub.getMainStatsEvent(); String op = httpReq.getParameter("op"); if (op != null && op.equals("clear")) { - statsSub.resetCounters(); + statsSub.resetCounters(); } header.addStringValue("startTime", statsSub.getStartTime().toString()); @@ -149,43 +146,42 @@ public class GetStats extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); return; } - public String getSep(int level) - { - StringBuffer s = new StringBuffer(); - for (int i = 0; i < level; i++) { - s.append("-"); - } - return s.toString(); + public String getSep(int level) { + StringBuffer s = new StringBuffer(); + for (int i = 0; i < level; i++) { + s.append("-"); + } + return s.toString(); } public void parse(CMSTemplateParams argSet, StatsEvent st, int level) { Enumeration names = st.getSubEventNames(); while (names.hasMoreElements()) { - String name = (String)names.nextElement(); - StatsEvent subSt = st.getSubEvent(name); - - IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); - rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); - rarg.addLongValue("timeTaken", subSt.getTimeTaken()); - rarg.addLongValue("max", subSt.getMax()); - rarg.addLongValue("min", subSt.getMin()); - rarg.addLongValue("percentage", subSt.getPercentage()); - rarg.addLongValue("avg", subSt.getAvg()); - rarg.addLongValue("stddev", subSt.getStdDev()); - argSet.addRepeatRecord(rarg); - - parse(argSet, subSt, level+1); + String name = (String) names.nextElement(); + StatsEvent subSt = st.getSubEvent(name); + + IArgBlock rarg = CMS.createArgBlock(); + rarg.addStringValue("name", getSep(level) + " " + subSt.getName()); + rarg.addLongValue("noOfOp", subSt.getNoOfOperations()); + rarg.addLongValue("timeTaken", subSt.getTimeTaken()); + rarg.addLongValue("max", subSt.getMax()); + rarg.addLongValue("min", subSt.getMin()); + rarg.addLongValue("percentage", subSt.getPercentage()); + rarg.addLongValue("avg", subSt.getAvg()); + rarg.addLongValue("stddev", subSt.getStdDev()); + argSet.addRepeatRecord(rarg); + + parse(argSet, subSt, level + 1); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java index 89179b57..60e80f1e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -32,11 +31,9 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.IndexTemplateFiller; - /** - * This is the servlet that builds the index page in - * various ports. - * + * This is the servlet that builds the index page in various ports. + * * @version $Revision$, $Date$ */ public class IndexServlet extends CMSServlet { @@ -68,10 +65,9 @@ public class IndexServlet extends CMSServlet { mTemplateName = sc.getInitParameter(PROP_TEMPLATE); /* - mTemplates.put(CMSRequest.SUCCESS, - new CMSLoadTemplate( - PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, - mTemplateName, new IndexTemplateFiller())); + * mTemplates.put(CMSRequest.SUCCESS, new CMSLoadTemplate( + * PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, mTemplateName, + * new IndexTemplateFiller())); */ mTemplates.remove(CMSRequest.SUCCESS); } @@ -91,26 +87,25 @@ public class IndexServlet extends CMSServlet { * Serves HTTP request. */ public void process(CMSRequest cmsReq) throws EBaseException { - if (CMSGateway.getEnableAdminEnroll() && - mAuthority != null && - mAuthority instanceof ICertificateAuthority) { + if (CMSGateway.getEnableAdminEnroll() && mAuthority != null + && mAuthority instanceof ICertificateAuthority) { try { cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html"); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString())); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", + e.toString())); + throw new ECMSGWException(CMS.getLogMessage( + "CMSGW_ERROR_REDIRECTING_ADMINENROLL1", e.toString())); } return; } else { try { - renderTemplate( - cmsReq, mTemplateName, new IndexTemplateFiller()); + renderTemplate(cmsReq, mTemplateName, new IndexTemplateFiller()); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, + e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE")); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java index 4c3dec80..6c84b88d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -34,7 +33,7 @@ import com.netscape.cmsutil.xml.XMLObject; /** * This servlet returns port information. - * + * * @version $Revision$, $Date$ */ public class PortsServlet extends CMSServlet { @@ -50,7 +49,7 @@ public class PortsServlet extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - // override these to output directly ourselves. + // override these to output directly ourselves. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); } @@ -67,10 +66,10 @@ public class PortsServlet extends CMSServlet { String port = null; if (secure.equals("true")) - port = CMS.getEESSLPort(); + port = CMS.getEESSLPort(); else port = CMS.getEENonSSLPort(); - + try { XMLObject xmlObj = null; xmlObj = new XMLObject(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java index 15bfb306..b8e19534 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java @@ -2,7 +2,6 @@ package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.HashMap; import java.util.Iterator; @@ -21,34 +20,29 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; - /** * This is a servlet that proxies request to another servlet. - * - * SERVLET REDIRECTION - * Specify the URL of a servlet to forward the request to - * destServlet: /ee/ca/newservlet - * - * PARAMETER MAPPING - * In the servlet configuration (as an init-param in web.xml) you - * can optionally specify a value for the parameter 'parameterMap' - * which contains a list of HTTP parameters which should be - * translated to new names. * - * parameterMap: name1->newname1,name2->newname2 - * + * SERVLET REDIRECTION Specify the URL of a servlet to forward the request to + * destServlet: /ee/ca/newservlet + * + * PARAMETER MAPPING In the servlet configuration (as an init-param in web.xml) + * you can optionally specify a value for the parameter 'parameterMap' which + * contains a list of HTTP parameters which should be translated to new names. + * + * parameterMap: name1->newname1,name2->newname2 + * * Optionally, names can be set to static values: - * - * parameterMap: name1->name2=value - * - * Examples: - * Consider the following HTTP input parameters: - * vehicle:car make:ford model:explorer * - * The following config strings will have this effect: - * parameterMap: make->manufacturer,model->name=expedition,->suv=true - * output: vehicle:car manufactuer:ford model:expedition suv:true - * + * parameterMap: name1->name2=value + * + * Examples: Consider the following HTTP input parameters: vehicle:car make:ford + * model:explorer + * + * The following config strings will have this effect: parameterMap: + * make->manufacturer,model->name=expedition,->suv=true output: vehicle:car + * manufactuer:ford model:expedition suv:true + * * @version $Revision$, $Date$ */ public class ProxyServlet extends HttpServlet { @@ -64,40 +58,41 @@ public class ProxyServlet extends HttpServlet { private Vector mMatchStrings = new Vector(); private String mDestServletOnNoMatch = null; private String mAppendPathInfoOnNoMatch = null; - private Map mParamMap = new HashMap(); - private Map mParamValue = new HashMap(); + private Map mParamMap = new HashMap(); + private Map mParamValue = new HashMap(); public ProxyServlet() { } - private void parseParamTable(String s) { - if (s == null) return; - - String[] params = s.split(","); - for (int i=0;i<params.length;i++) { - String p = params[i]; - if (p != null) { - String[] paramNames = p.split("->"); - if (paramNames.length != 2) { - } - String from = paramNames[0]; - String to = paramNames[1]; - if (from != null && to != null) { - String[] splitTo = to.split("="); - String toName = splitTo[0]; - if (from.length() >0) { - mParamMap.put(from,toName); - } - if (splitTo.length == 2) { - String toValue = splitTo[1]; - String toValues[] = new String[1]; - toValues[0] = toValue; - mParamValue.put(toName,toValues); - } - } - } - } - } + private void parseParamTable(String s) { + if (s == null) + return; + + String[] params = s.split(","); + for (int i = 0; i < params.length; i++) { + String p = params[i]; + if (p != null) { + String[] paramNames = p.split("->"); + if (paramNames.length != 2) { + } + String from = paramNames[0]; + String to = paramNames[1]; + if (from != null && to != null) { + String[] splitTo = to.split("="); + String toName = splitTo[0]; + if (from.length() > 0) { + mParamMap.put(from, toName); + } + if (splitTo.length == 2) { + String toValue = splitTo[1]; + String toValues[] = new String[1]; + toValues[0] = toValue; + mParamValue.put(toName, toValues); + } + } + } + } + } public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -113,16 +108,16 @@ public class ProxyServlet extends HttpServlet { mDest = sc.getInitParameter("destServlet"); mSrcContext = sc.getInitParameter("srcContext"); mAppendPathInfo = sc.getInitParameter("appendPathInfo"); - mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch"); + mAppendPathInfoOnNoMatch = sc + .getInitParameter("appendPathInfoOnNoMatch"); String map = sc.getInitParameter("parameterMap"); - if (map != null) { - parseParamTable(map); - } + if (map != null) { + parseParamTable(map); + } } - public void service(HttpServletRequest req, HttpServletResponse res) throws - IOException, ServletException - { + public void service(HttpServletRequest req, HttpServletResponse res) + throws IOException, ServletException { RequestDispatcher dispatcher = null; String dest = mDest; String uri = req.getRequestURI(); @@ -132,120 +127,120 @@ public class ProxyServlet extends HttpServlet { if (mMatchStrings.size() != 0) { boolean matched = false; for (int i = 0; i < mMatchStrings.size(); i++) { - String t = (String)mMatchStrings.elementAt(i); - if (uri.indexOf(t) != -1) { + String t = (String) mMatchStrings.elementAt(i); + if (uri.indexOf(t) != -1) { matched = true; } } if (!matched) { dest = mDestServletOnNoMatch; // append Path info for OCSP request in Get method - if (mAppendPathInfoOnNoMatch != null && - !mAppendPathInfoOnNoMatch.equals("")) { + if (mAppendPathInfoOnNoMatch != null + && !mAppendPathInfoOnNoMatch.equals("")) { dest = dest + uri.replace(mAppendPathInfoOnNoMatch, ""); } } } if (dest == null || dest.equals("")) { - // mapping everything - dest = uri; - dest = dest.replaceFirst(mSrcContext, ""); + // mapping everything + dest = uri; + dest = dest.replaceFirst(mSrcContext, ""); } if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) { - dest = dest + uri.replace(mAppendPathInfo, ""); + dest = dest + uri.replace(mAppendPathInfo, ""); } if (mDestContext != null && !mDestContext.equals("")) { - dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest); + dispatcher = getServletContext().getContext(mDestContext) + .getRequestDispatcher(dest); } else { - dispatcher = req.getRequestDispatcher(dest); + dispatcher = req.getRequestDispatcher(dest); } - // If a parameter map was specified - if (mParamMap != null && !mParamMap.isEmpty()) { - // Make a new wrapper with the new parameters - ProxyWrapper r = new ProxyWrapper(req); - r.setParameterMapAndValue(mParamMap,mParamValue); - req = r; - } - - dispatcher.forward(req, res); + // If a parameter map was specified + if (mParamMap != null && !mParamMap.isEmpty()) { + // Make a new wrapper with the new parameters + ProxyWrapper r = new ProxyWrapper(req); + r.setParameterMapAndValue(mParamMap, mParamValue); + req = r; + } + + dispatcher.forward(req, res); } } -class ProxyWrapper extends HttpServletRequestWrapper -{ - private Map mMap = null; - private Map mValueMap = null; - - public ProxyWrapper(HttpServletRequest req) - { - super(req); - } - - public void setParameterMapAndValue(Map m,Map v) - { - if (m != null) mMap = m; - if (v != null) mValueMap = v; - } - - public Map getParameterMap() - { - try { - // If we haven't specified any parameter mapping, just - // use the regular implementation - if (mMap == null) return super.getParameterMap(); - else { - // Make a new Map for us to put stuff in - Map n = new HashMap(); - // get the HTTP parameters the user supplied. - Map m = super.getParameterMap(); - Set s = m.entrySet(); - Iterator i = s.iterator(); - while (i.hasNext()) { - Map.Entry me = (Map.Entry) i.next(); - String name = (String) me.getKey(); - String[] values = (String[])(me.getValue()); - String newname = null; - if (name != null) { - newname = (String) mMap.get(name); - } - - // No mapping specified, just use existing name/value - if (newname == null || mValueMap == null) { - n.put(name,values); - } else { // new name specified - Object o = mValueMap.get(newname); - // check if new (static) value specified - if (o==null) { - n.put(newname,values); - } else { - String newvalues[] = (String[])mValueMap.get(newname); - n.put(newname,newvalues); - } - } - } - // Now, deal with static values set in the config - // which weren't set in the HTTP request - Set s2 = mValueMap.entrySet(); - Iterator i2 = s2.iterator(); - // Cycle through all the static values - while (i2.hasNext()) { - Map.Entry me2 = (Map.Entry) i2.next(); - String name2 = (String) me2.getKey(); - if (n.get(name2) == null) { - String[] values2 = (String[])me2.getValue(); - // If the parameter is not set in the map - // Set it now - n.put(name2,values2); - } - } - - return n; - } - } catch (NullPointerException npe) { - CMS.debug(npe); - return null; - } - } -} +class ProxyWrapper extends HttpServletRequestWrapper { + private Map mMap = null; + private Map mValueMap = null; + + public ProxyWrapper(HttpServletRequest req) { + super(req); + } + + public void setParameterMapAndValue(Map m, Map v) { + if (m != null) + mMap = m; + if (v != null) + mValueMap = v; + } + public Map getParameterMap() { + try { + // If we haven't specified any parameter mapping, just + // use the regular implementation + if (mMap == null) + return super.getParameterMap(); + else { + // Make a new Map for us to put stuff in + Map n = new HashMap(); + // get the HTTP parameters the user supplied. + Map m = super.getParameterMap(); + Set s = m.entrySet(); + Iterator i = s.iterator(); + while (i.hasNext()) { + Map.Entry me = (Map.Entry) i.next(); + String name = (String) me.getKey(); + String[] values = (String[]) (me.getValue()); + String newname = null; + if (name != null) { + newname = (String) mMap.get(name); + } + + // No mapping specified, just use existing name/value + if (newname == null || mValueMap == null) { + n.put(name, values); + } else { // new name specified + Object o = mValueMap.get(newname); + // check if new (static) value specified + if (o == null) { + n.put(newname, values); + } else { + String newvalues[] = (String[]) mValueMap + .get(newname); + n.put(newname, newvalues); + } + } + } + // Now, deal with static values set in the config + // which weren't set in the HTTP request + Set s2 = mValueMap.entrySet(); + Iterator i2 = s2.iterator(); + // Cycle through all the static values + while (i2.hasNext()) { + Map.Entry me2 = (Map.Entry) i2.next(); + String name2 = (String) me2.getKey(); + if (n.get(name2) == null) { + String[] values2 = (String[]) me2.getValue(); + // If the parameter is not set in the map + // Set it now + n.put(name2, values2); + } + } + + return n; + } + } catch (NullPointerException npe) { + CMS.debug(npe); + return null; + } + } +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java index 5daac065..625a69ed 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - import java.io.IOException; import java.util.Date; @@ -30,15 +29,14 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; /** - * Displays detailed information about java VM internals, including - * current JVM memory usage, and detailed information about each - * thread. + * Displays detailed information about java VM internals, including current JVM + * memory usage, and detailed information about each thread. * <p> * Also allows user to trigger a new garbage collection - * + * * @version $Revision$, $Date$ */ -public class SystemInfoServlet extends HttpServlet { +public class SystemInfoServlet extends HttpServlet { /** * @@ -53,21 +51,23 @@ public class SystemInfoServlet extends HttpServlet { } /** - * service the request, returning HTML to the client. - * This method has different behaviour depending on the - * value of the 'op' HTTP parameter. + * service the request, returning HTML to the client. This method has + * different behaviour depending on the value of the 'op' HTTP parameter. * <UL> - * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet - * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers - * (@see java.lang.Runtime.getRuntime#gc() ) - * <li>op = general - display information about memory, and other JVM informatino - * <li>op = thread - display details about each thread. + * <LI>op = <i>undefined</i> - display a menu with links to the other + * functionality of this servlet + * <li>op = gc - tell the JVM that we want to do a garbage collection and to + * run finalizers (@see java.lang.Runtime.getRuntime#gc() ) + * <li>op = general - display information about memory, and other JVM + * informatino + * <li>op = thread - display details about each thread. * </UL> - * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) + * + * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, + * HttpServletResponse) */ - public void service(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { boolean collect = false; String op = request.getParameter("op"); @@ -83,12 +83,12 @@ public class SystemInfoServlet extends HttpServlet { } } - private void mainMenu(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void mainMenu(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); - response.getWriter().println("<a href=" + request.getServletPath() + ">"); + response.getWriter().println( + "<a href=" + request.getServletPath() + ">"); response.getWriter().println("Main"); response.getWriter().println("</a>"); response.getWriter().println("</H1>"); @@ -97,7 +97,8 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("<tr>"); response.getWriter().println("<td>"); response.getWriter().println("<li>"); - response.getWriter().println("<a href=" + request.getServletPath() + "?op=general>"); + response.getWriter().println( + "<a href=" + request.getServletPath() + "?op=general>"); response.getWriter().println("General"); response.getWriter().println("</a>"); response.getWriter().println("</td>"); @@ -105,7 +106,8 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("<tr>"); response.getWriter().println("<td>"); response.getWriter().println("<li>"); - response.getWriter().println("<a href=" + request.getServletPath() + "?op=gc>"); + response.getWriter().println( + "<a href=" + request.getServletPath() + "?op=gc>"); response.getWriter().println("Garbage Collection"); response.getWriter().println("</a>"); response.getWriter().println("</td>"); @@ -113,7 +115,8 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("<tr>"); response.getWriter().println("<td>"); response.getWriter().println("<li>"); - response.getWriter().println("<a href=" + request.getServletPath() + "?op=thread>"); + response.getWriter().println( + "<a href=" + request.getServletPath() + "?op=thread>"); response.getWriter().println("Thread Listing"); response.getWriter().println("</a>"); response.getWriter().println("</td>"); @@ -122,30 +125,31 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("</HTML>"); } - private void gc(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void gc(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { java.lang.Runtime.getRuntime().gc(); java.lang.Runtime.getRuntime().runFinalization(); response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); - response.getWriter().println("<a href=" + request.getServletPath() + ">"); + response.getWriter().println( + "<a href=" + request.getServletPath() + ">"); response.getWriter().println("Main"); response.getWriter().println("</a>"); response.getWriter().println(" : "); response.getWriter().println("Garbage Collection"); response.getWriter().println("</H1>"); response.getWriter().println("<p>"); - response.getWriter().println("The garbage collector has been executed."); + response.getWriter() + .println("The garbage collector has been executed."); response.getWriter().println("</HTML>"); } - private void general(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void general(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); - response.getWriter().println("<a href=" + request.getServletPath() + ">"); + response.getWriter().println( + "<a href=" + request.getServletPath() + ">"); response.getWriter().println("Main"); response.getWriter().println("</a>"); response.getWriter().println(" : "); @@ -174,7 +178,8 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("Available Processors:"); response.getWriter().println("</td>"); response.getWriter().println("<td>"); - response.getWriter().println(Runtime.getRuntime().availableProcessors()); + response.getWriter() + .println(Runtime.getRuntime().availableProcessors()); response.getWriter().println("</td>"); response.getWriter().println("</tr>"); response.getWriter().println("<tr>"); @@ -214,20 +219,22 @@ public class SystemInfoServlet extends HttpServlet { response.getWriter().println("Free Memory / Total Memory:"); response.getWriter().println("</td>"); response.getWriter().println("<td>"); - response.getWriter().println((Runtime.getRuntime().freeMemory() * 100) / Runtime.getRuntime().totalMemory() + "%"); + response.getWriter().println( + (Runtime.getRuntime().freeMemory() * 100) + / Runtime.getRuntime().totalMemory() + "%"); response.getWriter().println("</td>"); response.getWriter().println("</tr>"); response.getWriter().println("</table>"); response.getWriter().println("</HTML>"); } - private void thread(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + private void thread(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { response.getWriter().println("</table>"); response.getWriter().println("<HTML>"); response.getWriter().println("<H1>"); - response.getWriter().println("<a href=" + request.getServletPath() + ">"); + response.getWriter().println( + "<a href=" + request.getServletPath() + ">"); response.getWriter().println("Main"); response.getWriter().println("</a>"); response.getWriter().println(" : "); diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java index 02ab5b52..ca829561 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java @@ -17,11 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.base; - /** - * This class represents information about the client e.g. version, - * langauge, vendor. - * + * This class represents information about the client e.g. version, langauge, + * vendor. + * * @version $Revision$, $Date$ */ public class UserInfo { @@ -36,7 +35,7 @@ public class UserInfo { /** * Returns the user language. - * + * * @param s user language info from the browser * @return user language */ @@ -53,7 +52,7 @@ public class UserInfo { /** * Returns the user country. - * + * * @param s user language info from the browser * @return user country */ @@ -67,10 +66,10 @@ public class UserInfo { } return ""; } - + /** * Returns the users agent. - * + * * @param s user language info from the browser * @return user agent */ @@ -79,7 +78,7 @@ public class UserInfo { if (s.indexOf(MSIE) != -1) { return MSIE; } - + // Check for Netscape i.e. Mozilla if (s.indexOf(MOZILLA) != -1) { return MOZILLA; @@ -87,5 +86,5 @@ public class UserInfo { // Don't know agent. Return empty string. return ""; - } + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java index 47b3c9f1..63ac96e1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -68,10 +67,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a certificate with a CMC-formatted revocation request - * + * * @version $Revision$, $Date$ */ public class CMCRevReqServlet extends CMSServlet { @@ -84,7 +82,7 @@ public class CMCRevReqServlet extends CMSServlet { // revocation templates. private final static String TPL_FILE = "revocationResult.template"; public static final String CRED_CMC = "cmcRequest"; - + private ICertificateRepository mCertDB = null; private String mFormPath = null; private IRequestQueue mQueue = null; @@ -93,29 +91,26 @@ public class CMCRevReqServlet extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - - // http params + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + + // http params public static final String SERIAL_NO = TOKEN_CERT_SERIAL; public static final String REASON_CODE = "reasonCode"; public static final String CHALLENGE_PHRASE = "challengePhrase"; // request attributes public static final String SERIALNO_ARRAY = "serialNoArray"; - + public CMCRevReqServlet() { super(); } - /** + /** * initialize the servlet. - * @param sc servlet configuration, read from the web.xml file - */ + * + * @param sc servlet configuration, read from the web.xml file + */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -126,61 +121,65 @@ public class CMCRevReqServlet extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority) + .getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } - - /** - * Process the HTTP request. - * - * <ul> - * <li>http.param cmcRequest the base-64 encoded CMC request - * </ul> - * @param cmsReq the object holding the request and response information + /** + * Process the HTTP request. + * + * <ul> + * <li>http.param cmcRequest the base-64 encoded CMC request + * </ul> + * + * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { String cmcAgentSerialNumber = null; IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); - HttpServletResponse resp = cmsReq.getHttpResp(); - + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("**** mFormPath = "+mFormPath); + CMS.debug("**** mFormPath = " + mFormPath); try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } EBaseException error = null; IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - String cmc = (String) httpParams.get(CRED_CMC); if (cmc == null) { - throw new EMissingCredential( - CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); + throw new EMissingCredential(CMS.getUserMessage( + "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC)); } IAuthToken authToken = authenticate(cmsReq); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "revoke"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "revoke"); } catch (Exception e) { // do nothing for now } @@ -190,10 +189,10 @@ CMS.debug("**** mFormPath = "+mFormPath); return; } - //IAuthToken authToken = getAuthToken(cmsReq); - //Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL); - //Object uid = authToken.get("uid"); - //=========================== + // IAuthToken authToken = getAuthToken(cmsReq); + // Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL); + // Object uid = authToken.get("uid"); + // =========================== String authMgr = AuditFormat.NOAUTH; BigInteger[] serialNoArray = null; @@ -201,36 +200,38 @@ CMS.debug("**** mFormPath = "+mFormPath); serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL); } - Integer reasonCode = Integer.valueOf(0); - if (authToken != null) { + Integer reasonCode = Integer.valueOf(0); + if (authToken != null) { reasonCode = authToken.getInInteger(REASON_CODE); } - RevocationReason reason = RevocationReason.fromInt(reasonCode.intValue()); + RevocationReason reason = RevocationReason.fromInt(reasonCode + .intValue()); String comments = ""; Date invalidityDate = null; String revokeAll = null; int verifiedRecordCount = 0; int totalRecordCount = 0; - + if (serialNoArray != null) { totalRecordCount = serialNoArray.length; verifiedRecordCount = serialNoArray.length; } - + X509CertImpl[] certs = null; - //for audit log. + // for audit log. String initiative = null; if (mAuthMgr != null && mAuthMgr.equals("CMCAuth")) { // request is from agent if (authToken != null) { - authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + - " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { initiative = AuditFormat.FROMUSER; @@ -241,24 +242,29 @@ CMS.debug("**** mFormPath = "+mFormPath); certs = new X509CertImpl[serialNoArray.length]; for (int i = 0; i < serialNoArray.length; i++) { - certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]); + certs[i] = ((ICertificateAuthority) mAuthority) + .getCertificateRepository().getX509Certificate( + serialNoArray[i]); } } else if (mAuthority instanceof IRegistrationAuthority) { IRequest getCertsChallengeReq = null; - getCertsChallengeReq = mQueue.newRequest( - GETCERTS_FOR_CHALLENGE_REQUEST); + getCertsChallengeReq = mQueue + .newRequest(GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); if (status == RequestStatus.COMPLETE) { - certs = getCertsChallengeReq.getExtDataInCertArray(IRequest.OLD_CERTS); - header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); + certs = getCertsChallengeReq + .getExtDataInCertArray(IRequest.OLD_CERTS); + header.addStringValue("request", getCertsChallengeReq + .getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -268,23 +274,23 @@ CMS.debug("**** mFormPath = "+mFormPath); for (int i = 0; i < serialNoArray.length; i++) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addBigIntegerValue("serialNumber", - serialNoArray[i], 16); - rarg.addStringValue("subject", - certs[i].getSubjectDN().toString()); - rarg.addLongValue("validNotBefore", - certs[i].getNotBefore().getTime() / 1000); - rarg.addLongValue("validNotAfter", - certs[i].getNotAfter().getTime() / 1000); - //argSet.addRepeatRecord(rarg); + rarg.addBigIntegerValue("serialNumber", serialNoArray[i], 16); + rarg.addStringValue("subject", certs[i].getSubjectDN() + .toString()); + rarg.addLongValue("validNotBefore", certs[i].getNotBefore() + .getTime() / 1000); + rarg.addLongValue("validNotAfter", certs[i].getNotAfter() + .getTime() / 1000); + // argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; - cmcAgentSerialNumber= authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT); - process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp, - verifiedRecordCount, revokeAll, totalRecordCount, - comments, locale[0],cmcAgentSerialNumber); - + cmcAgentSerialNumber = authToken + .getInString(IAuthManager.CRED_SSL_CLIENT_CERT); + process(argSet, header, reasonCode.intValue(), invalidityDate, + initiative, req, resp, verifiedRecordCount, revokeAll, + totalRecordCount, comments, locale[0], cmcAgentSerialNumber); + } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -293,54 +299,56 @@ CMS.debug("**** mFormPath = "+mFormPath); try { ServletOutputStream out = resp.getOutputStream(); - if ((serialNoArray== null) || (serialNoArray.length == 0)) { + if ((serialNoArray == null) || (serialNoArray.length == 0)) { cmsReq.setStatus(CMSRequest.ERROR); - EBaseException ee = new EBaseException("No matched certificate is found"); + EBaseException ee = new EBaseException( + "No matched certificate is found"); cmsReq.setError(ee); } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } /** * get cert to revoke from agent. */ - private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { + private BigInteger getCertFromAgent(IArgBlock httpParams, + X509Certificate[] certContainer) throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } } certContainer[0] = cert; @@ -350,23 +358,21 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Revoke the specified certificate */ - private BigInteger getCertFromAuthMgr( - AuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { - X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); + private BigInteger getCertFromAuthMgr(AuthToken authToken, + X509Certificate[] certContainer) throws EBaseException { + X509CertImpl cert = authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); @@ -375,25 +381,23 @@ CMS.debug("**** mFormPath = "+mFormPath); } /** - * get cert to revoke from ssl + * get cert to revoke from ssl */ - private BigInteger getCertFromSSL( - HttpServletRequest req, X509CertImpl[] certContainer) - throws EBaseException { + private BigInteger getCertFromSSL(HttpServletRequest req, + X509CertImpl[] certContainer) throws EBaseException { X509Certificate cert = getSSLClientCertificate(req); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_SSL")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_SSL")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_SSL")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_SSL")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION", "")); + if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION", "")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); @@ -406,56 +410,52 @@ CMS.debug("**** mFormPath = "+mFormPath); * Process cert status change request using the Certificate Management * protocol using CMS (CMC) * <P> - * + * * (Certificate Request - an "EE" cert status change request) * <P> - * + * * (Certificate Request Processed - an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale,String cmcAgentSerialNumber) - throws EBaseException { + int reason, Date invalidityDate, String initiative, + HttpServletRequest req, HttpServletResponse resp, + int verifiedRecordCount, String revokeAll, int totalRecordCount, + String comments, Locale locale, String cmcAgentSerialNumber) + throws EBaseException { String eeSerialNumber = null; - if(cmcAgentSerialNumber!=null) { + if (cmcAgentSerialNumber != null) { eeSerialNumber = cmcAgentSerialNumber; - }else{ - X509CertImpl sslCert = ( X509CertImpl ) getSSLClientCertificate( req ); - if( sslCert != null ) { + } else { + X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); + if (sslCert != null) { eeSerialNumber = sslCert.getSerialNumber().toString(); } } @@ -463,11 +463,11 @@ CMS.debug("**** mFormPath = "+mFormPath); boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditRequesterID = auditRequesterID( req ); - String auditSerialNumber = auditSerialNumber( eeSerialNumber ); - String auditRequestType = auditRequestType( reason ); + String auditRequesterID = auditRequesterID(req); + String auditSerialNumber = auditSerialNumber(eeSerialNumber); + String auditRequestType = auditRequestType(reason); String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - String auditReasonNum = String.valueOf( reason ); + String auditReasonNum = String.valueOf(reason); try { int count = 0; @@ -496,8 +496,9 @@ CMS.debug("**** mFormPath = "+mFormPath); } if (mAuthority instanceof ICertificateAuthority) { - ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList( - revokeAll, null, totalRecordCount); + ICertRecordList list = (ICertRecordList) mCertDB + .findCertRecordsInList(revokeAll, null, + totalRecordCount); Enumeration e = list.getCertRecords(0, totalRecordCount - 1); while (e != null && e.hasMoreElements()) { @@ -506,18 +507,18 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { - rarg.addStringValue("error", "Certificate " + - cert.getSerialNumber().toString() + - " is already revoked."); + rarg.addStringValue("error", "Certificate " + + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl( + cert.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -529,42 +530,48 @@ CMS.debug("**** mFormPath = "+mFormPath); } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() + && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; - while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { + while (i < revokeAll.length() + && revokeAll.charAt(i) == ' ') { i++; } String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() && - legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() + && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { - serialNumbers.addElement(revokeAll.substring(i, j)); + serialNumbers.addElement(revokeAll.substring(i, + j)); } } } } - if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) { - IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr)); - X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS); + if (reqIdStr != null && reqIdStr.length() > 0 + && serialNumbers.size() > 0) { + IRequest certReq = mRequestQueue.findRequest(new RequestId( + reqIdStr)); + X509CertImpl[] certs = certReq + .getExtDataInCertArray(IRequest.OLD_CERTS); for (int i = 0; i < certs.length; i++) { boolean addToList = false; for (int j = 0; j < serialNumbers.size(); j++) { - if (certs[i].getSerialNumber().toString().equals( - (String) serialNumbers.elementAt(j))) { + if (certs[i] + .getSerialNumber() + .toString() + .equals((String) serialNumbers.elementAt(j))) { addToList = true; break; } @@ -573,11 +580,11 @@ CMS.debug("**** mFormPath = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), + RevokedCertImpl revCertImpl = new RevokedCertImpl( + certs[i].getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -590,17 +597,18 @@ CMS.debug("**** mFormPath = "+mFormPath); String b64eCert = req.getParameter("b64eCertificate"); if (b64eCert != null) { - byte[] certBytes = com.netscape.osutil.OSUtil.AtoB(b64eCert); + byte[] certBytes = com.netscape.osutil.OSUtil + .AtoB(b64eCert); X509CertImpl cert = new X509CertImpl(certBytes); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl( + cert.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -620,17 +628,13 @@ CMS.debug("**** mFormPath = "+mFormPath); revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); @@ -660,30 +664,35 @@ CMS.debug("**** mFormPath = "+mFormPath); Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = revReq + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j] + .getSubjectDN(), + oldCerts[j] + .getSerialNumber() + .toString(16), + RevocationReason + .fromInt(reason) + .toString() }); } } } @@ -695,24 +704,27 @@ CMS.debug("**** mFormPath = "+mFormPath); // audit log the success. for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString( + 16), + RevocationReason.fromInt(reason) + .toString() }); } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -720,92 +732,98 @@ CMS.debug("**** mFormPath = "+mFormPath); header.addStringValue("updateCRLSuccess", "yes"); } else { header.addStringValue("updateCRLSuccess", "no"); - String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = revReq + .getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + header.addStringValue("updateCRLError", crlError); } // let known crl publishing status too. - Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue("publishCRLSuccess", "yes"); } else { header.addStringValue("publishCRLSuccess", "no"); - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) + .getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs + .nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq + .getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", - updateStatusStr)); + CMS.debug("CMCRevReqServlet: " + + CMS.getLogMessage( + "ADMIN_SRVLT_ADDING_HEADER", + updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { - String updateErrorStr = crl.getCrlUpdateErrorStr(); + String updateErrorStr = crl + .getCrlUpdateErrorStr(); - CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); + CMS.debug("CMCRevReqServlet: " + + CMS.getLogMessage( + "ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); header.addStringValue(updateStatusStr, "no"); - String error = - revReq.getExtDataInString(updateErrorStr); + String error = revReq + .getExtDataInString(updateErrorStr); if (error != null) - header.addStringValue(updateErrorStr, - error); + header.addStringValue(updateErrorStr, error); } - String publishStatusStr = crl.getCrlPublishStatusStr(); - Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl + .getCrlPublishStatusStr(); + Integer publishResult = revReq + .getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = crl + .getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); - String error = - revReq.getExtDataInString(publishErrorStr); + String error = revReq + .getExtDataInString(publishErrorStr); if (error != null) - header.addStringValue( - publishErrorStr, error); + header.addStringValue(publishErrorStr, + error); } } } } - if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null + && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = revReq + .getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -821,12 +839,11 @@ CMS.debug("**** mFormPath = "+mFormPath); header.addIntegerValue("certsToUpdate", certsToUpdate); // add crl publishing status. - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - header.addStringValue("crlPublishError", - publError); + header.addStringValue("crlPublishError", publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -839,27 +856,32 @@ CMS.debug("**** mFormPath = "+mFormPath); // audit log the pending for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString( + 16), + RevocationReason.fromInt(reason) + .toString() }); } } } else { - Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq + .getExtDataInStringVector(IRequest.ERRORS); StringBuffer errorStr = new StringBuffer(); if (errors != null && errors.size() > 0) { for (int ii = 0; ii < errors.size(); ii++) { - errorStr.append(errors.elementAt(ii));; + errorStr.append(errors.elementAt(ii)); + ; } } header.addStringValue("error", errorStr.toString()); @@ -867,17 +889,20 @@ CMS.debug("**** mFormPath = "+mFormPath); // audit log the error for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString( + 16), + RevocationReason.fromInt(reason) + .toString() }); } } } @@ -886,17 +911,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -906,12 +931,9 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -920,18 +942,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -945,12 +966,9 @@ CMS.debug("**** mFormPath = "+mFormPath); // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -959,18 +977,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -979,18 +996,16 @@ CMS.debug("**** mFormPath = "+mFormPath); throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", + e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -999,35 +1014,32 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } } - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } catch (Exception e) { if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -1036,18 +1048,17 @@ CMS.debug("**** mFormPath = "+mFormPath); // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) - { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1061,11 +1072,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1091,11 +1102,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1113,8 +1124,8 @@ CMS.debug("**** mFormPath = "+mFormPath); // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + + Integer.toHexString(Integer.valueOf(serialNumber) + .intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1124,11 +1135,11 @@ CMS.debug("**** mFormPath = "+mFormPath); /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1150,4 +1161,3 @@ CMS.debug("**** mFormPath = "+mFormPath); return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java index 8dff2768..807f0493 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -66,11 +65,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Takes the certificate info (serial number) and optional challenge phrase, creates a - * revocation request and submits it to the authority subsystem for processing - * + * Takes the certificate info (serial number) and optional challenge phrase, + * creates a revocation request and submits it to the authority subsystem for + * processing + * * @version $Revision$, $Date$ */ public class ChallengeRevocationServlet1 extends CMSServlet { @@ -89,7 +88,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { private IPublisherProcessor mPublisherProcessor = null; private String mRequestID = null; - // http params + // http params public static final String SERIAL_NO = TOKEN_CERT_SERIAL; public static final String REASON_CODE = "reasonCode"; public static final String CHALLENGE_PHRASE = "challengePhrase"; @@ -102,10 +101,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } /** - * Initialize the servlet. This servlet uses the file - * revocationResult.template for the response - * - * @param sc servlet configuration, read from the web.xml file + * Initialize the servlet. This servlet uses the file + * revocationResult.template for the response + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -116,26 +115,27 @@ public class ChallengeRevocationServlet1 extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority) + .getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); } - /** - * Process the HTTP request. + /** + * Process the HTTP request. * <ul> * <li>http.param REASON_CODE the revocation reason - * <li>http.param b64eCertificate the base-64 encoded certificate to revoke + * <li>http.param b64eCertificate the base-64 encoded certificate to revoke * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -146,8 +146,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } EBaseException error = null; @@ -159,37 +161,40 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // for audit log IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + BigInteger[] serialNoArray = null; if (authToken != null) { serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO); } // set revocation reason, default to unspecified if not set. - int reasonCode = - httpParams.getValueAsInt(REASON_CODE, 0); - // header.addIntegerValue("reason", reasonCode); + int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); + // header.addIntegerValue("reason", reasonCode); RevocationReason reason = RevocationReason.fromInt(reasonCode); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); Date invalidityDate = null; String revokeAll = null; - int totalRecordCount = (serialNoArray != null)? serialNoArray.length:0; - int verifiedRecordCount = (serialNoArray != null)? serialNoArray.length:0; + int totalRecordCount = (serialNoArray != null) ? serialNoArray.length + : 0; + int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length + : 0; X509CertImpl[] certs = null; - //for audit log. + // for audit log. String initiative = null; - if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + if (mAuthMgr != null + && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { // request is from agent if (authToken != null) { - authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + - " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { initiative = AuditFormat.FROMUSER; @@ -198,11 +203,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "revoke"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "revoke"); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -215,24 +220,29 @@ public class ChallengeRevocationServlet1 extends CMSServlet { certs = new X509CertImpl[serialNoArray.length]; for (int i = 0; i < serialNoArray.length; i++) { - certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]); + certs[i] = ((ICertificateAuthority) mAuthority) + .getCertificateRepository().getX509Certificate( + serialNoArray[i]); } } else if (mAuthority instanceof IRegistrationAuthority) { IRequest getCertsChallengeReq = null; - getCertsChallengeReq = mQueue.newRequest( - GETCERTS_FOR_CHALLENGE_REQUEST); + getCertsChallengeReq = mQueue + .newRequest(GETCERTS_FOR_CHALLENGE_REQUEST); getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray); mQueue.processRequest(getCertsChallengeReq); RequestStatus status = getCertsChallengeReq.getRequestStatus(); if (status == RequestStatus.COMPLETE) { - certs = getCertsChallengeReq.getExtDataInCertArray(IRequest.OLD_CERTS); - header.addStringValue("request", getCertsChallengeReq.getRequestId().toString()); + certs = getCertsChallengeReq + .getExtDataInCertArray(IRequest.OLD_CERTS); + header.addStringValue("request", getCertsChallengeReq + .getRequestId().toString()); mRequestID = getCertsChallengeReq.getRequestId().toString(); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); } } @@ -242,21 +252,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet { for (int i = 0; i < serialNoArray.length; i++) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addBigIntegerValue("serialNumber", - serialNoArray[i], 16); - rarg.addStringValue("subject", - certs[i].getSubjectDN().toString()); - rarg.addLongValue("validNotBefore", - certs[i].getNotBefore().getTime() / 1000); - rarg.addLongValue("validNotAfter", - certs[i].getNotAfter().getTime() / 1000); - //argSet.addRepeatRecord(rarg); + rarg.addBigIntegerValue("serialNumber", serialNoArray[i], 16); + rarg.addStringValue("subject", certs[i].getSubjectDN() + .toString()); + rarg.addLongValue("validNotBefore", certs[i].getNotBefore() + .getTime() / 1000); + rarg.addLongValue("validNotAfter", certs[i].getNotAfter() + .getTime() / 1000); + // argSet.addRepeatRecord(rarg); } revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))"; - process(argSet, header, reasonCode, invalidityDate, initiative, req, resp, - verifiedRecordCount, revokeAll, totalRecordCount, - comments, locale[0]); + process(argSet, header, reasonCode, invalidityDate, initiative, + req, resp, verifiedRecordCount, revokeAll, + totalRecordCount, comments, locale[0]); } else { header.addIntegerValue("totalRecordCount", 0); header.addIntegerValue("verifiedRecordCount", 0); @@ -265,10 +274,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { try { ServletOutputStream out = resp.getOutputStream(); - if( serialNoArray == null ) { - CMS.debug( "ChallengeRevcationServlet1::process() - " + - " serialNoArray is null!" ); - EBaseException ee = new EBaseException( "No matched certificate is found" ); + if (serialNoArray == null) { + CMS.debug("ChallengeRevcationServlet1::process() - " + + " serialNoArray is null!"); + EBaseException ee = new EBaseException( + "No matched certificate is found"); cmsReq.setError(ee); return; @@ -276,37 +286,34 @@ public class ChallengeRevocationServlet1 extends CMSServlet { if (serialNoArray.length == 0) { cmsReq.setStatus(CMSRequest.ERROR); - EBaseException ee = new EBaseException("No matched certificate is found"); + EBaseException ee = new EBaseException( + "No matched certificate is found"); cmsReq.setError(ee); } else { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, String initiative, + HttpServletRequest req, HttpServletResponse resp, + int verifiedRecordCount, String revokeAll, int totalRecordCount, + String comments, Locale locale) throws EBaseException { try { int count = 0; Vector oldCertsV = new Vector(); @@ -334,8 +341,9 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } if (mAuthority instanceof ICertificateAuthority) { - ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList( - revokeAll, null, totalRecordCount); + ICertRecordList list = (ICertRecordList) mCertDB + .findCertRecordsInList(revokeAll, null, + totalRecordCount); Enumeration e = list.getCertRecords(0, totalRecordCount - 1); while (e != null && e.hasMoreElements()) { @@ -344,18 +352,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { - rarg.addStringValue("error", "Certificate " + - cert.getSerialNumber().toString() + - " is already revoked."); + rarg.addStringValue("error", "Certificate " + + cert.getSerialNumber().toString() + + " is already revoked."); } else { oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl( + cert.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -367,42 +375,48 @@ public class ChallengeRevocationServlet1 extends CMSServlet { } else if (mAuthority instanceof IRegistrationAuthority) { String reqIdStr = null; - if (mRequestID != null && mRequestID.length() > 0) + if (mRequestID != null && mRequestID.length() > 0) reqIdStr = mRequestID; Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() + && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; - while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { + while (i < revokeAll.length() + && revokeAll.charAt(i) == ' ') { i++; } String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() && - legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() + && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { - serialNumbers.addElement(revokeAll.substring(i, j)); + serialNumbers.addElement(revokeAll.substring(i, + j)); } } } } - if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) { - IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr)); - X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS); + if (reqIdStr != null && reqIdStr.length() > 0 + && serialNumbers.size() > 0) { + IRequest certReq = mRequestQueue.findRequest(new RequestId( + reqIdStr)); + X509CertImpl[] certs = certReq + .getExtDataInCertArray(IRequest.OLD_CERTS); for (int i = 0; i < certs.length; i++) { boolean addToList = false; for (int j = 0; j < serialNumbers.size(); j++) { - if (certs[i].getSerialNumber().toString().equals( - (String) serialNumbers.elementAt(j))) { + if (certs[i] + .getSerialNumber() + .toString() + .equals((String) serialNumbers.elementAt(j))) { addToList = true; break; } @@ -411,11 +425,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); oldCertsV.addElement(certs[i]); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), + RevokedCertImpl revCertImpl = new RevokedCertImpl( + certs[i].getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -428,17 +442,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet { String b64eCert = req.getParameter("b64eCertificate"); if (b64eCert != null) { - byte[] certBytes = com.netscape.osutil.OSUtil.AtoB(b64eCert); + byte[] certBytes = com.netscape.osutil.OSUtil + .AtoB(b64eCert); X509CertImpl cert = new X509CertImpl(certBytes); IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); + cert.getSerialNumber(), 16); oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl( + cert.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -458,8 +473,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); @@ -478,30 +492,35 @@ public class ChallengeRevocationServlet1 extends CMSServlet { Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = revReq + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + oldCerts[j] + .getSubjectDN(), + oldCerts[j] + .getSerialNumber() + .toString(16), + RevocationReason + .fromInt(reason) + .toString() }); } } } @@ -513,24 +532,27 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // audit log the success. for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString( + 16), + RevocationReason.fromInt(reason) + .toString() }); } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -538,92 +560,98 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addStringValue("updateCRLSuccess", "yes"); } else { header.addStringValue("updateCRLSuccess", "no"); - String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = revReq + .getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + header.addStringValue("updateCRLError", crlError); } // let known crl publishing status too. - Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue("publishCRLSuccess", "yes"); } else { header.addStringValue("publishCRLSuccess", "no"); - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) header.addStringValue("publishCRLError", - publError); + publError); } } } if (mAuthority instanceof ICertificateAuthority) { // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) + .getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs + .nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq + .getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", - updateStatusStr)); + CMS.debug("ChallengeRevcationServlet1: " + + CMS.getLogMessage( + "ADMIN_SRVLT_ADDING_HEADER", + updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { - String updateErrorStr = crl.getCrlUpdateErrorStr(); + String updateErrorStr = crl + .getCrlUpdateErrorStr(); - CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); + CMS.debug("ChallengeRevcationServlet1: " + + CMS.getLogMessage( + "ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); header.addStringValue(updateStatusStr, "no"); - String error = - revReq.getExtDataInString(updateErrorStr); + String error = revReq + .getExtDataInString(updateErrorStr); if (error != null) - header.addStringValue(updateErrorStr, - error); + header.addStringValue(updateErrorStr, error); } - String publishStatusStr = crl.getCrlPublishStatusStr(); - Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl + .getCrlPublishStatusStr(); + Integer publishResult = revReq + .getExtDataInInteger(publishStatusStr); if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = crl + .getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); - String error = - revReq.getExtDataInString(publishErrorStr); + String error = revReq + .getExtDataInString(publishErrorStr); if (error != null) - header.addStringValue( - publishErrorStr, error); + header.addStringValue(publishErrorStr, + error); } } } } - if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null + && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = revReq + .getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -639,12 +667,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet { header.addIntegerValue("certsToUpdate", certsToUpdate); // add crl publishing status. - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - header.addStringValue("crlPublishError", - publError); + header.addStringValue("crlPublishError", publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -657,22 +684,26 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // audit log the pending for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "pending", - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "pending", + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString( + 16), + RevocationReason.fromInt(reason) + .toString() }); } } } else { - Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq + .getExtDataInStringVector(IRequest.ERRORS); StringBuffer errorStr = new StringBuffer(); if (errors != null && errors.size() > 0) { @@ -685,17 +716,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet { // audit log the error for (int j = 0; j < count; j++) { if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - oldCerts[j].getSubjectDN(), - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + oldCerts[j].getSubjectDN(), + oldCerts[j].getSerialNumber().toString( + 16), + RevocationReason.fromInt(reason) + .toString() }); } } } @@ -706,8 +740,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet { throw e; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } catch (Exception e) { e.printStackTrace(); } @@ -715,4 +751,3 @@ public class ChallengeRevocationServlet1 extends CMSServlet { return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java index 88abe80e..b6fd03e9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Locale; @@ -39,12 +38,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Redirect a request to the Master. This servlet is used in - * a clone when a requested service (such as CRL) is not available. - * It redirects the user to the master. - * + * Redirect a request to the Master. This servlet is used in a clone when a + * requested service (such as CRL) is not available. It redirects the user to + * the master. + * * @version $Revision$, $Date$ */ public class CloneRedirect extends CMSServlet { @@ -71,7 +69,8 @@ public class CloneRedirect extends CMSServlet { /** * Initialize the servlet. - * @param sc servlet configuration, read from the web.xml file + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -83,8 +82,9 @@ public class CloneRedirect extends CMSServlet { if (authConfig != null) { try { - mNewUrl = authConfig.getString(PROP_REDIRECT_URL, - "*** master URL unavailable, check your configuration ***"); + mNewUrl = authConfig + .getString(PROP_REDIRECT_URL, + "*** master URL unavailable, check your configuration ***"); } catch (EBaseException e) { // do nothing } @@ -93,8 +93,8 @@ public class CloneRedirect extends CMSServlet { if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output with our own template. + + // override success to do output with our own template. mTemplates.remove(CMSRequest.SUCCESS); } @@ -117,29 +117,32 @@ public class CloneRedirect extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } - CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); + CMS.debug("CloneRedirect: " + + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); header.addStringValue("masterURL", mNewUrl); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -147,13 +150,11 @@ public class CloneRedirect extends CMSServlet { * Display information about redirecting to the master's URL info */ private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String signatureAlgorithm, - Locale locale) - throws EBaseException { + HttpServletRequest req, HttpServletResponse resp, + String signatureAlgorithm, Locale locale) throws EBaseException { - CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); + CMS.debug("CloneRedirect: " + + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); header.addStringValue("masterURL", mNewUrl); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java index 0ccf7f18..40514846 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * 'Face-to-face' certificate enrollment. - * + * * @version $Revision$, $Date$ */ public class DirAuthServlet extends CMSServlet { @@ -64,15 +62,15 @@ public class DirAuthServlet extends CMSServlet { super(); } - /** + /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); try { - mFormPath = sc.getInitParameter( - PROP_SUCCESS_TEMPLATE); + mFormPath = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); if (mFormPath == null) mFormPath = TPL_FILE; } catch (Exception e) { @@ -81,15 +79,13 @@ public class DirAuthServlet extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); } - - /** + /** * Process the HTTP request. This servlet reads configuration information - * from the hashDirEnrollment configuration substore - * + * from the hashDirEnrollment configuration substore + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -99,9 +95,10 @@ public class DirAuthServlet extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException( - CMS.getLogMessage("CMSGW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException(CMS + .getLogMessage("CMSGW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -112,10 +109,10 @@ public class DirAuthServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); - cmsReq.setError(new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + cmsReq.setError(new ECMSGWException(CMS + .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -129,8 +126,8 @@ public class DirAuthServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "submit"); } catch (Exception e) { // do nothing for now } @@ -142,7 +139,8 @@ public class DirAuthServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -166,7 +164,7 @@ public class DirAuthServlet extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -176,11 +174,12 @@ public class DirAuthServlet extends CMSServlet { mgr.addAuthToken(pageID, authToken); - header.addStringValue("pageID", pageID); + header.addStringValue("pageID", pageID); header.addStringValue("uid", uid); - header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid)); + header.addStringValue("fingerprint", + mgr.hashFingerprint(reqHost, pageID, uid)); header.addStringValue("hostname", reqHost); - + try { ServletOutputStream out = httpResp.getOutputStream(); @@ -188,10 +187,11 @@ public class DirAuthServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -199,7 +199,7 @@ public class DirAuthServlet extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -218,10 +218,10 @@ public class DirAuthServlet extends CMSServlet { try { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -234,9 +234,10 @@ public class DirAuthServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"))); cmsReq.setStatus(CMSRequest.ERROR); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java index 9f353312..380bb9d7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * For Face-to-face enrollment, disable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.EnableEnrollResult */ @@ -82,8 +80,7 @@ public class DisableEnrollResult extends CMSServlet { /** * Services the request */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -92,8 +89,8 @@ public class DisableEnrollResult extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, - mAuthzResourceName, "disable"); + authzToken = authorize(mAclMethod, token, mAuthzResourceName, + "disable"); } catch (Exception e) { // do nothing for now } @@ -112,9 +109,10 @@ public class DisableEnrollResult extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException( - CMS.getLogMessage("CMSGW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException(CMS + .getLogMessage("CMSGW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -125,10 +123,10 @@ public class DisableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -139,7 +137,8 @@ public class DisableEnrollResult extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -162,10 +161,11 @@ public class DisableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java index 61cadc4a..62a1f5e9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display detailed information about a certificate - * - * The template 'displayBySerial.template' is used to - * render the response for this servlet. - * + * + * The template 'displayBySerial.template' is used to render the response for + * this servlet. + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -99,26 +97,29 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); } try { - mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); + mCACerts = ((ICertAuthority) mAuthority).getCACertChain() + .getChain(); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); } // coming from ee mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1; - - if (mOutputTemplatePath != null) + + if (mOutputTemplatePath != null) mForm1Path = mOutputTemplatePath; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); } @@ -126,8 +127,8 @@ public class DisplayBySerial extends CMSServlet { /** * Serves HTTP request. The format of this request is as follows: * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to display - * (or hex if serialNumber preceded by 0x) + * <li>http.param serialNumber Decimal serial number of certificate to + * display (or hex if serialNumber preceded by 0x) * </ul> */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -148,10 +149,11 @@ public class DisplayBySerial extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + mAuthzResourceName, "read"); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -166,17 +168,22 @@ public class DisplayBySerial extends CMSServlet { form = getTemplate(mForm1Path, req, locale); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", String.valueOf(serialNumber))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", + String.valueOf(serialNumber))); - error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new ECMSGWException( + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, + e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (EDBRecordNotFoundException e) { - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", "0x" + serialNumber.toString(16))); + throw new ECMSGWException(CMS.getLogMessage( + "CMSGW_CERT_SERIAL_NOT_FOUND_1", + "0x" + serialNumber.toString(16))); } IArgBlock header = CMS.createArgBlock(); @@ -185,15 +192,14 @@ public class DisplayBySerial extends CMSServlet { try { if (serialNumber.compareTo(MINUS_ONE) > 0) { - process(argSet, header, serialNumber, - req, resp, locale[0]); + process(argSet, header, serialNumber, req, resp, locale[0]); } else { error = new ECMSGWException( - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); } } catch (EBaseException e) { error = e; - } + } try { ServletOutputStream out = resp.getOutputStream(); @@ -201,20 +207,22 @@ public class DisplayBySerial extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -223,55 +231,53 @@ public class DisplayBySerial extends CMSServlet { * Display information about a particular certificate */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, HttpServletResponse resp, + Locale locale) throws EBaseException { String certType[] = new String[1]; try { ICertRecord rec = getCertRecord(seq, certType); - + if (certType[0].equalsIgnoreCase("x509")) { processX509(argSet, header, seq, req, resp, locale); return; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return; } - + private void processX509(CMSTemplateParams argSet, IArgBlock header, - BigInteger seq, HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + BigInteger seq, HttpServletRequest req, HttpServletResponse resp, + Locale locale) throws EBaseException { try { ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq); - if (rec == null) { - CMS.debug("DisplayBySerial: failed to read record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (rec == null) { + CMS.debug("DisplayBySerial: failed to read record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } X509CertImpl cert = rec.getCertificate(); - if (cert == null) { - CMS.debug("DisplayBySerial: no certificate in record"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + if (cert == null) { + CMS.debug("DisplayBySerial: no certificate in record"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } try { - X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - if (info == null) { - CMS.debug("DisplayBySerial: no info found"); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); + X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + + "." + X509CertImpl.INFO); + if (info == null) { + CMS.debug("DisplayBySerial: no info found"); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } - CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = (CertificateExtensions) info + .get(X509CertInfo.EXTENSIONS); boolean emailCert = false; @@ -282,16 +288,20 @@ public class DisplayBySerial extends CMSServlet { if (ext instanceof NSCertTypeExtension) { NSCertTypeExtension type = (NSCertTypeExtension) ext; - if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue()) + if (((Boolean) type.get(NSCertTypeExtension.EMAIL)) + .booleanValue()) emailCert = true; } if (ext instanceof KeyUsageExtension) { - KeyUsageExtension usage = - (KeyUsageExtension) ext; + KeyUsageExtension usage = (KeyUsageExtension) ext; try { - if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || - ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) + if (((Boolean) usage + .get(KeyUsageExtension.DIGITAL_SIGNATURE)) + .booleanValue() + || ((Boolean) usage + .get(KeyUsageExtension.DATA_ENCIPHERMENT)) + .booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e) { // bug356108: @@ -304,16 +314,23 @@ public class DisplayBySerial extends CMSServlet { header.addBooleanValue("emailCert", emailCert); boolean noCertImport = true; - MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); + MetaInfo metaInfo = (MetaInfo) rec + .get(ICertRecord.ATTR_META_INFO); if (metaInfo != null) { - String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); - - if (rid != null && mAuthority instanceof ICertificateAuthority) { - IRequest r = ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest(new RequestId(rid)); - String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); - - if (certType != null && certType.equals(IRequest.CLIENT_CERT)) { + String rid = (String) metaInfo + .get(ICertRecord.META_REQUEST_ID); + + if (rid != null + && mAuthority instanceof ICertificateAuthority) { + IRequest r = ((ICertificateAuthority) mAuthority) + .getRequestQueue().findRequest( + new RequestId(rid)); + String certType = r.getExtDataInString( + IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + + if (certType != null + && certType.equals(IRequest.CLIENT_CERT)) { noCertImport = false; } } @@ -321,8 +338,9 @@ public class DisplayBySerial extends CMSServlet { header.addBooleanValue("noCertImport", noCertImport); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", + e.toString())); } IRevocationInfo revocationInfo = rec.getRevocationInfo(); @@ -338,7 +356,8 @@ public class DisplayBySerial extends CMSServlet { Extension ext = (Extension) enumx.nextElement(); if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext).getReason().toInt(); + reason = ((CRLReasonExtension) ext).getReason() + .toInt(); } } header.addIntegerValue("revocationReason", reason); @@ -347,20 +366,16 @@ public class DisplayBySerial extends CMSServlet { ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert); - header.addStringValue("certPrettyPrint", - certDetails.toString(locale)); + header.addStringValue("certPrettyPrint", + certDetails.toString(locale)); /* - String scheme = req.getScheme(); - if (scheme.equals("http") && connectionIsSSL(req)) - scheme = "https"; - String requestURI = req.getRequestURI(); - int i = requestURI.indexOf('?'); - String newRequestURI = - (i > -1)? requestURI.substring(0, i): requestURI; - header.addStringValue("serviceURL", scheme +"://"+ - req.getServerName() + ":"+ - req.getServerPort() + newRequestURI); + * String scheme = req.getScheme(); if (scheme.equals("http") && + * connectionIsSSL(req)) scheme = "https"; String requestURI = + * req.getRequestURI(); int i = requestURI.indexOf('?'); String + * newRequestURI = (i > -1)? requestURI.substring(0, i): requestURI; + * header.addStringValue("serviceURL", scheme +"://"+ + * req.getServerName() + ":"+ req.getServerPort() + newRequestURI); */ header.addStringValue("authorityid", mAuthority.getId()); @@ -369,8 +384,9 @@ public class DisplayBySerial extends CMSServlet { try { certFingerprints = CMS.getFingerPrints(cert); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", + e.toString())); } if (certFingerprints.length() > 0) header.addStringValue("certFingerprint", certFingerprints); @@ -378,30 +394,30 @@ public class DisplayBySerial extends CMSServlet { byte[] ba = cert.getEncoded(); // Do base 64 encoding - header.addStringValue("certChainBase64", com.netscape.osutil.OSUtil.BtoA(ba)); + header.addStringValue("certChainBase64", + com.netscape.osutil.OSUtil.BtoA(ba)); header.addStringValue("serialNumber", seq.toString(16)); /* - String userAgent = req.getHeader("user-agent"); - String agent = - (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; + * String userAgent = req.getHeader("user-agent"); String agent = + * (userAgent != null)? UserInfo.getUserAgent(userAgent): ""; */ // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { if (cert.equals(mCACerts[i])) { - certsInChain = new - X509CertImpl[mCACerts.length]; + certsInChain = new X509CertImpl[mCACerts.length]; break; } certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (mCACerts != null) { for (int i = 0; i < mCACerts.length; i++) { @@ -414,43 +430,42 @@ public class DisplayBySerial extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - certsInChain, - new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( + new byte[0]), certsInChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - p7.encodeSignedData(bos,false); + p7.encodeSignedData(bos, false); byte[] p7Bytes = bos.toByteArray(); - p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); + p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes); header.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception e) { - //p7Str = "PKCS#7 B64 Encoding error - " + e.toString() - //+ "; Please contact your administrator"; - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + // p7Str = "PKCS#7 B64 Encoding error - " + e.toString() + // + "; Please contact your administrator"; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", + e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7")); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } catch (CertificateEncodingException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT")); } return; } - + private ICertRecord getCertRecord(BigInteger seq, String certtype[]) - throws EBaseException { + throws EBaseException { ICertRecord rec = null; - + try { rec = (ICertRecord) mCertDB.readCertificateRecord(seq); X509CertImpl x509cert = rec.getCertificate(); @@ -460,28 +475,28 @@ public class DisplayBySerial extends CMSServlet { return rec; } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString())); throw e; } - + return rec; } private BigInteger getSerialNumber(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); if (serialNumString != null) { serialNumString = serialNumString.trim(); - if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) { + if (serialNumString.startsWith("0x") + || serialNumString.startsWith("0X")) { return new BigInteger(serialNumString.substring(2), 16); } else { - return new BigInteger(serialNumString); + return new BigInteger(serialNumString); } - } else { + } else { throw new NumberFormatException(); - } + } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java index 3a5f3f06..7f47db5f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Decode the CRL and display it to the requester. - * + * * @version $Revision$, $Date$ */ public class DisplayCRL extends CMSServlet { @@ -64,8 +62,8 @@ public class DisplayCRL extends CMSServlet { private static final long serialVersionUID = 1152016798229054027L; private final static String INFO = "DisplayCRL"; private final static String TPL_FILE = "displayCRL.template"; - //private final static String E_TPL_FILE = "error.template"; - //private final static String OUT_ERROR = "errorDetails"; + // private final static String E_TPL_FILE = "error.template"; + // private final static String OUT_ERROR = "errorDetails"; private String mFormPath = null; private ICertificateAuthority mCA = null; @@ -78,9 +76,10 @@ public class DisplayCRL extends CMSServlet { } /** - * Initialize the servlet. This servlet uses the 'displayCRL.template' file to - * to render the response to the client. - * @param sc servlet configuration, read from the web.xml file + * Initialize the servlet. This servlet uses the 'displayCRL.template' file + * to to render the response to the client. + * + * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -96,15 +95,16 @@ public class DisplayCRL extends CMSServlet { } /** - * Process the HTTP request + * Process the HTTP request * <ul> - * <li>http.param crlIssuingPoint number - * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL - * <li>http.param pageStart which page to start displaying from - * <li>http.param pageSize number of entries to show per page + * <li>http.param crlIssuingPoint number + * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or + * deltaCRL + * <li>http.param pageStart which page to start displaying from + * <li>http.param pageSize number of entries to show per page * </ul> + * * @param cmsReq the Request to service. - */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -115,8 +115,8 @@ public class DisplayCRL extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (Exception e) { // do nothing for now } @@ -132,8 +132,9 @@ public class DisplayCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, + e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } @@ -147,24 +148,25 @@ public class DisplayCRL extends CMSServlet { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); - process(argSet, header, req, resp, crlIssuingPointId, - locale[0]); + process(argSet, header, req, resp, crlIssuingPointId, locale[0]); try { ServletOutputStream out = resp.getOutputStream(); String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } @@ -172,10 +174,8 @@ public class DisplayCRL extends CMSServlet { * Display information about a particular CRL. */ private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String crlIssuingPointId, - Locale locale) { + HttpServletRequest req, HttpServletResponse resp, + String crlIssuingPointId, Locale locale) { boolean updateStatus = true; EBaseException error = null; ICRLIssuingPoint crlIP = null; @@ -189,27 +189,30 @@ public class DisplayCRL extends CMSServlet { ICRLRepository crlRepository = mCA.getCRLRepository(); try { - masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); - masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); - if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + masterHost = CMS.getConfigStore().getString("master.ca.agent.host", + ""); + masterPort = CMS.getConfigStore().getString("master.ca.agent.port", + ""); + if (masterHost != null && masterHost.length() > 0 + && masterPort != null && masterPort.length() > 0) { clonedCA = true; ipNames = crlRepository.getIssuingPointsNames(); } } catch (EBaseException e) { } - + if (clonedCA) { if (crlIssuingPointId != null) { if (ipNames != null && ipNames.size() > 0) { int i; for (i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); if (crlIssuingPointId.equals(ipName)) { break; } } - if (i >= ipNames.size()) crlIssuingPointId = null; + if (i >= ipNames.size()) + crlIssuingPointId = null; } else { crlIssuingPointId = null; } @@ -226,13 +229,15 @@ public class DisplayCRL extends CMSServlet { isCRLCacheEnabled = ip.isCRLCacheEnabled(); break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } } if (crlIssuingPointId == null) { header.addStringValue("error", - "Request to unspecified or non-existing CRL issuing point: "+ipId); + "Request to unspecified or non-existing CRL issuing point: " + + ipId); return; } @@ -240,36 +245,43 @@ public class DisplayCRL extends CMSServlet { String crlDisplayType = req.getParameter("crlDisplayType"); - if (crlDisplayType == null) crlDisplayType = "cachedCRL"; + if (crlDisplayType == null) + crlDisplayType = "cachedCRL"; header.addStringValue("crlDisplayType", crlDisplayType); try { - crlRecord = - (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId); + crlRecord = (ICRLIssuingPointRecord) mCA.getCRLRepository() + .readCRLIssuingPointRecord(crlIssuingPointId); } catch (EBaseException e) { header.addStringValue("error", e.toString(locale)); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); - return; + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue( + "error", + new ECMSGWException(CMS.getUserMessage(locale, + "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + return; } header.addStringValue("crlIssuingPoint", crlIssuingPointId); if (crlDisplayType.equals("deltaCRL")) { if (clonedCA) { - header.addStringValue("crlNumber", crlRecord.getDeltaCRLNumber().toString()); + header.addStringValue("crlNumber", crlRecord + .getDeltaCRLNumber().toString()); } else { - header.addStringValue("crlNumber", crlIP.getDeltaCRLNumber().toString()); + header.addStringValue("crlNumber", crlIP.getDeltaCRLNumber() + .toString()); } } else { if (clonedCA) { - header.addStringValue("crlNumber", crlRecord.getCRLNumber().toString()); + header.addStringValue("crlNumber", crlRecord.getCRLNumber() + .toString()); } else { - header.addStringValue("crlNumber", crlIP.getCRLNumber().toString()); + header.addStringValue("crlNumber", crlIP.getCRLNumber() + .toString()); } } long lCRLSize = crlRecord.getCRLSize().longValue(); @@ -283,10 +295,12 @@ public class DisplayCRL extends CMSServlet { byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + header.addStringValue( + "error", + new ECMSGWException(CMS.getUserMessage(locale, + "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); return; } @@ -298,14 +312,19 @@ public class DisplayCRL extends CMSServlet { } } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString())); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString())); + header.addStringValue( + "error", + new ECMSGWException(CMS.getUserMessage(locale, + "CMS_GW_DECODE_CRL_FAILED")).toString()); } } - if (crl != null || (isCRLCacheEnabled && crlDisplayType.equals("cachedCRL"))) { - if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) { + if (crl != null + || (isCRLCacheEnabled && crlDisplayType.equals("cachedCRL"))) { + if (crlDisplayType.equals("entireCRL") + || crlDisplayType.equals("cachedCRL")) { ICRLPrettyPrint crlDetails = null; if (crlDisplayType.equals("entireCRL")) { crlDetails = CMS.getCRLPrettyPrint(crl); @@ -320,28 +339,29 @@ public class DisplayCRL extends CMSServlet { long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) lPageStart = 1; + if (lPageStart < 1) + lPageStart = 1; // if (lPageStart + lPageSize - lCRLSize > 1) - // lPageStart = lCRLSize - lPageSize + 1; + // lPageStart = lCRLSize - lPageSize + 1; - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, - lCRLSize, lPageStart, lPageSize)); + header.addStringValue("crlPrettyPrint", crlDetails + .toString(locale, lCRLSize, lPageStart, lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale)); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale)); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0)); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale, lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil + .BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -356,7 +376,8 @@ public class DisplayCRL extends CMSServlet { if (i >= length) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); argSet.addRepeatRecord(rarg); } } else { @@ -364,11 +385,13 @@ public class DisplayCRL extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, length)); i = length; } argSet.addRepeatRecord(rarg); @@ -377,70 +400,93 @@ public class DisplayCRL extends CMSServlet { } catch (CRLException e) { } } else if (crlDisplayType.equals("deltaCRL")) { - if ((clonedCA && crlRecord.getDeltaCRLSize() != null && - crlRecord.getDeltaCRLSize().longValue() > -1) || - (crlIP != null && crlIP.isDeltaCRLEnabled())) { + if ((clonedCA && crlRecord.getDeltaCRLSize() != null && crlRecord + .getDeltaCRLSize().longValue() > -1) + || (crlIP != null && crlIP.isDeltaCRLEnabled())) { byte[] deltaCRLBytes = crlRecord.getDeltaCRL(); if (deltaCRLBytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); - header.addStringValue("error", "Delta CRL is not available"); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId)); + header.addStringValue("error", + "Delta CRL is not available"); } else { X509CRLImpl deltaCRL = null; try { deltaCRL = new X509CRLImpl(deltaCRLBytes); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); + header.addStringValue( + "error", + new ECMSGWException(CMS.getUserMessage( + locale, "CMS_GW_DECODE_CRL_FAILED")) + .toString()); } if (deltaCRL != null) { BigInteger crlNumber = crlRecord.getCRLNumber(); - BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); - if ((clonedCA && crlNumber != null && deltaNumber != null && - deltaNumber.compareTo(crlNumber) >= 0) || - (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) { + BigInteger deltaNumber = crlRecord + .getDeltaCRLNumber(); + if ((clonedCA && crlNumber != null + && deltaNumber != null && deltaNumber + .compareTo(crlNumber) >= 0) + || (crlIP != null && crlIP + .isThisCurrentDeltaCRL(deltaCRL))) { - header.addIntegerValue("deltaCRLSize", - deltaCRL.getNumberOfRevokedCertificates()); + header.addIntegerValue("deltaCRLSize", deltaCRL + .getNumberOfRevokedCertificates()); - ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL); + ICRLPrettyPrint crlDetails = CMS + .getCRLPrettyPrint(deltaCRL); - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0)); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale, 0, 0, 0)); try { byte[] ba = deltaCRL.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil + .BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; int n = 1; while (i < length) { - int k = crlBase64Encoded.indexOf('\n', i); + int k = crlBase64Encoded.indexOf('\n', + i); if (n < 100 && k > -1) { n++; i = k + 1; if (i >= length) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS + .createArgBlock(); - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue( + "crlBase64Encoded", + crlBase64Encoded + .substring(j, k)); argSet.addRepeatRecord(rarg); } } else { n = 1; - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS + .createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue( + "crlBase64Encoded", + crlBase64Encoded + .substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); + rarg.addStringValue( + "crlBase64Encoded", + crlBase64Encoded + .substring(j, + length)); i = length; } argSet.addRepeatRecord(rarg); @@ -449,25 +495,32 @@ public class DisplayCRL extends CMSServlet { } catch (CRLException e) { } } else { - header.addStringValue("error", "Current Delta CRL is not available."); + header.addStringValue("error", + "Current Delta CRL is not available."); } } } } else { - header.addStringValue("error", "Delta CRL is not enabled for " + - crlIssuingPointId + - " issuing point"); + header.addStringValue("error", + "Delta CRL is not enabled for " + crlIssuingPointId + + " issuing point"); } } } else if (!isCRLCacheEnabled && crlDisplayType.equals("cachedCRL")) { - header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); - header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); + header.addStringValue("error", CMS.getUserMessage(locale, + "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); + header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, + "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId)); } else { - header.addStringValue("error", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); - header.addStringValue("crlPrettyPrint", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue( + "error", + new ECMSGWException(CMS.getUserMessage(locale, + "CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue( + "crlPrettyPrint", + new ECMSGWException(CMS.getUserMessage(locale, + "CMS_GW_DECODE_CRL_FAILED")).toString()); } return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java index 6efda2bb..74c4ff28 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Servlet to report the status, ie, the agent-initiated user - * enrollment is enabled or disabled. - * + * Servlet to report the status, ie, the agent-initiated user enrollment is + * enabled or disabled. + * * @version $Revision$, $Date$ */ public class DisplayHashUserEnroll extends CMSServlet { @@ -72,8 +70,7 @@ public class DisplayHashUserEnroll extends CMSServlet { super.init(sc); try { - mFormPath = sc.getInitParameter( - PROP_SUCCESS_TEMPLATE); + mFormPath = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); if (mFormPath == null) mFormPath = TPL_FILE; } catch (Exception e) { @@ -89,8 +86,7 @@ public class DisplayHashUserEnroll extends CMSServlet { /** * Services the request */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -98,8 +94,8 @@ public class DisplayHashUserEnroll extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (Exception e) { // do nothing for now } @@ -115,9 +111,10 @@ public class DisplayHashUserEnroll extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -128,7 +125,8 @@ public class DisplayHashUserEnroll extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; boolean isEnable = mgr.isEnable(reqHost); @@ -152,7 +150,7 @@ public class DisplayHashUserEnroll extends CMSServlet { printError(cmsReq, "2"); cmsReq.setStatus(CMSRequest.SUCCESS); return; - } + } mgr.setLastLogin(reqHost, currTime); @@ -162,10 +160,10 @@ public class DisplayHashUserEnroll extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -177,10 +175,11 @@ public class DisplayHashUserEnroll extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -188,7 +187,7 @@ public class DisplayHashUserEnroll extends CMSServlet { } private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -207,10 +206,10 @@ public class DisplayHashUserEnroll extends CMSServlet { try { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -223,10 +222,11 @@ public class DisplayHashUserEnroll extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", + e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java index b333c787..dbca061a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -71,10 +70,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevoke extends CMSServlet { @@ -98,20 +96,17 @@ public class DoRevoke extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevoke() { super(); } /** - * initialize the servlet. This servlet uses the template - * file "revocationResult.template" to render the result + * initialize the servlet. This servlet uses the template file + * "revocationResult.template" to render the result + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -122,13 +117,15 @@ public class DoRevoke extends CMSServlet { mUL = mUG.getCertUserLocator(); if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); if (((ICertificateAuthority) mAuthority).noncesEnabled()) { mNonces = ((ICertificateAuthority) mAuthority).getNonces(); } } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority) + .getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -145,16 +142,20 @@ public class DoRevoke extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as follows: + * Serves HTTP request. The http parameters used by this request are as + * follows: + * * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> + * * revocationReason can be one of these values: + * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -184,8 +185,11 @@ public class DoRevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } IArgBlock header = CMS.createArgBlock(); @@ -194,21 +198,18 @@ public class DoRevoke extends CMSServlet { try { if (req.getParameter("revocationReason") != null) { - reason = Integer.parseInt(req.getParameter( - "revocationReason")); + reason = Integer.parseInt(req.getParameter("revocationReason")); } if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = Integer.parseInt(req.getParameter( - "totalRecordCount")); + totalRecordCount = Integer.parseInt(req + .getParameter("totalRecordCount")); } if (req.getParameter("verifiedRecordCount") != null) { - verifiedRecordCount = Integer.parseInt( - req.getParameter( - "verifiedRecordCount")); + verifiedRecordCount = Integer.parseInt(req + .getParameter("verifiedRecordCount")); } if (req.getParameter("invalidityDate") != null) { - long l = Long.parseLong(req.getParameter( - "invalidityDate")); + long l = Long.parseLong(req.getParameter("invalidityDate")); if (l > 0) { invalidityDate = new Date(l); @@ -226,10 +227,11 @@ public class DoRevoke extends CMSServlet { certChain[0] = cert2; IUser user = null; try { - user = (IUser) mUL.locateUser(new Certificates(certChain)); + user = (IUser) mUL.locateUser(new Certificates( + certChain)); } catch (Exception e) { - CMS.debug("DoRevoke: Failed to map certificate '"+ - cert2.getSubjectDN().getName()+"' to user."); + CMS.debug("DoRevoke: Failed to map certificate '" + + cert2.getSubjectDN().getName() + "' to user."); } if (mUG.isMemberOf(user, "Subsystem Group")) { skipNonceVerification = true; @@ -242,15 +244,17 @@ public class DoRevoke extends CMSServlet { X509Certificate cert1 = mNonces.getCertificate(nonce); if (cert1 == null) { CMS.debug("DoRevoke: Unknown nonce"); - } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { + } else if (cert1 != null && cert2 != null + && cert1.equals(cert2)) { nonceVerified = true; mNonces.removeNonce(nonce); } } else { CMS.debug("DoRevoke: Missing nonce"); } - CMS.debug("DoRevoke: nonceVerified="+nonceVerified); - CMS.debug("DoRevoke: skipNonceVerification="+skipNonceVerification); + CMS.debug("DoRevoke: nonceVerified=" + nonceVerified); + CMS.debug("DoRevoke: skipNonceVerification=" + + skipNonceVerification); if ((!nonceVerified) && (!skipNonceVerification)) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; @@ -261,7 +265,7 @@ public class DoRevoke extends CMSServlet { String eeSubjectDN = null; String eeSerialNumber = null; - //for audit log. + // for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -272,46 +276,51 @@ public class DoRevoke extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "revoke"); + mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - - if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + + if (mAuthMgr != null + && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (serialNumber != null) { + if (serialNumber != null) { eeSerialNumber = serialNumber; } - authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + - " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { // request is fromUser. initiative = AuditFormat.FROMUSER; - + String serialNumber = req.getParameter("serialNumber"); X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req); - if (serialNumber == null || sslCert == null || - !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) { + if (serialNumber == null + || sslCert == null + || !(serialNumber.equals(sslCert.getSerialNumber() + .toString(16)))) { authorized = false; } else { eeSubjectDN = sslCert.getSubjectDN().toString(); @@ -322,29 +331,25 @@ public class DoRevoke extends CMSServlet { if (authorized) { process(argSet, header, reason, invalidityDate, initiative, - req, resp, verifiedRecordCount, revokeAll, - totalRecordCount, eeSerialNumber, eeSubjectDN, - comments, locale[0]); + req, resp, verifiedRecordCount, revokeAll, + totalRecordCount, eeSerialNumber, eeSubjectDN, + comments, locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException( + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } /* - catch (Exception e) { - noError = false; - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - errorlocale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * catch (Exception e) { noError = false; + * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( + * errorlocale[0], BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ try { @@ -353,11 +358,11 @@ public class DoRevoke extends CMSServlet { if (error == null && authorized) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else if (!authorized) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); @@ -366,67 +371,63 @@ public class DoRevoke extends CMSServlet { cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, - * or an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, or + * an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response * @param verifiedRecordCount number of verified records - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) - * @param eeSerialNumber string containing the end-entity certificate - * serial number + * @param eeSerialNumber string containing the end-entity certificate serial + * number * @param eeSubjectDN string containing the end-entity certificate subject - * distinguished name (DN) + * distinguished name (DN) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - int verifiedRecordCount, - String revokeAll, - int totalRecordCount, - String eeSerialNumber, - String eeSubjectDN, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, String initiative, + HttpServletRequest req, HttpServletResponse resp, + int verifiedRecordCount, String revokeAll, int totalRecordCount, + String eeSerialNumber, String eeSubjectDN, String comments, + Locale locale) throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -436,7 +437,8 @@ public class DoRevoke extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber); + CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + + " auditSerialNumber: " + auditSerialNumber); long startTime = CMS.getCurrentDate().getTime(); try { @@ -479,47 +481,54 @@ public class DoRevoke extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); // we do not want to revoke the CA certificate accidentially - if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber()); + if (xcert != null + && isSystemCertificate(xcert.getSerialNumber())) { + CMS.debug("DoRevoke: skipped revocation request for system certificate " + + xcert.getSerialNumber()); continue; } - - if (xcert != null) { - rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); - if (eeSerialNumber != null && - (eeSerialNumber.equals(xcert.getSerialNumber().toString())) && - rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16))); + if (xcert != null) { + rarg.addStringValue("serialNumber", xcert + .getSerialNumber().toString(16)); + + if (eeSerialNumber != null + && (eeSerialNumber.equals(xcert + .getSerialNumber().toString())) + && rec.getStatus().equals( + ICertRecord.STATUS_REVOKED)) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CA_CERTIFICATE_ALREADY_REVOKED_1", xcert + .getSerialNumber().toString(16))); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")); - } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { - rarg.addStringValue("error", "Certificate 0x" + - xcert.getSerialNumber().toString(16) + - " is already revoked."); - } else if (eeSubjectDN != null && - (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) { - rarg.addStringValue("error", "Certificate 0x" + - xcert.getSerialNumber().toString(16) + - " belongs to different subject."); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_UNAUTHORIZED")); + } else if (rec.getStatus().equals( + ICertRecord.STATUS_REVOKED)) { + rarg.addStringValue("error", "Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " is already revoked."); + } else if (eeSubjectDN != null + && (!eeSubjectDN.equals(xcert.getSubjectDN() + .toString()))) { + rarg.addStringValue("error", "Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " belongs to different subject."); } else { oldCertsV.addElement(xcert); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(xcert.getSerialNumber(), + RevokedCertImpl revCertImpl = new RevokedCertImpl( + xcert.getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -535,57 +544,67 @@ public class DoRevoke extends CMSServlet { Vector serialNumbers = new Vector(); if (revokeAll != null && revokeAll.length() > 0) { - for (int i = revokeAll.indexOf('='); - i < revokeAll.length() && i > -1; - i = revokeAll.indexOf('=', i)) { + for (int i = revokeAll.indexOf('='); i < revokeAll.length() + && i > -1; i = revokeAll.indexOf('=', i)) { if (i > -1) { i++; - while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') { + while (i < revokeAll.length() + && revokeAll.charAt(i) == ' ') { i++; } // xxxx decimal serial number? String legalDigits = "0123456789"; int j = i; - while (j < revokeAll.length() && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { + while (j < revokeAll.length() + && legalDigits.indexOf(revokeAll.charAt(j)) != -1) { j++; } if (j > i) { - serialNumbers.addElement(revokeAll.substring(i, j)); + serialNumbers.addElement(revokeAll.substring(i, + j)); } } } } - if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) { - IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr)); - X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS); + if (reqIdStr != null && reqIdStr.length() > 0 + && serialNumbers.size() > 0) { + IRequest certReq = mRequestQueue.findRequest(new RequestId( + reqIdStr)); + X509CertImpl[] certs = certReq + .getExtDataInCertArray(IRequest.OLD_CERTS); boolean authorized = false; for (int i = 0; i < certs.length; i++) { boolean addToList = false; - for (int j = 0; j < serialNumbers.size(); - j++) { - //xxxxx serial number in decimal? - if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) && - eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) { + for (int j = 0; j < serialNumbers.size(); j++) { + // xxxxx serial number in decimal? + if (certs[i] + .getSerialNumber() + .toString() + .equals((String) serialNumbers.elementAt(j)) + && eeSubjectDN != null + && eeSubjectDN.equals(certs[i] + .getSubjectDN().toString())) { addToList = true; break; } } - if (eeSerialNumber != null && - eeSerialNumber.equals(certs[i].getSerialNumber().toString())) { + if (eeSerialNumber != null + && eeSerialNumber.equals(certs[i] + .getSerialNumber().toString())) { authorized = true; } if (addToList) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", - certs[i].getSerialNumber().toString(16)); + rarg.addStringValue("serialNumber", certs[i] + .getSerialNumber().toString(16)); oldCertsV.addElement(certs[i]); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(certs[i].getSerialNumber(), + RevokedCertImpl revCertImpl = new RevokedCertImpl( + certs[i].getSerialNumber(), CMS.getCurrentDate(), entryExtn); revCertImplsV.addElement(revCertImpl); @@ -596,38 +615,38 @@ public class DoRevoke extends CMSServlet { } if (!authorized) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); + CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT")); // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType); audit(auditMessage); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_UNAUTHORIZED")); } } else { String b64eCert = req.getParameter("b64eCertificate"); if (b64eCert != null) { - // BASE64Decoder decoder = new BASE64Decoder(); - // byte[] certBytes = decoder.decodeBuffer(b64eCert); + // BASE64Decoder decoder = new BASE64Decoder(); + // byte[] certBytes = decoder.decodeBuffer(b64eCert); byte[] certBytes = CMS.AtoB(b64eCert); X509CertImpl cert = new X509CertImpl(certBytes); IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", - cert.getSerialNumber().toString(16)); + rarg.addStringValue("serialNumber", cert + .getSerialNumber().toString(16)); oldCertsV.addElement(cert); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(cert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl( + cert.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); revCertImplsV.addElement(revCertImpl); count++; @@ -636,27 +655,26 @@ public class DoRevoke extends CMSServlet { } } } - if (count == 0) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + if (count == 0) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND")); } header.addIntegerValue("totalRecordCount", count); X509CertImpl[] oldCerts = new X509CertImpl[count]; - //Certificate[] oldCerts = new Certificate[count]; + // Certificate[] oldCerts = new Certificate[count]; RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count]; for (int i = 0; i < count; i++) { @@ -664,32 +682,29 @@ public class DoRevoke extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if(initiative.equals(AuditFormat.FROMUSER)) - revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); + if (initiative.equals(AuditFormat.FROMUSER)) + revReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_EE); else - revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_AGENT); revReq.setExtData(IRequest.OLD_CERTS, oldCerts); if (comments != null) { revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments); } - revReq.setExtData(IRequest.REVOKED_REASON, - Integer.valueOf(reason)); + revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason)); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -707,38 +722,44 @@ public class DoRevoke extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + if ((stat == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = revReq + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber() + .toString( + 16), + RevocationReason + .fromInt( + reason) + .toString() }); } } } @@ -749,26 +770,24 @@ public class DoRevoke extends CMSServlet { // store a message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus + .equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -779,25 +798,29 @@ public class DoRevoke extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason) + .toString() + + " time: " + + (endTime - startTime) }); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -805,92 +828,99 @@ public class DoRevoke extends CMSServlet { header.addStringValue("updateCRLSuccess", "yes"); } else { header.addStringValue("updateCRLSuccess", "no"); - String crlError = - revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = revReq + .getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + if (crlError != null) + header.addStringValue("updateCRLError", crlError); } // let known crl publishing status too. - Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue("publishCRLSuccess", "yes"); } else { header.addStringValue("publishCRLSuccess", "no"); - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) + .getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs + .nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq + .getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr)); + CMS.debug("DoRevoke: " + + CMS.getLogMessage( + "ADMIN_SRVLT_ADDING_HEADER", + updateStatusStr)); header.addStringValue(updateStatusStr, "yes"); } else { - String updateErrorStr = crl.getCrlUpdateErrorStr(); + String updateErrorStr = crl + .getCrlUpdateErrorStr(); - CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); + CMS.debug("DoRevoke: " + + CMS.getLogMessage( + "ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); header.addStringValue(updateStatusStr, "no"); - String error = - revReq.getExtDataInString(updateErrorStr); + String error = revReq + .getExtDataInString(updateErrorStr); - if (error != null) - header.addStringValue(updateErrorStr, - error); + if (error != null) + header.addStringValue(updateErrorStr, error); } - String publishStatusStr = crl.getCrlPublishStatusStr(); - Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl + .getCrlPublishStatusStr(); + Integer publishResult = revReq + .getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = crl + .getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); - String error = - revReq.getExtDataInString(publishErrorStr); + String error = revReq + .getExtDataInString(publishErrorStr); - if (error != null) - header.addStringValue( - publishErrorStr, error); + if (error != null) + header.addStringValue(publishErrorStr, + error); } } } } - if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null + && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = revReq + .getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -905,13 +935,12 @@ public class DoRevoke extends CMSServlet { header.addIntegerValue("certsUpdated", certsUpdated); header.addIntegerValue("certsToUpdate", certsToUpdate); - // add crl publishing status. - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + // add crl publishing status. + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - header.addStringValue("crlPublishError", - publError); + header.addStringValue("crlPublishError", publError); } } else { header.addStringValue("dirEnabled", "no"); @@ -919,12 +948,14 @@ public class DoRevoke extends CMSServlet { header.addStringValue("error", null); } else { - if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { + if (stat == RequestStatus.PENDING + || stat == RequestStatus.REJECTED) { header.addStringValue("revoked", stat.toString()); } else { header.addStringValue("revoked", "no"); } - Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq + .getExtDataInStringVector(IRequest.ERRORS); if (errors != null) { StringBuffer errInfo = new StringBuffer(); for (int i = 0; i < errors.size(); i++) { @@ -945,17 +976,19 @@ public class DoRevoke extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason) + .toString() }); } } } @@ -965,18 +998,17 @@ public class DoRevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -986,12 +1018,9 @@ public class DoRevoke extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -999,21 +1028,18 @@ public class DoRevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1027,12 +1053,9 @@ public class DoRevoke extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -1040,21 +1063,18 @@ public class DoRevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -1062,19 +1082,17 @@ public class DoRevoke extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", + e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -1082,27 +1100,25 @@ public class DoRevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } } - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } return; @@ -1110,11 +1126,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -1140,11 +1156,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -1163,30 +1179,28 @@ public class DoRevoke extends CMSServlet { // find out if the value is hex or decimal int value = -1; - - //try int - try { - value = Integer.parseInt(serialNumber,10); + + // try int + try { + value = Integer.parseInt(serialNumber, 10); } catch (NumberFormatException e) { } - - //try hex - if( value == -1) { + + // try hex + if (value == -1) { try { - value = Integer.parseInt(serialNumber,16); + value = Integer.parseInt(serialNumber, 16); } catch (NumberFormatException e) { } } // give up if it isn't hex or dec - if ( value == -1) { + if (value == -1) { throw new NumberFormatException(); } // convert it to hexadecimal - serialNumber = "0x" - + Integer.toHexString( - value); + serialNumber = "0x" + Integer.toHexString(value); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -1196,11 +1210,11 @@ public class DoRevoke extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -1222,4 +1236,3 @@ public class DoRevoke extends CMSServlet { return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java index ce074a05..d29f795b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.io.OutputStream; import java.util.Date; @@ -63,10 +62,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Revoke a Certificate - * + * * @version $Revision$, $Date$ */ public class DoRevokeTPS extends CMSServlet { @@ -89,20 +87,17 @@ public class DoRevokeTPS extends CMSServlet { private final static String REVOKE = "revoke"; private final static String ON_HOLD = "on-hold"; private final static int ON_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; public DoRevokeTPS() { super(); } /** - * initialize the servlet. This servlet uses the template - * file "revocationResult.template" to render the result + * initialize the servlet. This servlet uses the template file + * "revocationResult.template" to render the result + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -110,10 +105,12 @@ public class DoRevokeTPS extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority) + .getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -131,16 +128,20 @@ public class DoRevokeTPS extends CMSServlet { } /** - * Serves HTTP request. The http parameters used by this request are as follows: + * Serves HTTP request. The http parameters used by this request are as + * follows: + * * <pre> * serialNumber Serial number of certificate to revoke (in HEX) * revocationReason Revocation reason (Described below) * totalRecordCount [number] * verifiedRecordCount [number] * invalidityDate [number of seconds in Jan 1,1970] - * + * * </pre> + * * revocationReason can be one of these values: + * * <pre> * 0 = Unspecified (default) * 1 = Key compromised @@ -171,11 +172,15 @@ public class DoRevokeTPS extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } catch (Exception e) { - CMS.debug("DoRevokeTPS getTemplate failed"); - throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + CMS.debug("DoRevokeTPS getTemplate failed"); + throw new EBaseException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } CMS.debug("DoRevokeTPS after getTemplate"); @@ -185,16 +190,14 @@ public class DoRevokeTPS extends CMSServlet { try { if (req.getParameter("revocationReason") != null) { - reason = Integer.parseInt(req.getParameter( - "revocationReason")); + reason = Integer.parseInt(req.getParameter("revocationReason")); } if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = Integer.parseInt(req.getParameter( - "totalRecordCount")); + totalRecordCount = Integer.parseInt(req + .getParameter("totalRecordCount")); } if (req.getParameter("invalidityDate") != null) { - long l = Long.parseLong(req.getParameter( - "invalidityDate")); + long l = Long.parseLong(req.getParameter("invalidityDate")); if (l > 0) { invalidityDate = new Date(l); @@ -203,7 +206,7 @@ public class DoRevokeTPS extends CMSServlet { revokeAll = req.getParameter("revokeAll"); String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS); - //for audit log. + // for audit log. String initiative = null; String authMgr = AuditFormat.NOAUTH; @@ -212,27 +215,31 @@ public class DoRevokeTPS extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "revoke"); + mAuthzResourceName, "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + + if (mAuthMgr != null + && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { if (authToken != null) { - authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); String agentID = authToken.getInString("userid"); - initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + - " authenticated by " + authMgr; + initiative = AuditFormat.FROMAGENT + " agentID: " + agentID + + " authenticated by " + authMgr; } } else { CMS.debug("DoRevokeTPS: Missing authentication manager"); @@ -241,13 +248,15 @@ public class DoRevokeTPS extends CMSServlet { } if (authorized) { - process(argSet, header, reason, invalidityDate, initiative, req, - resp, revokeAll, totalRecordCount, comments, locale[0]); + process(argSet, header, reason, invalidityDate, initiative, + req, resp, revokeAll, totalRecordCount, comments, + locale[0]); } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException( + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -260,10 +269,10 @@ public class DoRevokeTPS extends CMSServlet { errorString = "error=unauthorized"; } else if (error != null) { o_status = "status=3"; - errorString = "error="+error.toString(); + errorString = "error=" + error.toString(); } - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -271,59 +280,57 @@ public class DoRevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); } } /** * Process cert status change request * <P> - * - * (Certificate Request - either an "agent" cert status change request, - * or an "EE" cert status change request) + * + * (Certificate Request - either an "agent" cert status change request, or + * an "EE" cert status change request) * <P> - * - * (Certificate Request Processed - either an "agent" cert status change - * request, or an "EE" cert status change request) + * + * (Certificate Request Processed - either an "agent" cert status change + * request, or an "EE" cert status change request) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (revoked, expired, on-hold, - * off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (revoked, expired, on-hold, off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block - * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, - * 2 - CA key compromised; should not be used, 3 - Affiliation changed, - * 4 - Certificate superceded, 5 - Cessation of operation, or - * 6 - Certificate is on hold) + * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2 + * - CA key compromised; should not be used, 3 - Affiliation + * changed, 4 - Certificate superceded, 5 - Cessation of + * operation, or 6 - Certificate is on hold) * @param invalidityDate certificate validity date * @param initiative string containing the audit format * @param req HTTP servlet request * @param resp HTTP servlet response - * @param revokeAll string containing information on all of the - * certificates to be revoked + * @param revokeAll string containing information on all of the certificates + * to be revoked * @param totalRecordCount total number of records (verified and unverified) * @param comments string containing certificate comments * @param locale the system locale * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - int reason, Date invalidityDate, - String initiative, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, - int totalRecordCount, - String comments, - Locale locale) - throws EBaseException { + int reason, Date invalidityDate, String initiative, + HttpServletRequest req, HttpServletResponse resp, String revokeAll, + int totalRecordCount, String comments, Locale locale) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -333,21 +340,20 @@ public class DoRevokeTPS extends CMSServlet { String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(reason); - if (revokeAll != null) { - CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); + CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll); - String serial = ""; + String serial = ""; String[] tokens; tokens = revokeAll.split("="); if (tokens.length == 2) { serial = tokens[1]; - //remove the trailing paren + // remove the trailing paren if (serial.endsWith(")")) { - serial = serial.substring(0,serial.length() -1); + serial = serial.substring(0, serial.length() - 1); } - auditSerialNumber = serial; + auditSerialNumber = serial; } } @@ -393,30 +399,36 @@ public class DoRevokeTPS extends CMSServlet { } X509CertImpl xcert = rec.getCertificate(); IArgBlock rarg = CMS.createArgBlock(); - + // we do not want to revoke the CA certificate accidentially - if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) { - CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber()); + if (xcert != null + && isSystemCertificate(xcert.getSerialNumber())) { + CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + + xcert.getSerialNumber()); badCertsRequested = true; continue; } if (xcert != null) { - rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); + rarg.addStringValue("serialNumber", xcert.getSerialNumber() + .toString(16)); if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) { alreadyRevokedCertFound = true; - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked."); + CMS.debug("Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " has been revoked."); } else { oldCertsV.addElement(xcert); - RevokedCertImpl revCertImpl = - new RevokedCertImpl(xcert.getSerialNumber(), - CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl( + xcert.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); revCertImplsV.addElement(revCertImpl); - CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked."); + CMS.debug("Certificate 0x" + + xcert.getSerialNumber().toString(16) + + " is going to be revoked."); count++; } } else { @@ -424,40 +436,37 @@ public class DoRevokeTPS extends CMSServlet { } } - if (count == 0) { + if (count == 0) { // Situation where no certs were reoked here, but some certs // requested happened to be already revoked. Don't return error. - if (alreadyRevokedCertFound == true && badCertsRequested == false) { - CMS.debug("Only have previously revoked certs in the list."); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); - - audit(auditMessage); - return; + if (alreadyRevokedCertFound == true + && badCertsRequested == false) { + CMS.debug("Only have previously revoked certs in the list."); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditSerialNumber, auditRequestType); + + audit(auditMessage); + return; } - + errorString = "error=No certificates are revoked."; o_status = "status=2"; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } X509CertImpl[] oldCerts = new X509CertImpl[count]; @@ -468,33 +477,30 @@ public class DoRevokeTPS extends CMSServlet { revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i); } - IRequest revReq = - mQueue.newRequest(IRequest.REVOCATION_REQUEST); + IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST); - if(initiative.equals(AuditFormat.FROMUSER)) { - revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE); + if (initiative.equals(AuditFormat.FROMUSER)) { + revReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_EE); } else { - revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_AGENT); } revReq.setExtData(IRequest.OLD_CERTS, oldCerts); if (comments != null) { revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments); } - revReq.setExtData(IRequest.REVOKED_REASON, - Integer.valueOf(reason)); + revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason)); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -512,38 +518,44 @@ public class DoRevokeTPS extends CMSServlet { // The SVC_PENDING check has been added for the Cloned CA request // that is meant for the Master CA. From Clone's point of view // the request is complete - if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { - // audit log the error + if ((stat == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) { + // audit log the error Integer result = revReq.getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = - revReq.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = revReq + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //cmsReq.setErrorDescription(err); + // cmsReq.setErrorDescription(err); for (int j = 0; j < count; j++) { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber() + .toString( + 16), + RevocationReason + .fromInt( + reason) + .toString() }); } } } @@ -554,26 +566,24 @@ public class DoRevokeTPS extends CMSServlet { // store a message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus + .equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } - return; + return; } long endTime = CMS.getCurrentDate().getTime(); @@ -584,93 +594,103 @@ public class DoRevokeTPS extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason) + .toString() + + " time: " + + (endTime - startTime) }); } } } header.addStringValue("revoked", "yes"); - Integer updateCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { o_status = "status=3"; - if (revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) { + if (revReq + .getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) { errorString = "error=Update CRL Error."; // 3 means miscellaneous } } // let known crl publishing status too. - Integer publishCRLResult = - revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = revReq + .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); o_status = "status=3"; if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; } } } } if (mAuthority instanceof ICertificateAuthority) { - // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) + .getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs + .nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = revReq.getExtDataInInteger(updateStatusStr); + Integer updateResult = revReq + .getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (!updateResult.equals(IRequest.RES_SUCCESS)) { - String updateErrorStr = crl.getCrlUpdateErrorStr(); + String updateErrorStr = crl + .getCrlUpdateErrorStr(); - CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", - updateStatusStr)); - String error = - revReq.getExtDataInString(updateErrorStr); + CMS.debug("DoRevoke: " + + CMS.getLogMessage( + "ADMIN_SRVLT_ADDING_HEADER_NO", + updateStatusStr)); + String error = revReq + .getExtDataInString(updateErrorStr); o_status = "status=3"; - if (error != null) { - errorString = "error="+error; + if (error != null) { + errorString = "error=" + error; } } - String publishStatusStr = crl.getCrlPublishStatusStr(); - Integer publishResult = - revReq.getExtDataInInteger(publishStatusStr); + String publishStatusStr = crl + .getCrlPublishStatusStr(); + Integer publishResult = revReq + .getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = crl + .getCrlPublishErrorStr(); - String error = - revReq.getExtDataInString(publishErrorStr); + String error = revReq + .getExtDataInString(publishErrorStr); o_status = "status=3"; if (error != null) { @@ -681,10 +701,11 @@ public class DoRevokeTPS extends CMSServlet { } } - if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null + && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - revReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = revReq + .getExtDataInIntegerArray("ldapPublishStatus"); int certsToUpdate = 0; int certsUpdated = 0; @@ -697,27 +718,30 @@ public class DoRevokeTPS extends CMSServlet { } } - // add crl publishing status. - String publError = - revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + // add crl publishing status. + String publError = revReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { - errorString = "error="+publError; + errorString = "error=" + publError; o_status = "status=3"; } - } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) { + } else if (mPublisherProcessor == null + && mPublisherProcessor.ldapEnabled()) { errorString = "error=LDAP publishing not enabled."; o_status = "status=3"; } } else { - if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) { + if (stat == RequestStatus.PENDING + || stat == RequestStatus.REJECTED) { o_status = "status=2"; - errorString = "error="+stat.toString(); + errorString = "error=" + stat.toString(); } else { o_status = "status=2"; errorString = "error=Undefined request status"; } - Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS); + Vector errors = revReq + .getExtDataInStringVector(IRequest.ERRORS); if (errors != null) { StringBuffer errInfo = new StringBuffer(); @@ -742,17 +766,19 @@ public class DoRevokeTPS extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - revReq.getRequestId(), - initiative, - stat.toString(), - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + revReq.getRequestId(), + initiative, + stat.toString(), + cert.getSubjectDN(), + cert.getSerialNumber().toString(16), + RevocationReason.fromInt(reason) + .toString() }); } } } @@ -762,18 +788,17 @@ public class DoRevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -784,12 +809,9 @@ public class DoRevokeTPS extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -797,21 +819,18 @@ public class DoRevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -819,19 +838,17 @@ public class DoRevokeTPS extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", + e.toString())); if (auditRequest) { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -839,27 +856,25 @@ public class DoRevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } } - throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); + throw new ECMSGWException( + CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED")); } return; @@ -867,11 +882,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -897,11 +912,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -919,8 +934,8 @@ public class DoRevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + + Integer.toHexString(Integer.valueOf(serialNumber) + .intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -930,11 +945,11 @@ public class DoRevokeTPS extends CMSServlet { /** * Signed Audit Log Request Type - * - * This method is called to obtain the "Request Type" for - * a signed audit log message. + * + * This method is called to obtain the "Request Type" for a signed audit log + * message. * <P> - * + * * @param reason an integer denoting the revocation reason * @return string containing REVOKE or ON_HOLD */ @@ -956,4 +971,3 @@ public class DoRevokeTPS extends CMSServlet { return requestType; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java index e1791045..68813478 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * 'Unrevoke' a certificate. (For certificates that are on-hold only, - * take them off-hold) - * + * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them + * off-hold) + * * @version $Revision$, $Date$ */ public class DoUnrevoke extends CMSServlet { @@ -80,29 +78,28 @@ public class DoUnrevoke extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevoke() { super(); } /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority) + .getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -112,14 +109,14 @@ public class DoUnrevoke extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The - * certificate must be revoked with a revovcation reason 'on hold' for this - * operation to succeed. The serial number may be expressed as a hex number by - * prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to + * unrevoke. The certificate must be revoked with a revovcation reason 'on + * hold' for this operation to succeed. The serial number may be expressed + * as a hex number by prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -136,10 +133,10 @@ public class DoUnrevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -149,32 +146,34 @@ public class DoUnrevoke extends CMSServlet { try { serialNumber = getSerialNumbers(req); - //for audit log. + // for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { - authMgr = - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug( "DoUnrevoke::process() - authToken is null!" ); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + } else { + CMS.debug("DoUnrevoke::process() - authToken is null!"); return; } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "unrevoke"); + mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -182,11 +181,14 @@ public class DoUnrevoke extends CMSServlet { return; } - process(argSet, header, serialNumber, req, resp, locale[0], initiative); + process(argSet, header, serialNumber, req, resp, locale[0], + initiative); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -197,44 +199,46 @@ public class DoUnrevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take - * a certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take a + * certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request - * to take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request to + * take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (taken off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (taken off-hold) * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param serialNumbers the serial number of the certificate @@ -245,16 +249,15 @@ public class DoUnrevoke extends CMSServlet { * @exception EBaseException an error has occurred */ private void process(CMSTemplateParams argSet, IArgBlock header, - BigInteger[] serialNumbers, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale, String initiative) - throws EBaseException { + BigInteger[] serialNumbers, HttpServletRequest req, + HttpServletResponse resp, Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); - String auditSerialNumber = auditSerialNumber(serialNumbers[0].toString()); + String auditSerialNumber = auditSerialNumber(serialNumbers[0] + .toString()); String auditRequestType = OFF_HOLD; String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(OFF_HOLD_REASON); @@ -262,32 +265,34 @@ public class DoUnrevoke extends CMSServlet { try { StringBuffer snList = new StringBuffer(); - // certs are for old cloning and they should be removed as soon as possible + // certs are for old cloning and they should be removed as soon as + // possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) snList.append(", "); + certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) + snList.append(", "); snList.append("0x"); snList.append(serialNumbers[i].toString(16)); } header.addStringValue("serialNumber", snList.toString()); - IRequest unrevReq = mQueue.newRequest(IRequest.UNREVOCATION_REQUEST); + IRequest unrevReq = mQueue + .newRequest(IRequest.UNREVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); - unrevReq.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST); + unrevReq.setExtData(IRequest.REQ_TYPE, + IRequest.UNREVOCATION_REQUEST); unrevReq.setExtData(IRequest.OLD_SERIALS, serialNumbers); - unrevReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); + unrevReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_AGENT); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -302,7 +307,8 @@ public class DoUnrevoke extends CMSServlet { RequestStatus status = unrevReq.getRequestStatus(); String type = unrevReq.getRequestType(); - if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { + if ((status == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT); @@ -310,15 +316,11 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "yes"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, new Object[] { + unrevReq.getRequestId(), initiative, + "completed", certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) }); } } else { header.addStringValue("unrevoked", "no"); @@ -327,60 +329,61 @@ public class DoUnrevoke extends CMSServlet { if (error != null) { header.addStringValue("error", error); if (certs[0] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + - error, - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + error, + certs[0].getSubjectDN(), + "0x" + + serialNumbers[0] + .toString(16) }); } /****************************************************/ - - /* IMPORTANT: In the event that the following */ - - /* "throw error;" statement is */ - - /* uncommented, uncomment the following */ - - /* signed audit log message, also!!! */ - + + /* IMPORTANT: In the event that the following */ + + /* "throw error;" statement is */ + + /* uncommented, uncomment the following */ + + /* signed audit log message, also!!! */ + /****************************************************/ - // // store a message in the signed audit log file - // // if and only if "auditApprovalStatus" is - // // "complete", "revoked", or "canceled" - // if( ( auditApprovalStatus.equals( - // RequestStatus.COMPLETE_STRING ) ) || - // ( auditApprovalStatus.equals( - // RequestStatus.REJECTED_STRING ) ) || - // ( auditApprovalStatus.equals( - // RequestStatus.CANCELED_STRING ) ) ) { - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // auditSerialNumber, - // auditRequestType, - // auditReasonNum, - // auditApprovalStatus ); + // // store a message in the signed audit log file + // // if and only if "auditApprovalStatus" is + // // "complete", "revoked", or "canceled" + // if( ( auditApprovalStatus.equals( + // RequestStatus.COMPLETE_STRING ) ) || + // ( auditApprovalStatus.equals( + // RequestStatus.REJECTED_STRING ) ) || + // ( auditApprovalStatus.equals( + // RequestStatus.CANCELED_STRING ) ) ) { + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // auditSerialNumber, + // auditRequestType, + // auditReasonNum, + // auditApprovalStatus ); // - // audit( auditMessage ); - // } + // audit( auditMessage ); + // } - // throw error; + // throw error; } } - Integer updateCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = unrevReq + .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { header.addStringValue("updateCRL", "yes"); @@ -388,91 +391,90 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("updateCRLSuccess", "yes"); } else { header.addStringValue("updateCRLSuccess", "no"); - String crlError = - unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = unrevReq + .getExtDataInString(IRequest.CRL_UPDATE_ERROR); - if (crlError != null) - header.addStringValue("updateCRLError", - crlError); + if (crlError != null) + header.addStringValue("updateCRLError", crlError); } // let known crl publishing status too. - Integer publishCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = unrevReq + .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (publishCRLResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue("publishCRLSuccess", "yes"); } else { header.addStringValue("publishCRLSuccess", "no"); - String publError = - unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = unrevReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); - if (publError != null) - header.addStringValue("publishCRLError", - publError); + if (publError != null) + header.addStringValue("publishCRLError", + publError); } } } - // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) + .getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs + .nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = unrevReq.getExtDataInInteger(updateStatusStr); + Integer updateResult = unrevReq + .getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (updateResult.equals(IRequest.RES_SUCCESS)) { - CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " yes "); + CMS.debug("DoUnrevoke: adding header " + + updateStatusStr + " yes "); header.addStringValue(updateStatusStr, "yes"); } else { String updateErrorStr = crl.getCrlUpdateErrorStr(); - CMS.debug("DoUnrevoke: adding header " + - updateStatusStr + " no "); + CMS.debug("DoUnrevoke: adding header " + + updateStatusStr + " no "); header.addStringValue(updateStatusStr, "no"); - String error = - unrevReq.getExtDataInString(updateErrorStr); + String error = unrevReq + .getExtDataInString(updateErrorStr); - if (error != null) - header.addStringValue( - updateErrorStr, error); + if (error != null) + header.addStringValue(updateErrorStr, error); } String publishStatusStr = crl.getCrlPublishStatusStr(); - Integer publishResult = - unrevReq.getExtDataInInteger(publishStatusStr); + Integer publishResult = unrevReq + .getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (publishResult.equals(IRequest.RES_SUCCESS)) { header.addStringValue(publishStatusStr, "yes"); } else { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = crl + .getCrlPublishErrorStr(); header.addStringValue(publishStatusStr, "no"); - String error = - unrevReq.getExtDataInString(publishErrorStr); + String error = unrevReq + .getExtDataInString(publishErrorStr); - if (error != null) - header.addStringValue( - publishErrorStr, error); + if (error != null) + header.addStringValue(publishErrorStr, error); } } } - if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null + && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = unrevReq + .getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) { @@ -490,30 +492,20 @@ public class DoUnrevoke extends CMSServlet { header.addStringValue("unrevoked", "pending"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "pending", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT, + new Object[] { unrevReq.getRequestId(), initiative, + "pending", certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) }); } } else { header.addStringValue("error", "Request Status.Error"); header.addStringValue("unrevoked", "no"); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - status.toString(), - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT, + new Object[] { unrevReq.getRequestId(), initiative, + status.toString(), certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) }); } } @@ -521,18 +513,17 @@ public class DoUnrevoke extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -542,12 +533,9 @@ public class DoUnrevoke extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -555,21 +543,18 @@ public class DoUnrevoke extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -580,7 +565,7 @@ public class DoUnrevoke extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -601,7 +586,7 @@ public class DoUnrevoke extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -617,11 +602,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -647,11 +632,11 @@ public class DoUnrevoke extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -669,8 +654,8 @@ public class DoUnrevoke extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + + Integer.toHexString(Integer.valueOf(serialNumber) + .intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -678,4 +663,3 @@ public class DoUnrevoke extends CMSServlet { return serialNumber; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java index 8f46ee9c..18eb0fc3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.io.OutputStream; import java.math.BigInteger; @@ -55,11 +54,10 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * 'Unrevoke' a certificate. (For certificates that are on-hold only, - * take them off-hold) - * + * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them + * off-hold) + * * @version $Revision$, $Date$ */ public class DoUnrevokeTPS extends CMSServlet { @@ -81,29 +79,28 @@ public class DoUnrevokeTPS extends CMSServlet { private final static String OFF_HOLD = "off-hold"; private final static int OFF_HOLD_REASON = 6; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; - + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7"; + public DoUnrevokeTPS() { super(); } /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); } if (mAuthority instanceof ICertAuthority) { - mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority) + .getPublisherProcessor(); } mQueue = mAuthority.getRequestQueue(); @@ -112,14 +109,14 @@ public class DoUnrevokeTPS extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The - * certificate must be revoked with a revovcation reason 'on hold' for this - * operation to succeed. The serial number may be expressed as a hex number by - * prefixing '0x' to the serialNumber string + * <li>http.param serialNumber Decimal serial number of certificate to + * unrevoke. The certificate must be revoked with a revovcation reason 'on + * hold' for this operation to succeed. The serial number may be expressed + * as a hex number by prefixing '0x' to the serialNumber string * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -133,53 +130,52 @@ public class DoUnrevokeTPS extends CMSServlet { Locale[] locale = new Locale[1]; -/* - try { - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } -*/ + /* + * try { form = getTemplate(mFormPath, req, locale); } catch + * (IOException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new + * ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } + */ try { serialNumbers = getSerialNumbers(req); - //for audit log. + // for audit log. IAuthToken authToken = authenticate(cmsReq); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { - authMgr = - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - } else { - CMS.debug( "DoUnrevokeTPS::process() - authToken is null!" ); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + } else { + CMS.debug("DoUnrevokeTPS::process() - authToken is null!"); return; - } + } String agentID = authToken.getInString("userid"); String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID - + " authenticated by " + authMgr; + + " authenticated by " + authMgr; AuthzToken authzToken = null; try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "unrevoke"); + mAuthzResourceName, "unrevoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); o_status = "status=3"; errorString = "error=unauthorized"; - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -191,8 +187,10 @@ public class DoUnrevokeTPS extends CMSServlet { process(serialNumbers, req, resp, locale[0], initiative); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } catch (IOException e) { @@ -206,10 +204,10 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error="; } else { o_status = "status=3"; - errorString = "error="+error.toString(); + errorString = "error=" + error.toString(); } - String pp = o_status+"\n"+errorString; + String pp = o_status + "\n" + errorString; byte[] b = pp.getBytes(); resp.setContentType("text/html"); resp.setContentLength(b.length); @@ -217,33 +215,35 @@ public class DoUnrevokeTPS extends CMSServlet { os.write(b); os.flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - /** * Process X509 cert status change request * <P> - * - * (Certificate Request - an "agent" cert status change request to take - * a certificate off-hold) + * + * (Certificate Request - an "agent" cert status change request to take a + * certificate off-hold) * <P> - * - * (Certificate Request Processed - an "agent" cert status change request - * to take a certificate off-hold) + * + * (Certificate Request Processed - an "agent" cert status change request to + * take a certificate off-hold) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when - * a cert status change request (e. g. - "revocation") is made (before + * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used + * when a cert status change request (e. g. - "revocation") is made (before * approval process) - * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED - * used when a certificate status is changed (taken off-hold) + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a + * certificate status is changed (taken off-hold) * </ul> + * * @param serialNumbers the serial number of the certificate * @param req HTTP servlet request * @param resp HTTP servlet response @@ -251,16 +251,15 @@ public class DoUnrevokeTPS extends CMSServlet { * @param initiative string containing the audit format * @exception EBaseException an error has occurred */ - private void process(BigInteger[] serialNumbers, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale, String initiative) - throws EBaseException { + private void process(BigInteger[] serialNumbers, HttpServletRequest req, + HttpServletResponse resp, Locale locale, String initiative) + throws EBaseException { boolean auditRequest = true; String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); - String auditSerialNumber = auditSerialNumber(serialNumbers[0].toString()); + String auditSerialNumber = auditSerialNumber(serialNumbers[0] + .toString()); String auditRequestType = OFF_HOLD; String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE; String auditReasonNum = String.valueOf(OFF_HOLD_REASON); @@ -268,30 +267,32 @@ public class DoUnrevokeTPS extends CMSServlet { try { String snList = ""; - // certs are for old cloning and they should be removed as soon as possible + // certs are for old cloning and they should be removed as soon as + // possible X509CertImpl[] certs = new X509CertImpl[serialNumbers.length]; for (int i = 0; i < serialNumbers.length; i++) { - certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]); - if (snList.length() > 0) snList += ", "; + certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]); + if (snList.length() > 0) + snList += ", "; snList += "0x" + serialNumbers[i].toString(16); } - IRequest unrevReq = mQueue.newRequest(IRequest.UNREVOCATION_REQUEST); + IRequest unrevReq = mQueue + .newRequest(IRequest.UNREVOCATION_REQUEST); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); - unrevReq.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST); + unrevReq.setExtData(IRequest.REQ_TYPE, + IRequest.UNREVOCATION_REQUEST); unrevReq.setExtData(IRequest.OLD_SERIALS, serialNumbers); - unrevReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); + unrevReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_AGENT); // change audit processing from "REQUEST" to "REQUEST_PROCESSED" // to distinguish which type of signed audit log message to save @@ -306,125 +307,125 @@ public class DoUnrevokeTPS extends CMSServlet { RequestStatus status = unrevReq.getRequestStatus(); String type = unrevReq.getRequestType(); - if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { + if ((status == RequestStatus.COMPLETE) + || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) { Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT); if (result != null && result.equals(IRequest.RES_SUCCESS)) { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, new Object[] { + unrevReq.getRequestId(), initiative, + "completed", certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) }); } } else { String error = unrevReq.getExtDataInString(IRequest.ERROR); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; if (certs[0] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "completed with error: " + - error, - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOUNREVOKEFORMAT, + new Object[] { + unrevReq.getRequestId(), + initiative, + "completed with error: " + error, + certs[0].getSubjectDN(), + "0x" + + serialNumbers[0] + .toString(16) }); } } } - Integer updateCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); + Integer updateCRLResult = unrevReq + .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS); if (updateCRLResult != null) { if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) { - String crlError = - unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR); + String crlError = unrevReq + .getExtDataInString(IRequest.CRL_UPDATE_ERROR); if (crlError != null) { o_status = "status=3"; - errorString = "error="+crlError; + errorString = "error=" + crlError; } } // let known crl publishing status too. - Integer publishCRLResult = - unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); + Integer publishCRLResult = unrevReq + .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS); if (publishCRLResult != null) { if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) { - String publError = - unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR); + String publError = unrevReq + .getExtDataInString(IRequest.CRL_PUBLISH_ERROR); if (publError != null) { o_status = "status=3"; - errorString = "error="+publError; + errorString = "error=" + publError; } } } } - // let known update and publish status of all crls. - Enumeration otherCRLs = - ((ICertificateAuthority) mAuthority).getCRLIssuingPoints(); + // let known update and publish status of all crls. + Enumeration otherCRLs = ((ICertificateAuthority) mAuthority) + .getCRLIssuingPoints(); while (otherCRLs.hasMoreElements()) { - ICRLIssuingPoint crl = (ICRLIssuingPoint) - otherCRLs.nextElement(); + ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs + .nextElement(); String crlId = crl.getId(); if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL)) continue; String updateStatusStr = crl.getCrlUpdateStatusStr(); - Integer updateResult = unrevReq.getExtDataInInteger(updateStatusStr); + Integer updateResult = unrevReq + .getExtDataInInteger(updateStatusStr); if (updateResult != null) { if (!updateResult.equals(IRequest.RES_SUCCESS)) { String updateErrorStr = crl.getCrlUpdateErrorStr(); - String error = - unrevReq.getExtDataInString(updateErrorStr); + String error = unrevReq + .getExtDataInString(updateErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; } } String publishStatusStr = crl.getCrlPublishStatusStr(); - Integer publishResult = - unrevReq.getExtDataInInteger(publishStatusStr); + Integer publishResult = unrevReq + .getExtDataInInteger(publishStatusStr); - if (publishResult == null) + if (publishResult == null) continue; if (!publishResult.equals(IRequest.RES_SUCCESS)) { - String publishErrorStr = - crl.getCrlPublishErrorStr(); + String publishErrorStr = crl + .getCrlPublishErrorStr(); - String error = - unrevReq.getExtDataInString(publishErrorStr); + String error = unrevReq + .getExtDataInString(publishErrorStr); if (error != null) { o_status = "status=3"; - errorString = "error="+error; + errorString = "error=" + error; } } } } - if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { - Integer[] ldapPublishStatus = - unrevReq.getExtDataInIntegerArray("ldapPublishStatus"); + if (mPublisherProcessor != null + && mPublisherProcessor.ldapEnabled()) { + Integer[] ldapPublishStatus = unrevReq + .getExtDataInIntegerArray("ldapPublishStatus"); if (ldapPublishStatus != null) { if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) { @@ -432,25 +433,21 @@ public class DoUnrevokeTPS extends CMSServlet { errorString = "error=Problem in publishing to LDAP"; } } - } else if (mPublisherProcessor == null || (! mPublisherProcessor.ldapEnabled())) { + } else if (mPublisherProcessor == null + || (!mPublisherProcessor.ldapEnabled())) { o_status = "status=3"; errorString = "error=LDAP Publisher not enabled"; } } else if (status == RequestStatus.PENDING) { o_status = "status=2"; - errorString = "error="+status.toString(); + errorString = "error=" + status.toString(); if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - "pending", - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT, + new Object[] { unrevReq.getRequestId(), initiative, + "pending", certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) }); } } else { o_status = "status=2"; @@ -458,15 +455,10 @@ public class DoUnrevokeTPS extends CMSServlet { if (certs[0] != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOUNREVOKEFORMAT, - new Object[] { - unrevReq.getRequestId(), - initiative, - status.toString(), - certs[0].getSubjectDN(), - "0x" + serialNumbers[0].toString(16)} - ); + AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT, + new Object[] { unrevReq.getRequestId(), initiative, + status.toString(), certs[0].getSubjectDN(), + "0x" + serialNumbers[0].toString(16) }); } } @@ -474,18 +466,17 @@ public class DoUnrevokeTPS extends CMSServlet { // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) - || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING)) - || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)) - ) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -495,12 +486,9 @@ public class DoUnrevokeTPS extends CMSServlet { // store a "CERT_STATUS_CHANGE_REQUEST" failure // message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType); + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSerialNumber, auditRequestType); audit(auditMessage); } else { @@ -508,21 +496,18 @@ public class DoUnrevokeTPS extends CMSServlet { // message in the signed audit log file // if and only if "auditApprovalStatus" is // "complete", "revoked", or "canceled" - if ((auditApprovalStatus.equals( - RequestStatus.COMPLETE_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.REJECTED_STRING)) || - (auditApprovalStatus.equals( - RequestStatus.CANCELED_STRING))) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditSerialNumber, - auditRequestType, - auditReasonNum, - auditApprovalStatus); + if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.REJECTED_STRING)) + || (auditApprovalStatus + .equals(RequestStatus.CANCELED_STRING))) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditSerialNumber, + auditRequestType, auditReasonNum, + auditApprovalStatus); audit(auditMessage); } @@ -533,7 +518,7 @@ public class DoUnrevokeTPS extends CMSServlet { } private BigInteger[] getSerialNumbers(HttpServletRequest req) - throws NumberFormatException { + throws NumberFormatException { String serialNumString = req.getParameter("serialNumber"); StringTokenizer snList = new StringTokenizer(serialNumString, " "); @@ -554,7 +539,7 @@ public class DoUnrevokeTPS extends CMSServlet { biList.addElement(bi); } else { throw new NumberFormatException(); - } + } } if (biList.size() < 1) { throw new NumberFormatException(); @@ -570,11 +555,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message RequesterID */ @@ -600,11 +585,11 @@ public class DoUnrevokeTPS extends CMSServlet { /** * Signed Audit Log Serial Number - * + * * This method is called to obtain the serial number of the certificate * whose status is to be changed for a signed audit log message. * <P> - * + * * @param eeSerialNumber a string containing the un-normalized serialNumber * @return id string containing the signed audit log message RequesterID */ @@ -622,8 +607,8 @@ public class DoUnrevokeTPS extends CMSServlet { // convert it to hexadecimal serialNumber = "0x" - + Integer.toHexString( - Integer.valueOf(serialNumber).intValue()); + + Integer.toHexString(Integer.valueOf(serialNumber) + .intValue()); } else { serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } @@ -631,4 +616,3 @@ public class DoUnrevokeTPS extends CMSServlet { return serialNumber; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java index b1d89426..0335837d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * For Face-to-face enrollment, enable EE enrollment feature - * + * * @version $Revision$, $Date$ * @see com.netscape.cms.servlet.cert.DisableEnrollResult */ @@ -87,8 +85,7 @@ public class EnableEnrollResult extends CMSServlet { /** * Services the request */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -97,8 +94,8 @@ public class EnableEnrollResult extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "enable"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "enable"); } catch (Exception e) { // do nothing for now } @@ -117,9 +114,10 @@ public class EnableEnrollResult extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -130,10 +128,11 @@ public class EnableEnrollResult extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -149,7 +148,8 @@ public class EnableEnrollResult extends CMSServlet { header.addStringValue("machineName", machine); header.addStringValue("port", port); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -162,7 +162,7 @@ public class EnableEnrollResult extends CMSServlet { String timeout = args.getValueAsString("timeout", "600"); mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000, - random.nextLong() + "", 0); + random.nextLong() + "", 0); header.addStringValue("code", "0"); } @@ -173,10 +173,10 @@ public class EnableEnrollResult extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java index ee64cb94..e58aeb8e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -77,10 +76,9 @@ import com.netscape.cms.servlet.processors.KeyGenProcessor; import com.netscape.cms.servlet.processors.PKCS10Processor; import com.netscape.cms.servlet.processors.PKIProcessor; - /** * Submit a Certificate Enrollment request - * + * * @version $Revision$, $Date$ */ public class EnrollServlet extends CMSServlet { @@ -92,10 +90,9 @@ public class EnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll"; // enrollment templates. - public static final String - ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; + public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -118,8 +115,7 @@ public class EnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller - mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -127,56 +123,46 @@ public class EnrollServlet extends CMSServlet { private boolean enforcePop = false; private String auditServiceID = ILogger.UNIDENTIFIED; - private final static String ADMIN_CA_ENROLLMENT_SERVLET = - "caadminEnroll"; - private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET = - "cabulkissuance"; - private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET = - "rabulkissuance"; - private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET = - "cacertbasedenrollment"; - private final static String EE_CA_ENROLLMENT_SERVLET = - "caenrollment"; - private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET = - "racertbasedenrollment"; - private final static String EE_RA_ENROLLMENT_SERVLET = - "raenrollment"; + private final static String ADMIN_CA_ENROLLMENT_SERVLET = "caadminEnroll"; + private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET = "cabulkissuance"; + private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET = "rabulkissuance"; + private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET = "cacertbasedenrollment"; + private final static String EE_CA_ENROLLMENT_SERVLET = "caenrollment"; + private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET = "racertbasedenrollment"; + private final static String EE_RA_ENROLLMENT_SERVLET = "raenrollment"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated non-profile cert request rejection: " - + "unable to render OLD_CERT_TYPE response", - - /* 1 */ "automated non-profile cert request rejection: " - + "unable to complete handleEnrollAuditLog() method", - - /* 2 */ "automated non-profile cert request rejection: " - + "unable to render success template", - - /* 3 */ "automated non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to an EBaseException" - }; - private final static String - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated non-profile cert request rejection: " + + "unable to render OLD_CERT_TYPE response", + + /* 1 */"automated non-profile cert request rejection: " + + "unable to complete handleEnrollAuditLog() method", + + /* 2 */"automated non-profile cert request rejection: " + + "unable to render success template", + + /* 3 */"automated non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to an EBaseException" }; + private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - + public EnrollServlet() { super(); } /** - * initialize the servlet.<p> - * the following parameters are read from the servlet config: - * <ul><li>CMSServlet.PROP_ID - ID for signed audit log messages - * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file + * initialize the servlet. + * <p> + * the following parameters are read from the servlet config: + * <ul> + * <li>CMSServlet.PROP_ID - ID for signed audit log messages + * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -187,8 +173,8 @@ public class EnrollServlet extends CMSServlet { try { IConfigStore configStore = CMS.getConfigStore(); - String PKI_Subsystem = configStore.getString( "subsystem.0.id", - null ); + String PKI_Subsystem = configStore.getString("subsystem.0.id", + null); // CMS 6.1 began utilizing the "Certificate Profiles" framework // instead of the legacy "Certificate Policies" framework. @@ -199,51 +185,49 @@ public class EnrollServlet extends CMSServlet { // framework would be deprecated and disabled by default // (see Bugzilla Bug #472597). // - // NOTE: The "Certificate Policies" framework ONLY applied to - // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. + // NOTE: The "Certificate Policies" framework ONLY applied to + // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems. // - // Further, the "EnrollServlet.java" servlet is ONLY - // used by the CA for the following: + // Further, the "EnrollServlet.java" servlet is ONLY + // used by the CA for the following: // - // SERVLET-NAME URL-PATTERN - // ==================================================== - // caadminEnroll ca/admin/ca/adminEnroll.html - // cabulkissuance ca/agent/ca/bulkissuance.html - // cacertbasedenrollment ca/certbasedenrollment.html - // caenrollment ca/enrollment.html + // SERVLET-NAME URL-PATTERN + // ==================================================== + // caadminEnroll ca/admin/ca/adminEnroll.html + // cabulkissuance ca/agent/ca/bulkissuance.html + // cacertbasedenrollment ca/certbasedenrollment.html + // caenrollment ca/enrollment.html // - // The "EnrollServlet.java" servlet is NOT used by - // the KRA. + // The "EnrollServlet.java" servlet is NOT used by + // the KRA. // - if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ) { + if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) { String policyStatus = PKI_Subsystem.trim().toLowerCase() - + "." + "Policy" - + "." + IPolicyProcessor.PROP_ENABLE; - - if( configStore.getBoolean( policyStatus, true ) == true ) { - // NOTE: If "<subsystem>.Policy.enable=<boolean>" - // is missing, then the referenced instance - // existed prior to this name=value pair - // existing in its 'CS.cfg' file, and thus - // we err on the side that the user may - // still need to use the policy framework. - CMS.debug( "EnrollServlet::init Certificate " - + "Policy Framework (deprecated) " - + "is ENABLED" ); + + "." + "Policy" + "." + + IPolicyProcessor.PROP_ENABLE; + + if (configStore.getBoolean(policyStatus, true) == true) { + // NOTE: If "<subsystem>.Policy.enable=<boolean>" + // is missing, then the referenced instance + // existed prior to this name=value pair + // existing in its 'CS.cfg' file, and thus + // we err on the side that the user may + // still need to use the policy framework. + CMS.debug("EnrollServlet::init Certificate " + + "Policy Framework (deprecated) " + + "is ENABLED"); } else { - // CS 8.1 Default: <subsystem>.Policy.enable=false - CMS.debug( "EnrollServlet::init Certificate " - + "Policy Framework (deprecated) " - + "is DISABLED" ); + // CS 8.1 Default: <subsystem>.Policy.enable=false + CMS.debug("EnrollServlet::init Certificate " + + "Policy Framework (deprecated) " + + "is DISABLED"); return; } } - } catch( EBaseException e ) { - throw new ServletException( "EnrollServlet::init - " - + "EBaseException: " - + "Unable to initialize " - + "Certificate Policy Framework " - + "(deprecated)" ); + } catch (EBaseException e) { + throw new ServletException("EnrollServlet::init - " + + "EBaseException: " + "Unable to initialize " + + "Certificate Policy Framework " + "(deprecated)"); } // override success template to allow direct import of keygen certs. @@ -254,37 +238,36 @@ public class EnrollServlet extends CMSServlet { String id = sc.getInitParameter(CMSServlet.PROP_ID); if (id != null) { - if (!(auditServiceID.equals( - ADMIN_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_CA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_RA_BULK_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_CA_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - EE_RA_ENROLLMENT_SERVLET))) { + if (!(auditServiceID.equals(ADMIN_CA_ENROLLMENT_SERVLET)) + && !(auditServiceID + .equals(AGENT_CA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID + .equals(AGENT_RA_BULK_ENROLLMENT_SERVLET)) + && !(auditServiceID + .equals(EE_CA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID + .equals(EE_CA_ENROLLMENT_SERVLET)) + && !(auditServiceID + .equals(EE_RA_CERT_BASED_ENROLLMENT_SERVLET)) + && !(auditServiceID + .equals(EE_RA_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); } } - mEnrollSuccessTemplate = sc.getInitParameter( - CMSServlet.PROP_SUCCESS_TEMPLATE); + mEnrollSuccessTemplate = sc + .getInitParameter(CMSServlet.PROP_SUCCESS_TEMPLATE); if (mEnrollSuccessTemplate == null) mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE; - String fillername = sc.getInitParameter( - PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = sc + .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -293,10 +276,10 @@ public class EnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", - e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", + e.toString(), mId)); } } catch (ServletException eAudit1) { // rethrow caught exception @@ -304,64 +287,61 @@ public class EnrollServlet extends CMSServlet { } } - - /** - * XXX (SHOULD CHANGE TO READ FROM Servletconfig) - * Getter method to see if Proof of Posession checking is enabled. - * this value is set in the CMS.cfg filem with the parameter - * "enrollment.enforcePop". It defaults to false - * @return true if user is required to Prove that they possess the - * private key corresponding to the public key in the certificate - * request they are submitting - */ + /** + * XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if + * Proof of Posession checking is enabled. this value is set in the CMS.cfg + * filem with the parameter "enrollment.enforcePop". It defaults to false + * + * @return true if user is required to Prove that they possess the private + * key corresponding to the public key in the certificate request + * they are submitting + */ public boolean getEnforcePop() { return enforcePop; } /** - * Process the HTTP request. - * <UL><LI>If the request is coming through the admin port, it is only - * allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file - * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is - * renamed with more information about the current request ID - * <LI>The request is preprocessed, then processed further in one - * of the cert request processor classes: KeyGenProcessor, PKCS10Processor, - * CMCProcessor, CRMFProcessor - * </UL> - * + * Process the HTTP request. + * <UL> + * <LI>If the request is coming through the admin port, it is only allowed + * to continue if 'admin enrollment' is enabled in the CMS.cfg file + * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread + * is renamed with more information about the current request ID + * <LI>The request is preprocessed, then processed further in one of the + * cert request processor classes: KeyGenProcessor, PKCS10Processor, + * CMCProcessor, CRMFProcessor + * </UL> + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { // SPECIAL CASE: // if it is adminEnroll servlet,check if it's enabled - if (mId.equals(ADMIN_ENROLL_SERVLET_ID) && - !CMSGateway.getEnableAdminEnroll()) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup.")); + if (mId.equals(ADMIN_ENROLL_SERVLET_ID) + && !CMSGateway.getEnableAdminEnroll()) { + log(ILogger.LL_SECURITY, + CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP")); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REDIRECTING_ADMINENROLL_ERROR", + "Attempt to access adminEnroll after already setup.")); } - processX509(cmsReq); + processX509(cmsReq); } private boolean getCertAuthEnrollStatus(IArgBlock httpParams) { /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for single + * cert enrollment dual - it's for dual certs enrollment encryption - + * getting the encryption cert only via authentication of the signing + * cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; - String certAuthEnrollOn = - httpParams.getValueAsString("certauthEnroll", null); + String certAuthEnrollOn = httpParams.getValueAsString("certauthEnroll", + null); if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { certAuthEnroll = true; @@ -372,14 +352,14 @@ public class EnrollServlet extends CMSServlet { } - private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll) - throws EBaseException { + private String getCertAuthEnrollType(IArgBlock httpParams, + boolean certAuthEnroll) throws EBaseException { String certauthEnrollType = null; if (certAuthEnroll == true) { - certauthEnrollType = - httpParams.getValueAsString("certauthEnrollType", null); + certauthEnrollType = httpParams.getValueAsString( + "certauthEnrollType", null); if (certauthEnrollType != null) { if (certauthEnrollType.equals("dual")) { CMS.debug("EnrollServlet: certauthEnrollType is dual"); @@ -388,54 +368,50 @@ public class EnrollServlet extends CMSServlet { } else if (certauthEnrollType.equals("single")) { CMS.debug("EnrollServlet: certauthEnrollType is single"); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", + certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } - + return certauthEnrollType; - + } private boolean checkClientCertSigningOnly(X509Certificate sslClientCert) - throws EBaseException { - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - true) && - (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == - true))) { + throws EBaseException { + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) + || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS + .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } return true; } - - private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert, - ICertificateAuthority mCa, String certBasedOldSubjectDN, - BigInteger certBasedOldSerialNum) - throws EBaseException { - + + private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, + IAuthToken authToken, X509Certificate sslClientCert, + ICertificateAuthority mCa, String certBasedOldSubjectDN, + BigInteger certBasedOldSerialNum) throws EBaseException { + CMS.debug("EnrollServlet: In handleCertAuthDual!"); - + if (mCa == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_A_CA")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_A_CA")); + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a @@ -457,21 +433,28 @@ public class EnrollServlet extends CMSServlet { try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } - String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; - ICertRecordList list = - (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10); + String filter = "(&(x509cert.subject=" + certBasedOldSubjectDN + + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + + "))(certStatus=VALID))"; + ICertRecordList list = (ICertRecordList) mCa.getCertificateRepository() + .findCertRecordsInList(filter, null, 10); int size = list.getSize(); Enumeration en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -484,8 +467,8 @@ public class EnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, - encCertInfo}; + X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, + encCertInfo }; int i = 1; boolean encCertFound = false; @@ -495,9 +478,9 @@ public class EnrollServlet extends CMSServlet { X509CertImpl cert = record.getCertificate(); // if not encryption cert only, try next one - if ((CMS.isEncryptionCert(cert) == false) || - ((CMS.isEncryptionCert(cert) == true) && - (CMS.isSigningCert(cert) == true))) { + if ((CMS.isEncryptionCert(cert) == false) + || ((CMS.isEncryptionCert(cert) == true) && (CMS + .isSigningCert(cert) == true))) { CMS.debug("EnrollServlet: Not encryption only cert, will try next one."); continue; @@ -508,29 +491,33 @@ public class EnrollServlet extends CMSServlet { encCertFound = true; try { - encCertInfo = (X509CertInfo) - cert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + encCertInfo = (X509CertInfo) cert.get(X509CertImpl.NAME + + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); + CMS.getUserMessage("CMS_GW_MISSING_CERTINFO")); } try { - encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); + encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key( + key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!"); @@ -545,16 +532,17 @@ public class EnrollServlet extends CMSServlet { return null; } - CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length); + CMS.debug("EnrollServlet: returning cInfoArray of length " + + cInfoArray.length); return cInfoArray; - } + } } - private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken, - X509CertInfo certInfo, long startTime) - throws EBaseException { - //for audit log + private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, + String authMgr, IAuthToken authToken, X509CertInfo certInfo, + long startTime) throws EBaseException { + // for audit log String initiative = null; String agentID = null; @@ -565,7 +553,7 @@ public class EnrollServlet extends CMSServlet { } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); @@ -575,7 +563,8 @@ public class EnrollServlet extends CMSServlet { // audit log the status try { if (status == RequestStatus.REJECTED) { - Vector messages = req.getExtDataInStringVector(IRequest.ERRORS); + Vector messages = req + .getExtDataInStringVector(IRequest.ERRORS); if (messages != null) { Enumeration msgs = messages.elements(); @@ -585,55 +574,48 @@ public class EnrollServlet extends CMSServlet { wholeMsg.append("\n"); wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + - wholeMsg.toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + wholeMsg.toString() }); } else { // no policy violation, from agent - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" }); } } else { // other imcomplete status long endTime = CMS.getCurrentDate().getTime(); - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + status.toString(), + certInfo.get(X509CertInfo.SUBJECT) + + " time: " + (endTime - startTime), + "" }); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } return false; } @@ -644,40 +626,35 @@ public class EnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); - String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = req + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - certInfo.get(X509CertInfo.SUBJECT), "" - } - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, new Object[] { + req.getRequestId(), initiative, + authMgr, + "completed with error: " + err, + certInfo.get(X509CertInfo.SUBJECT), + "" }); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } @@ -695,29 +672,29 @@ public class EnrollServlet extends CMSServlet { /** * Process X509 certificate enrollment request * <P> - * + * * (Certificate Request - either an "admin" cert request for an admin - * certificate, an "agent" cert request for "bulk enrollment", or - * an "EE" standard cert request) + * certificate, an "agent" cert request for "bulk enrollment", or an "EE" + * standard cert request) * <P> - * + * * (Certificate Request Processed - either an automated "admin" non-profile - * based CA admin cert acceptance, an automated "admin" non-profile based - * CA admin cert rejection, an automated "EE" non-profile based cert - * acceptance, or an automated "EE" non-profile based cert rejection) + * based CA admin cert acceptance, an automated "admin" non-profile based CA + * admin cert rejection, an automated "EE" non-profile based cert + * acceptance, or an automated "EE" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a - * non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when + * a non-profile cert request is made (before approval process) * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq a certificate enrollment request * @exception EBaseException an error has occurred */ - protected void processX509(CMSRequest cmsReq) - throws EBaseException { + protected void processX509(CMSRequest cmsReq) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -735,7 +712,7 @@ public class EnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); - /* XXX shouldn't we read this from ServletConfig at init time? */ + /* XXX shouldn't we read this from ServletConfig at init time? */ enforcePop = configStore.getBoolean("enrollment.enforcePop", false); CMS.debug("EnrollServlet: enforcePop " + enforcePop); @@ -745,19 +722,21 @@ public class EnrollServlet extends CMSServlet { startTime = CMS.getCurrentDate().getTime(); httpParams = cmsReq.getHttpParams(); httpReq = cmsReq.getHttpReq(); - if (mAuthMgr != null) { + if (mAuthMgr != null) { authToken = authenticate(cmsReq); } try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + mAuthzResourceName, "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -765,15 +744,12 @@ public class EnrollServlet extends CMSServlet { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); @@ -793,27 +769,23 @@ public class EnrollServlet extends CMSServlet { } try { - if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { - String currentName = Thread.currentThread().getName(); - - Thread.currentThread().setName(currentName - + "-request-" - + req.getRequestId().toString() - + "-" - + (new Date()).getTime()); + if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { + String currentName = Thread.currentThread().getName(); + + Thread.currentThread().setName( + currentName + "-request-" + + req.getRequestId().toString() + "-" + + (new Date()).getTime()); } } catch (Exception e) { } /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for + * single cert enrollment dual - it's for dual certs enrollment + * encryption - getting the encryption cert only via authentication + * of the signing cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; String certauthEnrollType = null; @@ -823,20 +795,17 @@ public class EnrollServlet extends CMSServlet { try { if (certAuthEnroll == true) { certauthEnrollType = getCertAuthEnrollType(httpParams, - certAuthEnroll); + certAuthEnroll); } } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); @@ -846,7 +815,7 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: In EnrollServlet.processX509!"); CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll); CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType); - + String challengePassword = httpParams.getValueAsString( "challengePassword", ""); @@ -861,96 +830,91 @@ public class EnrollServlet extends CMSServlet { BigInteger certBasedOldSerialNum = null; // check if request was authenticated, if so set authtoken & - // certInfo. also if authenticated, take certInfo from authToken. + // certInfo. also if authenticated, take certInfo from authToken. certInfo = null; if (certAuthEnroll == true) { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); + CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } - certBasedOldSubjectDN = (String) - sslClientCert.getSubjectDN().toString(); - certBasedOldSerialNum = (BigInteger) - sslClientCert.getSerialNumber(); + certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN() + .toString(); + certBasedOldSerialNum = (BigInteger) sslClientCert + .getSerialNumber(); - CMS.debug("EnrollServlet: certBasedOldSubjectDN " + certBasedOldSubjectDN); - CMS.debug("EnrollServlet: certBasedOldSerialNum " + certBasedOldSerialNum); + CMS.debug("EnrollServlet: certBasedOldSubjectDN " + + certBasedOldSubjectDN); + CMS.debug("EnrollServlet: certBasedOldSerialNum " + + certBasedOldSerialNum); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it if (certBasedOldSubjectDN != null) { - // NOTE: This is ok even if the cert subject name - // is "" (empty)! + // NOTE: This is ok even if the cert subject name + // is "" (empty)! auditCertificateSubjectName = certBasedOldSubjectDN.trim(); } try { - certInfo = (X509CertInfo) - ((X509CertImpl) sslClientCert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert) + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); - throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { CMS.debug("EnrollServlet: No CertAuthEnroll."); certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; + X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; X509CertInfo authCertInfo = null; String authMgr = AuditFormat.NOAUTH; // if authentication if (authToken != null) { - authMgr = - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " + - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, + "Enrollment request was authenticated by " + + authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); - PKIProcessor.fillCertInfoFromAuthToken(certInfo, - authToken); + PKIProcessor.fillCertInfoFromAuthToken(certInfo, authToken); // save authtoken attrs to request directly // (for policy use) saveAuthToken(authToken, req); @@ -962,24 +926,21 @@ public class EnrollServlet extends CMSServlet { if (certAuthEnroll == true) { // log(ILogger.LL_DEBUG, - // "just gotten subjectDN and serialNumber " + - // "from ssl client cert"); + // "just gotten subjectDN and serialNumber " + + // "from ssl client cert"); if (authToken == null) { // authToken is null, can't match to anyone; bail! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); @@ -1025,40 +986,40 @@ public class EnrollServlet extends CMSServlet { // ok, if the above fails, it could // be a PKCS10 with header pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST, - false, null); + false, null); // e.printStackTrace(); } } - //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { // coming from server cut & paste blob. - pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST, - false, null); + pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST, false, + null); } catch (Exception ex) { ex.printStackTrace(); } } - + String cmc = null; - String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null); - - if(asciiBASE64Blob!=null) - { - int startIndex = asciiBASE64Blob.indexOf(HEADER); - int endIndex = asciiBASE64Blob.indexOf(TRAILER); - if (startIndex!= -1 && endIndex!=-1) { - startIndex = startIndex + HEADER.length(); - cmc=asciiBASE64Blob.substring(startIndex, endIndex); - }else - cmc = asciiBASE64Blob; - CMS.debug("EnrollServlet: cmc " + cmc); + String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, + null); + + if (asciiBASE64Blob != null) { + int startIndex = asciiBASE64Blob.indexOf(HEADER); + int endIndex = asciiBASE64Blob.indexOf(TRAILER); + if (startIndex != -1 && endIndex != -1) { + startIndex = startIndex + HEADER.length(); + cmc = asciiBASE64Blob.substring(startIndex, endIndex); + } else + cmc = asciiBASE64Blob; + CMS.debug("EnrollServlet: cmc " + cmc); } - + String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); - + CMS.debug("EnrollServlet: crmf " + crmf); if (certAuthEnroll == true) { @@ -1068,27 +1029,24 @@ public class EnrollServlet extends CMSServlet { // for dual certs if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { - CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); + CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); boolean gotEncCert = false; X509CertInfo[] cInfoArray = null; try { cInfoArray = handleCertAuthDual(certInfo, authToken, - sslClientCert, mCa, - certBasedOldSubjectDN, - certBasedOldSerialNum); + sslClientCert, mCa, certBasedOldSubjectDN, + certBasedOldSerialNum); } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditServiceID, + auditCertificateSubjectName); audit(auditMessage); @@ -1096,7 +1054,8 @@ public class EnrollServlet extends CMSServlet { } if (cInfoArray != null && cInfoArray.length != 0) { - CMS.debug("EnrollServlet: cInfoArray Length " + cInfoArray.length); + CMS.debug("EnrollServlet: cInfoArray Length " + + cInfoArray.length); certInfoArray = cInfoArray; gotEncCert = true; @@ -1105,25 +1064,22 @@ public class EnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage( - "CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditServiceID, + auditCertificateSubjectName); audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { @@ -1137,15 +1093,13 @@ public class EnrollServlet extends CMSServlet { } catch (ECMSGWException e) { // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditServiceID, + auditCertificateSubjectName); audit(auditMessage); @@ -1156,49 +1110,47 @@ public class EnrollServlet extends CMSServlet { * either crmf or keyGenInfo */ if (keyGenInfo != null) { - KeyGenProcessor keyGenProc = new KeyGenProcessor(cmsReq, - this); + KeyGenProcessor keyGenProc = new KeyGenProcessor( + cmsReq, this); - keyGenProc.fillCertInfo(null, certInfo, - authToken, httpParams); + keyGenProc.fillCertInfo(null, certInfo, authToken, + httpParams); - req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); - CMS.debug("EnrollServlet: sslClientCert issuerDN = " + - sslClientCert.getIssuerDN().toString()); + req.setExtData(CLIENT_ISSUER, sslClientCert + .getIssuerDN().toString()); + CMS.debug("EnrollServlet: sslClientCert issuerDN = " + + sslClientCert.getIssuerDN().toString()); } else if (crmf != null && crmf != "") { - CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, + this, enforcePop); certInfoArray = crmfProc.fillCertInfoArray(crmf, - authToken, - httpParams, - req); - - req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); - CMS.debug("EnrollServlet: sslClientCert issuerDN = " + - sslClientCert.getIssuerDN().toString()); + authToken, httpParams, req); + + req.setExtData(CLIENT_ISSUER, sslClientCert + .getIssuerDN().toString()); + CMS.debug("EnrollServlet: sslClientCert issuerDN = " + + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditServiceID, + auditCertificateSubjectName); audit(auditMessage); - throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), + "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { @@ -1206,55 +1158,52 @@ public class EnrollServlet extends CMSServlet { // have to be buried here to handle the issuer if (keyGenInfo != null) { - KeyGenProcessor keyGenProc = new KeyGenProcessor(cmsReq, - this); + KeyGenProcessor keyGenProc = new KeyGenProcessor( + cmsReq, this); - keyGenProc.fillCertInfo(null, certInfo, - authToken, httpParams); + keyGenProc.fillCertInfo(null, certInfo, authToken, + httpParams); } else if (pkcs10 != null) { - PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq, - this); + PKCS10Processor pkcs10Proc = new PKCS10Processor( + cmsReq, this); - pkcs10Proc.fillCertInfo(pkcs10, certInfo, - authToken, httpParams); + pkcs10Proc.fillCertInfo(pkcs10, certInfo, authToken, + httpParams); } else if (cmc != null && cmc != "") { - CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop); + CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, + enforcePop); certInfoArray = cmcProc.fillCertInfoArray(cmc, - authToken, - httpParams, - req); + authToken, httpParams, req); } else if (crmf != null && crmf != "") { - CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, + this, enforcePop); certInfoArray = crmfProc.fillCertInfoArray(crmf, - authToken, - httpParams, - req); + authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin - // certificate, an "agent" cert request for - // "bulk enrollment", or an "EE" standard cert request) + // certificate, an "agent" cert request for + // "bulk enrollment", or an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditServiceID, + auditCertificateSubjectName); audit(auditMessage); - throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), + "CMS_GW_MISSING_KEYGEN_INFO")); } - req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() + .toString()); } } else if (keyGenInfo != null) { @@ -1267,63 +1216,63 @@ public class EnrollServlet extends CMSServlet { CMS.debug("EnrollServlet: Trying PKCS10 with no cert auth."); PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq, this); - pkcs10Proc.fillCertInfo(pkcs10, certInfo, authToken, httpParams); + pkcs10Proc + .fillCertInfo(pkcs10, certInfo, authToken, httpParams); } else if (cmc != null) { CMS.debug("EnrollServlet: Trying CMC with no cert auth."); - CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop); + CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, + enforcePop); certInfoArray = cmcProc.fillCertInfoArray(cmc, authToken, - httpParams, req); + httpParams, req); } else if (crmf != null && crmf != "") { CMS.debug("EnrollServlet: Trying CRMF with no cert auth."); - CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, + enforcePop); certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken, - httpParams, req); + httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") + + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); - throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } - // if ca, fill in default signing alg here - + try { - ICertificateAuthority caSub = - (ICertificateAuthority) CMS.getSubsystem("ca"); - if (certInfoArray != null && caSub != null) { - for (int ix = 0; ix < certInfoArray.length; ix++) { - X509CertInfo ci = (X509CertInfo)certInfoArray[ix]; - String defaultSig = caSub.getDefaultAlgorithm(); - AlgorithmId algid = AlgorithmId.get(defaultSig); - ci.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(algid)); + ICertificateAuthority caSub = (ICertificateAuthority) CMS + .getSubsystem("ca"); + if (certInfoArray != null && caSub != null) { + for (int ix = 0; ix < certInfoArray.length; ix++) { + X509CertInfo ci = (X509CertInfo) certInfoArray[ix]; + String defaultSig = caSub.getDefaultAlgorithm(); + AlgorithmId algid = AlgorithmId.get(defaultSig); + ci.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(algid)); + } } - } } catch (Exception e) { - CMS.debug("Failed to set signing alg to certinfo " + e.toString()); + CMS.debug("Failed to set signing alg to certinfo " + + e.toString()); } req.setExtData(IRequest.CERT_INFO, certInfoArray); - if (challengePassword != null && !challengePassword.equals("")) { String pwd = hashPassword(challengePassword); @@ -1332,30 +1281,24 @@ public class EnrollServlet extends CMSServlet { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } catch (EBaseException eAudit1) { // store a message in the signed audit log file // (either an "admin" cert request for an admin certificate, - // an "agent" cert request for "bulk enrollment", or - // an "EE" standard cert request) + // an "agent" cert request for "bulk enrollment", or + // an "EE" standard cert request) auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); @@ -1367,9 +1310,9 @@ public class EnrollServlet extends CMSServlet { // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // do not want any javascript in HTML, and need to @@ -1379,20 +1322,18 @@ public class EnrollServlet extends CMSServlet { renderServerEnrollResult(cmsReq); cmsReq.setStatus(CMSRequest.SUCCESS); // no default render - issuedCerts = - cmsReq.getIRequest().getExtDataInCertArray( - IRequest.ISSUED_CERTS); + issuedCerts = cmsReq.getIRequest().getExtDataInCertArray( + IRequest.ISSUED_CERTS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - // - "accepted") + // - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue(issuedCerts[i])); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue(issuedCerts[i])); audit(auditMessage); } @@ -1401,12 +1342,10 @@ public class EnrollServlet extends CMSServlet { // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); audit(auditMessage); } @@ -1414,19 +1353,16 @@ public class EnrollServlet extends CMSServlet { return; } - boolean completed = handleEnrollAuditLog(req, cmsReq, - mAuthMgr, authToken, - certInfo, startTime); + boolean completed = handleEnrollAuditLog(req, cmsReq, mAuthMgr, + authToken, certInfo, startTime); if (completed == false) { // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[1]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[1]); audit(auditMessage); @@ -1451,38 +1387,34 @@ public class EnrollServlet extends CMSServlet { // audit log the success. long endTime = CMS.getCurrentDate().getTime(); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] - { req.getRequestId(), - initiative, - mAuthMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[0].getSerialNumber().toString(16) + - " time: " + - (endTime - startTime) } - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + mAuthMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber() + .toString(16) + " time: " + + (endTime - startTime) }); // handle initial admin enrollment if in adminEnroll mode. checkAdminEnroll(cmsReq, issuedCerts); // return cert as mime type binary if requested. - if (checkImportCertToNav(cmsReq.getHttpResp(), - httpParams, issuedCerts[0])) { + if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, + issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue(issuedCerts[i])); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue(issuedCerts[i])); audit(auditMessage); } @@ -1492,53 +1424,46 @@ public class EnrollServlet extends CMSServlet { // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, + mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); for (int i = 0; i < issuedCerts.length; i++) { // (automated "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue(issuedCerts[i])); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue(issuedCerts[i])); audit(auditMessage); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMP_REND_ERR", - mEnrollSuccessFiller.toString(), + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[2]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[2]); audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file // (automated "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[3]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[3]); audit(auditMessage); @@ -1549,20 +1474,21 @@ public class EnrollServlet extends CMSServlet { } /** - * check if this is first enroll from admin enroll. - * If so disable admin enroll from here on. + * check if this is first enroll from admin enroll. If so disable admin + * enroll from here on. */ - protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts) - throws EBaseException { + protected void checkAdminEnroll(CMSRequest cmsReq, + X509CertImpl[] issuedCerts) throws EBaseException { // this is special case, get the admin certificate - if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { + if (mAuthMgr != null + && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { addAdminAgent(cmsReq, issuedCerts); CMSGateway.disableAdminEnroll(); } } - protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) - throws EBaseException { + protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) + throws EBaseException { String userid = cmsReq.getHttpParams().getValueAsString("uid"); IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); @@ -1572,14 +1498,12 @@ public class EnrollServlet extends CMSServlet { try { ug.addUserCert(adminuser); } catch (netscape.ldap.LDAPException e) { - CMS.debug( - "EnrollServlet: Cannot add admin's certificate to its entry in the " + - "user group database. Error " + e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); + CMS.debug("EnrollServlet: Cannot add admin's certificate to its entry in the " + + "user group database. Error " + e); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString())); } - IGroup agentGroup = - ug.getGroupFromName(CA_AGENT_GROUP); + IGroup agentGroup = ug.getGroupFromName(CA_AGENT_GROUP); if (agentGroup != null) { // add user to the group if necessary @@ -1587,23 +1511,22 @@ public class EnrollServlet extends CMSServlet { agentGroup.addMemberName(userid); ug.modifyGroup(agentGroup); mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {userid, userid, CA_AGENT_GROUP} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { userid, userid, CA_AGENT_GROUP }); } } else { - String msg = "Cannot add admin to the " + - CA_AGENT_GROUP + - " group: Group does not exist."; + String msg = "Cannot add admin to the " + CA_AGENT_GROUP + + " group: Group does not exist."; CMS.debug("EnrollServlet: " + msg); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR")); } } - protected void renderServerEnrollResult(CMSRequest cmsReq) throws - IOException { + protected void renderServerEnrollResult(CMSRequest cmsReq) + throws IOException { HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); @@ -1618,11 +1541,16 @@ public class EnrollServlet extends CMSServlet { out.println("</TITLE>"); // out.println("<BODY BGCOLOR=white>"); - if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) { + if (cmsReq.getIRequest().getRequestStatus() + .equals(RequestStatus.COMPLETE)) { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1636,25 +1564,30 @@ public class EnrollServlet extends CMSServlet { out.println("Certificate: "); out.println("<P>"); out.println("<PRE>"); - X509CertImpl certs[] = - cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl certs[] = cmsReq.getIRequest().getExtDataInCertArray( + IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); - out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + - CMS.getEncodedCert(certs[0]) + ">"); - } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + + CMS.getEncodedCert(certs[0]) + ">"); + } else if (cmsReq.getIRequest().getRequestStatus() + .equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1665,18 +1598,22 @@ public class EnrollServlet extends CMSServlet { out.println("Request ID: "); out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - localize the message + out.println("Please consult your local administrator for assistance."); // XXX + // - + // localize + // the + // message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1685,62 +1622,55 @@ public class EnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + - cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + cmsReq.getError() + ">"); } /** - // include all the input data - ArgBlock args = cmsReq.getHttpParams(); - Enumeration ele = args.getElements(); - while (ele.hasMoreElements()) { - String eleT = (String)ele.nextElement(); - out.println("<!HTTP_INPUT " + eleT + "=" + - args.get(eleT) + ">"); - } + * // include all the input data ArgBlock args = cmsReq.getHttpParams(); + * Enumeration ele = args.getElements(); while (ele.hasMoreElements()) { + * String eleT = (String)ele.nextElement(); out.println("<!HTTP_INPUT " + * + eleT + "=" + args.get(eleT) + ">"); } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) - throws EBaseException { + private void init_testbed_hack(IConfigStore config) throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } - private void do_testbed_hack( - int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) - throws EBaseException { - if (!mIsTestBed) + private void do_testbed_hack(int nummsgs, X509CertInfo[] certinfo, + IArgBlock httpParams) throws EBaseException { + if (!mIsTestBed) return; - // get around bug in cartman - bits are off by one byte. + // get around bug in cartman - bits are off by one byte. for (int i = 0; i < certinfo.length; i++) { try { X509CertInfo cert = certinfo[i]; - CertificateExtensions exts = (CertificateExtensions) - cert.get(CertificateExtensions.NAME); + CertificateExtensions exts = (CertificateExtensions) cert + .get(CertificateExtensions.NAME); if (exts == null) { // should not happen. continue; } - KeyUsageExtension ext = (KeyUsageExtension) - exts.get(KeyUsageExtension.NAME); + KeyUsageExtension ext = (KeyUsageExtension) exts + .get(KeyUsageExtension.NAME); - if (ext == null) - // should not happen + if (ext == null) + // should not happen continue; byte[] value = ext.getExtensionValue(); @@ -1751,33 +1681,30 @@ public class EnrollServlet extends CMSServlet { newvalue[1] = 0x03; newvalue[2] = 0x07; newvalue[3] = value[3]; - // force encryption certs to have digitial signature + // force encryption certs to have digitial signature // set too so smime can find the cert for encryption. if (value[3] == 0x20) { /* - newvalue[3] = 0x3f; - newvalue[4] = (byte)0x80; + * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80; */ - if (httpParams.getValueAsBoolean( - "dual-use-hack", true)) { + if (httpParams.getValueAsBoolean("dual-use-hack", true)) { newvalue[3] = (byte) 0xE0; // same as rsa-dual-use. } } newvalue[4] = 0; - KeyUsageExtension newext = - new KeyUsageExtension(Boolean.valueOf(true), - (Object) newvalue); + KeyUsageExtension newext = new KeyUsageExtension( + Boolean.valueOf(true), (Object) newvalue); exts.delete(KeyUsageExtension.NAME); exts.set(KeyUsageExtension.NAME, newext); } } catch (IOException e) { - // should never happen + // should never happen continue; } catch (CertificateException e) { - // should never happen + // should never happen continue; } } @@ -1786,11 +1713,11 @@ public class EnrollServlet extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1843,4 +1770,3 @@ public class EnrollServlet extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java index a723cb52..e80b5a7e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; @@ -58,7 +57,6 @@ import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.crypto.CryptoUtil; - /** * Retrieve certificate by serial number. * @@ -83,17 +81,17 @@ public class GetBySerial extends CMSServlet { super(); } - /** + /** * Initialize the servlet. This servlet uses the template file - * "ImportCert.template" to import the cert to the users browser, - * if that is what the user requested + * "ImportCert.template" to import the cert to the users browser, if that is + * what the user requested + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); try { - mImportTemplate = sc.getInitParameter( - PROP_SUCCESS_TEMPLATE); + mImportTemplate = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); mIETemplate = sc.getInitParameter("importCertTemplate"); if (mImportTemplate == null) mImportTemplate = IMPORT_CERT_TEMPLATE; @@ -102,11 +100,12 @@ public class GetBySerial extends CMSServlet { } mImportTemplateFiller = new ImportCertsTemplateFiller(); - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); - ICertificateAuthority mCa = (ICertificateAuthority) CMS.getSubsystem("ca"); + ICertificateAuthority mCa = (ICertificateAuthority) CMS + .getSubsystem("ca"); if (mCa == null) { return; } @@ -115,11 +114,11 @@ public class GetBySerial extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param serialNumber serial number of certificate in HEX + * <li>http.param serialNumber serial number of certificate in HEX * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -135,14 +134,14 @@ public class GetBySerial extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "import"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "import"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -160,20 +159,22 @@ public class GetBySerial extends CMSServlet { serialNo = null; } if (serial == null || serialNo == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER"))); cmsReq.setStatus(CMSRequest.ERROR); return; } ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo); if (certRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", + serialNo.toString(16))); + cmsReq.setError(new ECMSGWException(CMS.getUserMessage( + "CMS_GW_CERT_SERIAL_NOT_FOUND", + "0x" + serialNo.toString(16)))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -181,37 +182,41 @@ public class GetBySerial extends CMSServlet { // if RA, needs requestOwner to match // first, find the user's group if (authToken != null) { - String group = authToken.getInString("group"); - - if ((group != null) && (group != "")) { - CMS.debug("GetBySerial process: auth group="+group); - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - // find the cert record's orig. requestor's group - MetaInfo metai = certRecord.getMetaInfo(); - if (metai != null) { - String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID); - RequestId rid = new RequestId(reqId); - IRequest creq = mReqQ.findRequest(rid); - if (creq != null) { - String reqOwner = creq.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetBySerial process: req owner="+reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } + String group = authToken.getInString("group"); + + if ((group != null) && (group != "")) { + CMS.debug("GetBySerial process: auth group=" + group); + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + // find the cert record's orig. requestor's group + MetaInfo metai = certRecord.getMetaInfo(); + if (metai != null) { + String reqId = (String) metai + .get(ICertRecord.META_REQUEST_ID); + RequestId rid = new RequestId(reqId); + IRequest creq = mReqQ.findRequest(rid); + if (creq != null) { + String reqOwner = creq.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetBySerial process: req owner=" + + reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } + } + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CERT_SERIAL_NOT_FOUND_1", + serialNo.toString(16))); + cmsReq.setError(new ECMSGWException(CMS.getUserMessage( + "CMS_GW_CERT_SERIAL_NOT_FOUND", + "0x" + serialNo.toString(16)))); + cmsReq.setStatus(CMSRequest.ERROR); + return; + } } - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16))); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16)))); - cmsReq.setStatus(CMSRequest.ERROR); - return; - } } - } } X509CertImpl cert = certRecord.getCertificate(); @@ -224,7 +229,8 @@ public class GetBySerial extends CMSServlet { IArgBlock ctx = CMS.createArgBlock(); Locale[] locale = new Locale[1]; CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -235,8 +241,8 @@ public class GetBySerial extends CMSServlet { } userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( + new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); try { @@ -246,8 +252,9 @@ public class GetBySerial extends CMSServlet { byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - - header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str)); + + header.addStringValue("pkcs7", + CryptoUtil.normalizeCertStr(p7Str)); try { CMSTemplate form = getTemplate(mIETemplate, req, locale); ServletOutputStream out = response.getOutputStream(); @@ -256,21 +263,22 @@ public class GetBySerial extends CMSServlet { form.renderOutput(out, argSet); return; } catch (Exception ee) { - CMS.debug("GetBySerial process: Exception="+ee.toString()); + CMS.debug("GetBySerial process: Exception=" + ee.toString()); } - } //browser is IE - + } // browser is IE + MetaInfo metai = certRecord.getMetaInfo(); String crmfReqId = null; if (metai != null) { crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID); - if (crmfReqId != null) + if (crmfReqId != null) cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId); } - if (crmfReqId == null && checkImportCertToNav( - cmsReq.getHttpResp(), cmsReq.getHttpParams(), cert)) { + if (crmfReqId == null + && checkImportCertToNav(cmsReq.getHttpResp(), + cmsReq.getHttpParams(), cert)) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } @@ -283,19 +291,20 @@ public class GetBySerial extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); // XXX follow request in cert record to set certtype, which will - // import cert only if it's client. For now assume "client" if + // import cert only if it's client. For now assume "client" if // someone clicked to import this cert. cmsReq.getHttpParams().set("certType", "client"); try { renderTemplate(cmsReq, mImportTemplate, mImportTemplateFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - + return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java index facf501c..fc393b49 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java @@ -15,10 +15,9 @@ // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- - package com.netscape.cms.servlet.cert; +package com.netscape.cms.servlet.cert; - - import java.io.ByteArrayOutputStream; +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -49,236 +48,242 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - - /** - * Retrieve the Certificates comprising the CA Chain for this CA. - * - * @version $Revision$, $Date$ - */ - public class GetCAChain extends CMSServlet { - /** +/** + * Retrieve the Certificates comprising the CA Chain for this CA. + * + * @version $Revision$, $Date$ + */ +public class GetCAChain extends CMSServlet { + /** * */ - private static final long serialVersionUID = -8189048155415074581L; - private final static String TPL_FILE = "displayCaCert.template"; - private String mFormPath = null; - - public GetCAChain() { - super(); - } - - /** - * initialize the servlet. - * @param sc servlet configuration, read from the web.xml file - */ - public void init(ServletConfig sc) throws ServletException { - super.init(sc); - - // override success to display own output. - mTemplates.remove(CMSRequest.SUCCESS); - // coming from ee - mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - } - - /** - * Process the HTTP request. - * <ul> - * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components - * </ul> - * @param cmsReq the object holding the request and response information - */ - protected void process(CMSRequest cmsReq) - throws EBaseException { - HttpServletRequest httpReq = cmsReq.getHttpReq(); - HttpServletResponse httpResp = cmsReq.getHttpResp(); - - IAuthToken authToken = authenticate(cmsReq); - - // Construct an ArgBlock - IArgBlock args = cmsReq.getHttpParams(); - - // Get the operation code - String op = null; - - op = args.getValueAsString("op", null); - if (op == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); - } - - cmsReq.setStatus(CMSRequest.SUCCESS); - - AuthzToken authzToken = null; - - if (op.startsWith("download")) { - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - downloadChain(op, args, httpReq, httpResp, cmsReq); - } else if (op.startsWith("display")) { - try { - authzToken = mAuthz.authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - displayChain(op, args, httpReq, httpResp, cmsReq); - } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); - } - // cmsReq.setResult(null); - return; - } - - private void downloadChain(String op, - IArgBlock args, - HttpServletRequest httpReq, - HttpServletResponse httpResp, - CMSRequest cmsReq) - throws EBaseException { - - /* check browser info ? */ - - /* check if pkcs7 will work for both nav and ie */ - - byte[] bytes = null; - - /* - * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. - * This means that we can only hand out the root CA, and not - * the whole chain. - */ - - if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) { - X509Certificate[] caCerts = - ((ICertAuthority) mAuthority).getCACertChain().getChain(); - - try { - bytes = caCerts[0].getEncoded(); - } catch (CertificateEncodingException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); - } - } else { - CertificateChain certChain = - ((ICertAuthority) mAuthority).getCACertChain(); - - if (certChain == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); - } - - try { - ByteArrayOutputStream encoded = new ByteArrayOutputStream(); - - certChain.encode(encoded, false); - bytes = encoded.toByteArray(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); - } - } - - String mimeType = null; - - if (op.equals("downloadBIN")) { - mimeType = "application/octet-stream"; - } else { - try { - mimeType = args.getValueAsString("mimeType"); - } catch (EBaseException e) { - mimeType = "application/octet-stream"; - } - } - - try { - if (op.equals("downloadBIN")) { - // file suffixes changed to comply with RFC 5280 - // requirements for AIA extensions - if (clientIsMSIE(httpReq)) { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.cer"); - } else { - httpResp.setHeader("Content-disposition", - "attachment; filename=ca.p7c"); - } - } - httpResp.setContentType(mimeType); - httpResp.getOutputStream().write(bytes); - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().flush(); - } catch (IOException e) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); - } - } - - private void displayChain(String op, - IArgBlock args, - HttpServletRequest httpReq, - HttpServletResponse httpResp, - CMSRequest cmsReq) - throws EBaseException { - String outputString = null; - - CertificateChain certChain = - ((ICertAuthority) mAuthority).getCACertChain(); - - if (certChain == null) { - cmsReq.setStatus(CMSRequest.ERROR); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); - } - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - if (mOutputTemplatePath != null) - mFormPath = mOutputTemplatePath; + private static final long serialVersionUID = -8189048155415074581L; + private final static String TPL_FILE = "displayCaCert.template"; + private String mFormPath = null; + + public GetCAChain() { + super(); + } + + /** + * initialize the servlet. + * + * @param sc servlet configuration, read from the web.xml file + */ + public void init(ServletConfig sc) throws ServletException { + super.init(sc); + + // override success to display own output. + mTemplates.remove(CMSRequest.SUCCESS); + // coming from ee + mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; + } + + /** + * Process the HTTP request. + * <ul> + * <li>http.param op 'downloadBIN' - return the binary certificate chain + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components + * </ul> + * + * @param cmsReq the object holding the request and response information + */ + protected void process(CMSRequest cmsReq) throws EBaseException { + HttpServletRequest httpReq = cmsReq.getHttpReq(); + HttpServletResponse httpResp = cmsReq.getHttpResp(); + + IAuthToken authToken = authenticate(cmsReq); + + // Construct an ArgBlock + IArgBlock args = cmsReq.getHttpParams(); + + // Get the operation code + String op = null; + + op = args.getValueAsString("op", null); + if (op == null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")); + } + + cmsReq.setStatus(CMSRequest.SUCCESS); + + AuthzToken authzToken = null; + + if (op.startsWith("download")) { + try { + authzToken = authorize(mAclMethod, authToken, + mAuthzResourceName, "download"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + downloadChain(op, args, httpReq, httpResp, cmsReq); + } else if (op.startsWith("display")) { + try { + authzToken = mAuthz.authorize(mAclMethod, authToken, + mAuthzResourceName, "read"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); + } + + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + displayChain(op, args, httpReq, httpResp, cmsReq); + } else { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + } + // cmsReq.setResult(null); + return; + } + + private void downloadChain(String op, IArgBlock args, + HttpServletRequest httpReq, HttpServletResponse httpResp, + CMSRequest cmsReq) throws EBaseException { + + /* check browser info ? */ + + /* check if pkcs7 will work for both nav and ie */ + + byte[] bytes = null; + + /* + * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. This + * means that we can only hand out the root CA, and not the whole chain. + */ + + if (clientIsMSIE(httpReq) + && (op.equals("download") || op.equals("downloadBIN"))) { + X509Certificate[] caCerts = ((ICertAuthority) mAuthority) + .getCACertChain().getChain(); + + try { + bytes = caCerts[0].getEncoded(); + } catch (CertificateEncodingException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR")); + } + } else { + CertificateChain certChain = ((ICertAuthority) mAuthority) + .getCACertChain(); + + if (certChain == null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY")); + } + + try { + ByteArrayOutputStream encoded = new ByteArrayOutputStream(); + + certChain.encode(encoded, false); + bytes = encoded.toByteArray(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", + e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + } + } + + String mimeType = null; + + if (op.equals("downloadBIN")) { + mimeType = "application/octet-stream"; + } else { + try { + mimeType = args.getValueAsString("mimeType"); + } catch (EBaseException e) { + mimeType = "application/octet-stream"; + } + } + + try { + if (op.equals("downloadBIN")) { + // file suffixes changed to comply with RFC 5280 + // requirements for AIA extensions + if (clientIsMSIE(httpReq)) { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.cer"); + } else { + httpResp.setHeader("Content-disposition", + "attachment; filename=ca.p7c"); + } + } + httpResp.setContentType(mimeType); + httpResp.getOutputStream().write(bytes); + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().flush(); + } catch (IOException e) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", + e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + } + } + + private void displayChain(String op, IArgBlock args, + HttpServletRequest httpReq, HttpServletResponse httpResp, + CMSRequest cmsReq) throws EBaseException { + String outputString = null; + + CertificateChain certChain = ((ICertAuthority) mAuthority) + .getCACertChain(); + + if (certChain == null) { + cmsReq.setStatus(CMSRequest.ERROR); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + if (mOutputTemplatePath != null) + mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -306,23 +311,25 @@ import com.netscape.cms.servlet.common.ECMSGWException; byte[] bytes = null; try { - subjectdn = - certChain.getFirstCertificate().getSubjectDN().toString(); + subjectdn = certChain.getFirstCertificate().getSubjectDN() + .toString(); ByteArrayOutputStream encoded = new ByteArrayOutputStream(); certChain.encode(encoded); bytes = encoded.toByteArray(); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } String chainBase64 = getBase64(bytes); header.addStringValue("subjectdn", subjectdn); header.addStringValue("chainBase64", chainBase64); - } else { + } else { try { X509Certificate[] certs = certChain.getChain(); @@ -339,13 +346,13 @@ import com.netscape.cms.servlet.common.ECMSGWException; String subjectdn = certs[i].getSubjectDN().toString(); String finger = null; try { - finger = CMS.getFingerPrints(certs[i]); + finger = CMS.getFingerPrints(certs[i]); } catch (Exception e) { throw new IOException("Internal Error"); } - ICertPrettyPrint certDetails = - CMS.getCertPrettyPrint((X509CertImpl) certs[i]); + ICertPrettyPrint certDetails = CMS + .getCertPrettyPrint((X509CertImpl) certs[i]); IArgBlock rarg = CMS.createArgBlock(); @@ -353,14 +360,15 @@ import com.netscape.cms.servlet.common.ECMSGWException; rarg.addStringValue("subjectdn", subjectdn); rarg.addStringValue("base64", getBase64(bytes)); rarg.addStringValue("certDetails", - certDetails.toString(locale[0])); + certDetails.toString(locale[0])); argSet.addRepeatRecord(rarg); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR")); } } @@ -371,10 +379,11 @@ import com.netscape.cms.servlet.common.ECMSGWException; form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } @@ -410,7 +419,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java index 2bbec482..3b87ed5a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve CRL for a Certificate Authority - * + * * @version $Revision$, $Date$ */ public class GetCRL extends CMSServlet { @@ -68,6 +66,7 @@ public class GetCRL extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,15 +78,13 @@ public class GetCRL extends CMSServlet { mFormPath = mOutputTemplatePath; } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information - * @see DisplayCRL#process + * @see DisplayCRL#process */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -96,14 +93,14 @@ public class GetCRL extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -115,9 +112,10 @@ public class GetCRL extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof ICertificateAuthority)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -125,14 +123,15 @@ public class GetCRL extends CMSServlet { CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("**** mFormPath before getTemplate = "+mFormPath); + CMS.debug("**** mFormPath before getTemplate = " + mFormPath); try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -148,16 +147,18 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); op = args.getValueAsString("op", null); crlId = args.getValueAsString("crlIssuingPoint", null); if (op == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlId == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NO_CRL_SELECTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -165,23 +166,25 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); ICRLIssuingPointRecord crlRecord = null; ICertificateAuthority ca = (ICertificateAuthority) mAuthority; ICRLIssuingPoint crlIP = null; - if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId); + if (ca != null) + crlIP = ca.getCRLIssuingPoint(crlId); try { - crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId); + crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository() + .readCRLIssuingPointRecord(crlId); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId)); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_CRL_NOT_FOUND"))); cmsReq.setStatus(CMSRequest.ERROR); return; } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -200,40 +203,43 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); header.addStringValue("crlDisplayType", crlDisplayType); } - if ((op.equals("checkCRLcache") || - (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) && - (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) { - cmsReq.setError( - CMS.getUserMessage( - ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())? - "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); + if ((op.equals("checkCRLcache") || (op.equals("displayCRL") + && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) + && (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP + .isCRLCacheEmpty())) { + cmsReq.setError(CMS.getUserMessage( + ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP + .isCRLCacheEmpty()) ? "CMS_GW_CRL_CACHE_IS_EMPTY" + : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId)); cmsReq.setStatus(CMSRequest.ERROR); return; } byte[] crlbytes = null; - if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("deltaCRL"))) { + if (op.equals("importDeltaCRL") + || op.equals("getDeltaCRL") + || (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType + .equals("deltaCRL"))) { crlbytes = crlRecord.getDeltaCRL(); - } else if (op.equals("importCRL") || op.equals("getCRL") || - op.equals("checkCRL") || - (op.equals("displayCRL") && - crlDisplayType != null && - (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || - crlDisplayType.equals("base64Encoded")))) { + } else if (op.equals("importCRL") + || op.equals("getCRL") + || op.equals("checkCRL") + || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType + .equals("entireCRL") + || crlDisplayType.equals("crlHeader") || crlDisplayType + .equals("base64Encoded")))) { crlbytes = crlRecord.getCRL(); - } - - if (crlbytes == null && (!op.equals("checkCRLcache")) && - (!(op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("cachedCRL")))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + } + + if (crlbytes == null + && (!op.equals("checkCRLcache")) + && (!(op.equals("displayCRL") && crlDisplayType != null && crlDisplayType + .equals("cachedCRL")))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId)); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -241,48 +247,56 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); X509CRLImpl crl = null; - if (op.equals("checkCRL") || op.equals("importCRL") || - op.equals("importDeltaCRL") || - (op.equals("displayCRL") && crlDisplayType != null && - (crlDisplayType.equals("entireCRL") || - crlDisplayType.equals("crlHeader") || - crlDisplayType.equals("base64Encoded") || - crlDisplayType.equals("deltaCRL")))) { + if (op.equals("checkCRL") + || op.equals("importCRL") + || op.equals("importDeltaCRL") + || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType + .equals("entireCRL") + || crlDisplayType.equals("crlHeader") + || crlDisplayType.equals("base64Encoded") || crlDisplayType + .equals("deltaCRL")))) { try { - if (op.equals("displayCRL") && crlDisplayType != null && - crlDisplayType.equals("crlHeader")) { + if (op.equals("displayCRL") && crlDisplayType != null + && crlDisplayType.equals("crlHeader")) { crl = new X509CRLImpl(crlbytes, false); } else { crl = new X509CRLImpl(crlbytes); } } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DECODE_CRL_FAILED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") && - crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) && - ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && - (crlRecord.getCRLNumber() == null || - crlRecord.getDeltaCRLNumber() == null || - crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 || - crlRecord.getDeltaCRLSize() == null || - crlRecord.getDeltaCRLSize().longValue() == -1))) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); + if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") + && crlDisplayType != null && crlDisplayType + .equals("deltaCRL"))) + && ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && (crlRecord + .getCRLNumber() == null + || crlRecord.getDeltaCRLNumber() == null + || crlRecord.getDeltaCRLNumber().compareTo( + crlRecord.getCRLNumber()) < 0 + || crlRecord.getDeltaCRLSize() == null || crlRecord + .getDeltaCRLSize().longValue() == -1))) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_CRL_NOT_UPDATED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } - } + } String mimeType = "application/x-pkcs7-crl"; - if (op.equals("checkCRLcache") || op.equals("checkCRL") || op.equals("displayCRL")) { + if (op.equals("checkCRLcache") || op.equals("checkCRL") + || op.equals("displayCRL")) { header.addStringValue("toDo", op); - String certSerialNumber = args.getValueAsString("certSerialNumber", ""); + String certSerialNumber = args.getValueAsString("certSerialNumber", + ""); header.addStringValue("certSerialNumber", certSerialNumber); if (certSerialNumber.startsWith("0x")) { @@ -290,8 +304,8 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } if (op.equals("checkCRLcache")) { - if (crlIP.getRevocationDateFromCache( - new BigInteger(certSerialNumber), false, false) != null) { + if (crlIP.getRevocationDateFromCache(new BigInteger( + certSerialNumber), false, false) != null) { header.addBooleanValue("isOnCRL", true); } else { header.addBooleanValue("isOnCRL", false); @@ -300,14 +314,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); if (op.equals("checkCRL")) { header.addBooleanValue("isOnCRL", - crl.isRevoked(new BigInteger(certSerialNumber))); + crl.isRevoked(new BigInteger(certSerialNumber))); } if (op.equals("displayCRL")) { - if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) { - ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))? - CMS.getCRLPrettyPrint(crl): - CMS.getCRLCachePrettyPrint(crlIP); + if (crlDisplayType.equals("entireCRL") + || crlDisplayType.equals("cachedCRL")) { + ICRLPrettyPrint crlDetails = (crlDisplayType + .equals("entireCRL")) ? CMS.getCRLPrettyPrint(crl) + : CMS.getCRLCachePrettyPrint(crlIP); String pageStart = args.getValueAsString("pageStart", null); String pageSize = args.getValueAsString("pageSize", null); @@ -315,26 +330,28 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); long lPageStart = new Long(pageStart).longValue(); long lPageSize = new Long(pageSize).longValue(); - if (lPageStart < 1) lPageStart = 1; + if (lPageStart < 1) + lPageStart = 1; - header.addStringValue("crlPrettyPrint", - crlDetails.toString(locale[0], - lCRLSize, lPageStart, lPageSize)); + header.addStringValue("crlPrettyPrint", crlDetails + .toString(locale[0], lCRLSize, lPageStart, + lPageSize)); header.addLongValue("pageStart", lPageStart); header.addLongValue("pageSize", lPageSize); } else { - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0])); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale[0])); } } else if (crlDisplayType.equals("crlHeader")) { ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0)); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale[0], lCRLSize, 0, 0)); } else if (crlDisplayType.equals("base64Encoded")) { try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil + .BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -351,11 +368,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, + length)); i = length; } argSet.addRepeatRecord(rarg); @@ -365,16 +385,17 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); } } else if (crlDisplayType.equals("deltaCRL")) { header.addIntegerValue("deltaCRLSize", - crl.getNumberOfRevokedCertificates()); + crl.getNumberOfRevokedCertificates()); ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl); - header.addStringValue( - "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0)); + header.addStringValue("crlPrettyPrint", + crlDetails.toString(locale[0], 0, 0, 0)); try { byte[] ba = crl.getEncoded(); - String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba); + String crlBase64Encoded = com.netscape.osutil.OSUtil + .BtoA(ba); int length = crlBase64Encoded.length(); int i = 0; int j = 0; @@ -391,11 +412,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); IArgBlock rarg = CMS.createArgBlock(); if (k > -1) { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, k)); i = k + 1; j = i; } else { - rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length)); + rarg.addStringValue("crlBase64Encoded", + crlBase64Encoded.substring(j, + length)); i = length; } argSet.addRepeatRecord(rarg); @@ -413,10 +437,11 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } return; @@ -427,32 +452,34 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath); mimeType = "application/x-pkcs7-crl"; } else if (op.equals("getCRL")) { mimeType = "application/octet-stream"; - httpResp.setHeader("Content-disposition", - "attachment; filename=" + crlId + ".crl"); + httpResp.setHeader("Content-disposition", "attachment; filename=" + + crlId + ".crl"); } else if (op.equals("getDeltaCRL")) { mimeType = "application/octet-stream"; httpResp.setHeader("Content-disposition", - "attachment; filename=delta-" + crlId + ".crl"); + "attachment; filename=delta-" + crlId + ".crl"); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); + CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED")); } try { - // if (clientIsMSIE(httpReq) && op.equals("getCRL")) - // httpResp.setHeader("Content-disposition", - // "attachment; filename=getCRL.crl"); + // if (clientIsMSIE(httpReq) && op.equals("getCRL")) + // httpResp.setHeader("Content-disposition", + // "attachment; filename=getCRL.crl"); httpResp.setContentType(mimeType); httpResp.setContentLength(bytes.length); httpResp.getOutputStream().write(bytes); httpResp.getOutputStream().flush(); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR")); } - // cmsReq.setResult(null); + // cmsReq.setResult(null); cmsReq.setStatus(CMSRequest.SUCCESS); return; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java index 5909bc4b..7dcec5cd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Locale; @@ -52,10 +51,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Gets a issued certificate from a request id. - * + * Gets a issued certificate from a request id. + * * @version $Revision$, $Date$ */ public class GetCertFromRequest extends CMSServlet { @@ -64,27 +62,26 @@ public class GetCertFromRequest extends CMSServlet { */ private static final long serialVersionUID = 5310646832256611066L; private final static String PROP_IMPORT = "importCert"; - protected static final String - GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; - protected static final String - DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; + protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template"; + protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template"; protected static final String REQUEST_ID = "requestId"; protected static final String CERT_TYPE = "certtype"; - protected String mCertFrReqSuccessTemplate = null; + protected String mCertFrReqSuccessTemplate = null; protected ICMSTemplateFiller mCertFrReqFiller = null; protected IRequestQueue mQueue = null; protected boolean mImportCert = true; - public GetCertFromRequest() { + public GetCertFromRequest() { super(); } /** * initialize the servlet. This servlet uses the template files - * "displayCertFromRequest.template" and "ImportCert.template" + * "displayCertFromRequest.template" and "ImportCert.template" + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -92,8 +89,7 @@ public class GetCertFromRequest extends CMSServlet { mTemplates.remove(CMSRequest.SUCCESS); mQueue = mAuthority.getRequestQueue(); try { - String tmp = sc.getInitParameter( - PROP_IMPORT); + String tmp = sc.getInitParameter(PROP_IMPORT); if (tmp != null && tmp.trim().equalsIgnoreCase("false")) mImportCert = false; @@ -102,46 +98,43 @@ public class GetCertFromRequest extends CMSServlet { if (mImportCert) defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE; - else + else defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE; if (mAuthority instanceof IRegistrationAuthority) defTemplate = "/ra/" + defTemplate; - else + else defTemplate = "/ca/" + defTemplate; - mCertFrReqSuccessTemplate = sc.getInitParameter( - PROP_SUCCESS_TEMPLATE); + mCertFrReqSuccessTemplate = sc + .getInitParameter(PROP_SUCCESS_TEMPLATE); if (mCertFrReqSuccessTemplate == null) mCertFrReqSuccessTemplate = defTemplate; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = sc + .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mCertFrReqFiller = filler; } else { mCertFrReqFiller = new CertFrRequestFiller(); } } catch (Exception e) { // should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } } - /** - * Process the HTTP request. + * Process the HTTP request. * <ul> - * <li>http.param requestId The request ID to search on + * <li>http.param requestId The request ID to search on * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -150,14 +143,14 @@ public class GetCertFromRequest extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -165,96 +158,104 @@ public class GetCertFromRequest extends CMSServlet { return; } - String requestId = httpParams.getValueAsString(REQUEST_ID, null); + String requestId = httpParams.getValueAsString(REQUEST_ID, null); if (requestId == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); } // check if request Id is valid. try { Integer.parseInt(requestId); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId)); - throw new EBaseException( - CMS.getUserMessage(getLocale(httpReq), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId)); + throw new EBaseException(CMS.getUserMessage(getLocale(httpReq), + "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); } IRequest r = mQueue.findRequest(new RequestId(requestId)); if (r == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - //if RA, group and requestOwner must match - String group = authToken.getInString("group"); - if ((group != null) && (group != "") && - group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String reqOwner = r.getRequestOwner(); - if (reqOwner != null) { - CMS.debug("GetCertFromRequest process: req owner="+reqOwner); - if (reqOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - CMS.debug("RA group unmatched"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + // if RA, group and requestOwner must match + String group = authToken.getInString("group"); + if ((group != null) && (group != "") + && group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String reqOwner = r.getRequestOwner(); + if (reqOwner != null) { + CMS.debug("GetCertFromRequest process: req owner=" + + reqOwner); + if (reqOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + CMS.debug("RA group unmatched"); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_REQUEST_ID_NOT_FOUND", requestId)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + } } - } } - if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId)); + if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r + .getRequestType().equals(IRequest.RENEWAL_REQUEST)))) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REQUEST_NOT_ENROLLMENT", requestId)); } RequestStatus status = r.getRequestStatus(); if (!status.equals(RequestStatus.COMPLETE)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_REQUEST_NOT_COMPLETED_1", requestId)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REQUEST_NOT_COMPLETED", requestId)); } Integer result = r.getExtDataInInteger(IRequest.RESULT); if (result != null && !result.equals(IRequest.RES_SUCCESS)) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REQUEST_HAD_ERROR", requestId)); } Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (r.getExtDataInString("profile") != null) { // handle profile-based request - X509CertImpl cert = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = r + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); X509CertImpl certs[] = new X509CertImpl[1]; certs[0] = cert; o = certs; } if (o == null || !(o instanceof X509CertImpl[])) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } if (o instanceof X509CertImpl[]) { X509CertImpl[] certs = (X509CertImpl[]) o; if (certs == null || certs.length == 0 || certs[0] == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_REQUEST_HAD_NO_CERTS_1", requestId)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REQUEST_HAD_NO_CERTS", requestId)); } // for importsCert to get the crmf_reqid. @@ -262,58 +263,66 @@ public class GetCertFromRequest extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); - if (mImportCert && - checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) { + if (mImportCert + && checkImportCertToNav(cmsReq.getHttpResp(), httpParams, + certs[0])) { return; } try { cmsReq.setResult(certs); - renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller); + renderTemplate(cmsReq, mCertFrReqSuccessTemplate, + mCertFrReqFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGE_ERROR_DISPLAY_TEMPLATE_1", mCertFrReqSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } } - class CertFrRequestFiller extends ImportCertsTemplateFiller { public CertFrRequestFiller() { } - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { - CMSTemplateParams tparams = - super.getTemplateParams(cmsReq, authority, locale, e); + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) throws Exception { + CMSTemplateParams tparams = super.getTemplateParams(cmsReq, authority, + locale, e); String reqId = cmsReq.getHttpParams().getValueAsString( GetCertFromRequest.REQUEST_ID); - tparams.getHeader().addStringValue(GetCertFromRequest.REQUEST_ID, reqId); + tparams.getHeader() + .addStringValue(GetCertFromRequest.REQUEST_ID, reqId); if (reqId != null) { - IRequest r = authority.getRequestQueue().findRequest(new RequestId(reqId)); + IRequest r = authority.getRequestQueue().findRequest( + new RequestId(reqId)); if (r != null) { boolean noCertImport = true; - String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, + IRequest.CERT_TYPE); if (certType != null && certType.equals(IRequest.CLIENT_CERT)) { noCertImport = false; } - tparams.getHeader().addBooleanValue("noCertImport", noCertImport); + tparams.getHeader().addBooleanValue("noCertImport", + noCertImport); - X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] certs = r + .getExtDataInCertArray(IRequest.ISSUED_CERTS); if (certs != null) { - X509CertInfo info = (X509CertInfo) certs[0].get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); + X509CertInfo info = (X509CertInfo) certs[0] + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateExtensions extensions = (CertificateExtensions) info + .get(X509CertInfo.EXTENSIONS); - tparams.getHeader().addStringValue(GetCertFromRequest.CERT_TYPE, "x509"); + tparams.getHeader().addStringValue( + GetCertFromRequest.CERT_TYPE, "x509"); boolean emailCert = false; @@ -324,16 +333,21 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller { if (ext instanceof NSCertTypeExtension) { NSCertTypeExtension type = (NSCertTypeExtension) ext; - if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue()) + if (((Boolean) type + .get(NSCertTypeExtension.EMAIL)) + .booleanValue()) emailCert = true; } if (ext instanceof KeyUsageExtension) { - KeyUsageExtension usage = - (KeyUsageExtension) ext; + KeyUsageExtension usage = (KeyUsageExtension) ext; try { - if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() || - ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue()) + if (((Boolean) usage + .get(KeyUsageExtension.DIGITAL_SIGNATURE)) + .booleanValue() + || ((Boolean) usage + .get(KeyUsageExtension.DATA_ENCIPHERMENT)) + .booleanValue()) emailCert = true; } catch (ArrayIndexOutOfBoundsException e0) { // bug356108: diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java index 8b5536ea..1e9f9a02 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Servlet to get the enrollment status, enable or disable. - * + * * @version $Revision$, $Date$ */ public class GetEnableStatus extends CMSServlet { @@ -64,7 +62,8 @@ public class GetEnableStatus extends CMSServlet { } /** - * initialize the servlet. + * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -80,15 +79,14 @@ public class GetEnableStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -96,8 +94,8 @@ public class GetEnableStatus extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (Exception e) { // do nothing for now } @@ -113,9 +111,10 @@ public class GetEnableStatus extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IRegistrationAuthority)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -126,11 +125,11 @@ public class GetEnableStatus extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", - mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -142,7 +141,8 @@ public class GetEnableStatus extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; long timeout = HashAuthentication.DEFAULT_TIMEOUT / 1000; @@ -164,10 +164,10 @@ public class GetEnableStatus extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java index 9d83d430..300ba3e0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -49,10 +48,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Get detailed information about CA CRL processing - * + * * @version $Revision$, $Date$ */ public class GetInfo extends CMSServlet { @@ -76,6 +74,7 @@ public class GetInfo extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -90,11 +89,11 @@ public class GetInfo extends CMSServlet { } /** - * XXX Process the HTTP request. + * XXX Process the HTTP request. * <ul> * <li>http.param template filename of template to use to render the result * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -105,14 +104,14 @@ public class GetInfo extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -129,35 +128,33 @@ public class GetInfo extends CMSServlet { String template = req.getParameter("template"); String formFile = ""; -/* - for (int i = 0; ((template != null) && (i < template.length())); i++) { - char c = template.charAt(i); - if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') { - template = null; - break; - } - } -*/ - + /* + * for (int i = 0; ((template != null) && (i < template.length())); i++) + * { char c = template.charAt(i); if (!Character.isLetterOrDigit(c) && c + * != '_' && c != '-') { template = null; break; } } + */ if (template != null) { formFile = template + ".template"; } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } CMSTemplate form = null; Locale[] locale = new Locale[1]; -CMS.debug("*** formFile = "+formFile); + CMS.debug("*** formFile = " + formFile); try { form = getTemplate(formFile, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -172,29 +169,27 @@ CMS.debug("*** formFile = "+formFile); if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - Locale locale) - throws EBaseException { + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { if (mCA != null) { String crlIssuingPoints = ""; String crlNumbers = ""; @@ -207,20 +202,23 @@ CMS.debug("*** formFile = "+formFile); String crlTesting = ""; boolean isDeltaCRLEnabled = false; - String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); - String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); - - if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + String masterHost = CMS.getConfigStore().getString( + "master.ca.agent.host", ""); + String masterPort = CMS.getConfigStore().getString( + "master.ca.agent.port", ""); + + if (masterHost != null && masterHost.length() > 0 + && masterPort != null && masterPort.length() > 0) { ICRLRepository crlRepository = mCA.getCRLRepository(); Vector ipNames = crlRepository.getIssuingPointsNames(); for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); ICRLIssuingPointRecord crlRecord = null; try { - crlRecord = crlRepository.readCRLIssuingPointRecord(ipName); + crlRecord = crlRepository + .readCRLIssuingPointRecord(ipName); } catch (Exception e) { } if (crlRecord != null) { @@ -236,8 +234,8 @@ CMS.debug("*** formFile = "+formFile); if (crlSizes.length() > 0) crlSizes += "+"; - crlSizes += ((crlRecord.getCRLSize() != null)? - crlRecord.getCRLSize().toString(): "-1"); + crlSizes += ((crlRecord.getCRLSize() != null) ? crlRecord + .getCRLSize().toString() : "-1"); if (deltaSizes.length() > 0) deltaSizes += "+"; @@ -304,13 +302,18 @@ CMS.debug("*** formFile = "+formFile); if (recentChanges.length() > 0) recentChanges += "+"; if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_PUBLISHING_STARTED) { - recentChanges += "Publishing CRL #" + ip.getCRLNumber(); + recentChanges += "Publishing CRL #" + + ip.getCRLNumber(); } else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) { - recentChanges += "Creating CRL #" + ip.getNextCRLNumber(); - } else { // ip.CRL_UPDATE_DONE - recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " + - ip.getNumberOfRecentlyUnrevokedCerts() + ", " + - ip.getNumberOfRecentlyExpiredCerts(); + recentChanges += "Creating CRL #" + + ip.getNextCRLNumber(); + } else { // ip.CRL_UPDATE_DONE + recentChanges += ip + .getNumberOfRecentlyRevokedCerts() + + ", " + + ip.getNumberOfRecentlyUnrevokedCerts() + + ", " + + ip.getNumberOfRecentlyExpiredCerts(); } isDeltaCRLEnabled |= ip.isDeltaCRLEnabled(); @@ -326,7 +329,8 @@ CMS.debug("*** formFile = "+formFile); if (crlTesting.length() > 0) crlTesting += "+"; - crlTesting += ((ip.isCRLCacheTestingEnabled())?"1":"0"); + crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" + : "0"); } } @@ -345,11 +349,14 @@ CMS.debug("*** formFile = "+formFile); header.addStringValue("master_host", masterHost); header.addStringValue("master_port", masterPort); - header.addStringValue("masterCRLIssuingPoint", ICertificateAuthority.PROP_MASTER_CRL); - ICRLIssuingPoint ip0 = mCA.getCRLIssuingPoint(ICertificateAuthority.PROP_MASTER_CRL); + header.addStringValue("masterCRLIssuingPoint", + ICertificateAuthority.PROP_MASTER_CRL); + ICRLIssuingPoint ip0 = mCA + .getCRLIssuingPoint(ICertificateAuthority.PROP_MASTER_CRL); if (ip0 != null) { - header.addStringValue("defaultAlgorithm", ip0.getSigningAlgorithm()); + header.addStringValue("defaultAlgorithm", + ip0.getSigningAlgorithm()); } if (recentChanges.length() > 0) diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 645cb831..0922f882 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -85,10 +84,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * performs face-to-face enrollment. - * + * * @version $Revision$, $Date$ */ public class HashEnrollServlet extends CMSServlet { @@ -100,10 +98,9 @@ public class HashEnrollServlet extends CMSServlet { public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll"; // enrollment templates. - public static final String - ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; + public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; - // http params + // http params public static final String OLD_CERT_TYPE = "csrCertType"; public static final String CERT_TYPE = "certType"; // same as in ConfigConstant.java @@ -123,8 +120,7 @@ public class HashEnrollServlet extends CMSServlet { private boolean mAuthTokenOverride = true; private String mEnrollSuccessTemplate = null; - private ICMSTemplateFiller - mEnrollSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); ICertificateAuthority mCa = null; ICertificateRepository mRepository = null; @@ -135,6 +131,7 @@ public class HashEnrollServlet extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -142,17 +139,17 @@ public class HashEnrollServlet extends CMSServlet { // override success template to allow direct import of keygen certs. mTemplates.remove(CMSRequest.SUCCESS); try { - mEnrollSuccessTemplate = sc.getInitParameter( - CMSServlet.PROP_SUCCESS_TEMPLATE); + mEnrollSuccessTemplate = sc + .getInitParameter(CMSServlet.PROP_SUCCESS_TEMPLATE); if (mEnrollSuccessTemplate == null) mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = sc + .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mEnrollSuccessFiller = filler; } @@ -161,20 +158,18 @@ public class HashEnrollServlet extends CMSServlet { init_testbed_hack(mConfig); } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); + // this should never happen. + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -192,8 +187,8 @@ public class HashEnrollServlet extends CMSServlet { IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr; @@ -226,14 +221,15 @@ public class HashEnrollServlet extends CMSServlet { certType = httpParams.getValueAsString(OLD_CERT_TYPE, null); if (certType == null) { certType = httpParams.getValueAsString(CERT_TYPE, "client"); - } else {; - } + } else { + ; + } - processX509(cmsReq); + processX509(cmsReq); } - + private void printError(CMSRequest cmsReq, String errorCode) - throws EBaseException { + throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -253,9 +249,10 @@ public class HashEnrollServlet extends CMSServlet { form = getTemplate(formPath, httpReq, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -267,16 +264,15 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", - e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } } - protected void processX509(CMSRequest cmsReq) - throws EBaseException { + protected void processX509(CMSRequest cmsReq) throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -284,19 +280,16 @@ public class HashEnrollServlet extends CMSServlet { IRequest req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST); /* - * === certAuth based enroll === - * "certAuthEnroll" is on. - * "certauthEnrollType can be one of the three: - * single - it's for single cert enrollment - * dual - it's for dual certs enrollment - * encryption - getting the encryption cert only via - * authentication of the signing cert - * (crmf or keyGenInfo) + * === certAuth based enroll === "certAuthEnroll" is on. + * "certauthEnrollType can be one of the three: single - it's for single + * cert enrollment dual - it's for dual certs enrollment encryption - + * getting the encryption cert only via authentication of the signing + * cert (crmf or keyGenInfo) */ boolean certAuthEnroll = false; - String certAuthEnrollOn = - httpParams.getValueAsString("certauthEnroll", null); + String certAuthEnrollOn = httpParams.getValueAsString("certauthEnroll", + null); X509CertInfo new_certInfo = null; if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) { @@ -307,8 +300,8 @@ public class HashEnrollServlet extends CMSServlet { String certauthEnrollType = null; if (certAuthEnroll == true) { - certauthEnrollType = - httpParams.getValueAsString("certauthEnrollType", null); + certauthEnrollType = httpParams.getValueAsString( + "certauthEnrollType", null); if (certauthEnrollType != null) { if (certauthEnrollType.equals("dual")) { CMS.debug("HashEnrollServlet: certauthEnrollType is dual"); @@ -317,20 +310,22 @@ public class HashEnrollServlet extends CMSServlet { } else if (certauthEnrollType.equals("single")) { CMS.debug("HashEnrollServlet: certauthEnrollType is single"); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", + certauthEnrollType)); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE")); } } else { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); + CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE")); } } - String challengePassword = httpParams.getValueAsString("challengePassword", ""); + String challengePassword = httpParams.getValueAsString( + "challengePassword", ""); cmsReq.setIRequest(req); saveHttpHeaders(httpReq, req); @@ -340,8 +335,8 @@ public class HashEnrollServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, - mAuthzResourceName, "import"); + authzToken = authorize(mAclMethod, token, mAuthzResourceName, + "import"); } catch (Exception e) { // do nothing for now } @@ -356,41 +351,43 @@ public class HashEnrollServlet extends CMSServlet { String certBasedOldSubjectDN = null; BigInteger certBasedOldSerialNum = null; - // check if request was authenticated, if so set authtoken & certInfo. - // also if authenticated, take certInfo from authToken. + // check if request was authenticated, if so set authtoken & certInfo. + // also if authenticated, take certInfo from authToken. X509CertInfo certInfo = null; if (certAuthEnroll == true) { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); + CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT")); } - certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString(); - certBasedOldSerialNum = (BigInteger) sslClientCert.getSerialNumber(); + certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN() + .toString(); + certBasedOldSerialNum = (BigInteger) sslClientCert + .getSerialNumber(); try { - certInfo = (X509CertInfo) - ((X509CertImpl) sslClientCert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert) + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); - throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); } } else { certInfo = CMS.getDefaultX509CertInfo(); } - X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo}; + X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo }; - //AuthToken authToken = access.getAuthToken(); + // AuthToken authToken = access.getAuthToken(); IConfigStore configStore = CMS.getConfigStore(); String val = configStore.getString("hashDirEnrollment.name"); - IAuthSubsystem authSS = (IAuthSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSS = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); IAuthManager authMgr1 = authSS.get(val); HashAuthentication mgr = (HashAuthentication) authMgr1; String pageID = httpParams.getValueAsString("pageID", null); @@ -405,24 +402,22 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.SUCCESS); return; } else { - authMgr = - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); - // don't store agent token in request. - // agent currently used for bulk issuance. + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + // don't store agent token in request. + // agent currently used for bulk issuance. // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - log(ILogger.LL_INFO, - "Enrollment request was authenticated by " + - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); + log(ILogger.LL_INFO, "Enrollment request was authenticated by " + + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); fillCertInfoFromAuthToken(certInfo, authToken); - // save authtoken attrs to request directly (for policy use) + // save authtoken attrs to request directly (for policy use) saveAuthToken(authToken, req); // req.set(IRequest.AUTH_TOKEN, authToken); // } } // fill certInfo from input types: keygen, cmc, pkcs10 or crmf - KeyGenInfo keyGenInfo = - httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null); + KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( + SUBJECT_KEYGEN_INFO, null); String certType = null; @@ -441,8 +436,7 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType); } - String crmf = - httpParams.getValueAsString(CRMF_REQUEST, null); + String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); if (certAuthEnroll == true) { @@ -451,25 +445,21 @@ public class HashEnrollServlet extends CMSServlet { // for dual certs if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { if (mCa == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NOT_A_CA")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_A_CA")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_A_CA")); + CMS.getUserMessage("CMS_GW_NOT_A_CA")); } // first, make sure the client cert is indeed a - // signing only cert - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - true) && - (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == - true))) { + // signing only cert + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) + || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS + .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } X509Key key = null; @@ -478,22 +468,27 @@ public class HashEnrollServlet extends CMSServlet { try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } - String filter = - "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; - ICertRecordList list = - (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, - null, 10); + String filter = "(&(x509cert.subject=" + certBasedOldSubjectDN + + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + + "))(certStatus=VALID))"; + ICertRecordList list = (ICertRecordList) mCa + .getCertificateRepository().findCertRecordsInList( + filter, null, 10); int size = list.getSize(); Enumeration en = list.getCertRecords(0, size - 1); boolean gotEncCert = false; @@ -502,8 +497,8 @@ public class HashEnrollServlet extends CMSServlet { // pairing encryption cert not found } else { X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo(); - X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo, - encCertInfo}; + X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo, + encCertInfo }; int i = 1; while (en.hasMoreElements()) { @@ -511,37 +506,47 @@ public class HashEnrollServlet extends CMSServlet { X509CertImpl cert = record.getCertificate(); // if not encryption cert only, try next one - if ((CMS.isEncryptionCert(cert) == false) || - ((CMS.isEncryptionCert(cert) == true) && - (CMS.isSigningCert(cert) == true))) { + if ((CMS.isEncryptionCert(cert) == false) + || ((CMS.isEncryptionCert(cert) == true) && (CMS + .isSigningCert(cert) == true))) { continue; } key = (X509Key) cert.getPublicKey(); try { - encCertInfo = (X509CertInfo) - cert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + encCertInfo = (X509CertInfo) cert + .get(X509CertImpl.NAME + "." + + X509CertImpl.INFO); } catch (CertificateParsingException ex) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); - throw new ECMSGWException( - CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO")); + CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), + "CMS_GW_MISSING_CERTINFO")); } try { - encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); + encCertInfo.set(X509CertInfo.KEY, + new CertificateX509Key(key)); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString())); + CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", + e.toString())); } fillCertInfoFromAuthToken(encCertInfo, authToken); @@ -555,24 +560,21 @@ public class HashEnrollServlet extends CMSServlet { if (gotEncCert == false) { // encryption cert not found, bail log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); + CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND")); } } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { // first, make sure the client cert is indeed a - // signing only cert - if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - false) || - ((CMS.isSigningCert((X509CertImpl) sslClientCert) == - true) && - (CMS.isEncryptionCert((X509CertImpl) sslClientCert) == - true))) { + // signing only cert + if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false) + || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS + .isEncryptionCert((X509CertImpl) sslClientCert) == true))) { // either it's not a signing cert, or it's a dual cert log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); + CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE")); } /* @@ -580,15 +582,15 @@ public class HashEnrollServlet extends CMSServlet { */ if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); - req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); - CMS.debug( - "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString()); + req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() + .toString()); + CMS.debug("HashEnrollServlet: sslClientCert issuerDN = " + + sslClientCert.getIssuerDN().toString()); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); - throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { // have to be buried here to handle the issuer @@ -596,21 +598,21 @@ public class HashEnrollServlet extends CMSServlet { if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); - throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + throw new ECMSGWException(CMS.getUserMessage( + getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO")); } - req.setExtData(CLIENT_ISSUER, - sslClientCert.getIssuerDN().toString()); + req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN() + .toString()); } } else if (crmf != null && crmf != "") { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), - "CMS_GW_MISSING_KEYGEN_INFO")); + "CMS_GW_MISSING_KEYGEN_INFO")); } req.setExtData(IRequest.CERT_INFO, certInfoArray); @@ -621,9 +623,9 @@ public class HashEnrollServlet extends CMSServlet { req.setExtData(CHALLENGE_PASSWORD, pwd); } - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); - // process result. + // process result. // render OLD_CERT_TYPE's response differently, we // dont want any javascript in HTML, and need to @@ -638,27 +640,28 @@ public class HashEnrollServlet extends CMSServlet { return; } - //for audit log + // for audit log String initiative = null; String agentID = null; if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - // request is from eegateway, so fromUser. + // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } else { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - } + } // if service not complete return standard templates. RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { cmsReq.setIRequestStatus(); // set status acc. to IRequest status. - // audit log the status + // audit log the status try { if (status == RequestStatus.REJECTED) { - Vector messages = req.getExtDataInStringVector(IRequest.ERRORS); + Vector messages = req + .getExtDataInStringVector(IRequest.ERRORS); if (messages != null) { Enumeration msgs = messages.elements(); @@ -668,52 +671,42 @@ public class HashEnrollServlet extends CMSServlet { wholeMsg.append("\n"); wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), - " violation: " + - wholeMsg.toString()}, - ILogger.L_MULTILINE - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + certInfo.get(X509CertInfo.SUBJECT), + " violation: " + wholeMsg.toString() }, + ILogger.L_MULTILINE); } else { // no policy violation, from agent - mLogger.log(ILogger.EV_AUDIT, + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" }); + } + } else { // other imcomplete status + mLogger.log( + ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); - } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + certInfo.get(X509CertInfo.SUBJECT), "" }); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } return; } @@ -724,39 +717,35 @@ public class HashEnrollServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); - String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = req + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); // audit log the error try { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - certInfo.get(X509CertInfo.SUBJECT), ""} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, new Object[] { + req.getRequestId(), initiative, + authMgr, + "completed with error: " + err, + certInfo.get(X509CertInfo.SUBJECT), + "" }); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString())); } } @@ -767,144 +756,143 @@ public class HashEnrollServlet extends CMSServlet { // service success cmsReq.setStatus(CMSRequest.SUCCESS); - X509CertImpl[] issuedCerts = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] issuedCerts = req + .getExtDataInCertArray(IRequest.ISSUED_CERTS); // audit log the success. - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[0].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[0].getSerialNumber().toString(16)} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[0].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[0].getSerialNumber().toString(16) }); // return cert as mime type binary if requested. - if (checkImportCertToNav( - cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { + if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, + issuedCerts[0])) { cmsReq.setStatus(CMSRequest.SUCCESS); return; } - + // use success template. try { - cmsReq.setResult(issuedCerts); - renderTemplate(cmsReq, mEnrollSuccessTemplate, - mEnrollSuccessFiller); - cmsReq.setStatus(CMSRequest.SUCCESS); + cmsReq.setResult(issuedCerts); + renderTemplate(cmsReq, mEnrollSuccessTemplate, mEnrollSuccessFiller); + cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMP_REND_ERR", + mEnrollSuccessFiller.toString(), e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); + CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR")); } return; } /** - * fill subject name, validity, extensions from authoken if any, - * overriding what was in pkcs10. - * fill subject name, extensions from http input if not authenticated. - * requests not authenticated will need to be approved by an agent. + * fill subject name, validity, extensions from authoken if any, overriding + * what was in pkcs10. fill subject name, extensions from http input if not + * authenticated. requests not authenticated will need to be approved by an + * agent. */ - protected void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + protected void fillCertInfoFromAuthToken(X509CertInfo certInfo, + IAuthToken authToken) throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. - // take key from keygen, cmc, pkcs10 or crmf. + // take key from keygen, cmc, pkcs10 or crmf. // subject name. try { - String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + String subjectname = authToken + .getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { - CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName( + new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + log(ILogger.LL_INFO, "cert subject set to " + certSubject + + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = authToken + .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + log(ILogger.LL_INFO, "cert validity set to " + validity + + " from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } - + // extensions try { - CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = authToken + .getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); log(ILogger.LL_INFO, "cert extensions set from authtoken"); } } catch (CertificateException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", - e.toString())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } - protected X509CertInfo[] fillCRMF( - String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + protected X509CertInfo[] fillCRMF(String crmf, IAuthToken authToken, + IArgBlock httpParams, IRequest req) throws EBaseException { try { byte[] crmfBlob = CMS.AtoB(crmf); - ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); - - SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob); + + SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( + new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -914,17 +902,11 @@ public class HashEnrollServlet extends CMSServlet { CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); /* - if (certReqMsg.hasPop()) { - try { - certReqMsg.verify(); - } catch (ChallengeResponseException ex) { - // create and save the challenge - // construct the cmmf message together - // in a sequence to challenge the requestor - } catch (Exception e) { - // failed, should only affect one request - } - } + * if (certReqMsg.hasPop()) { try { certReqMsg.verify(); } catch + * (ChallengeResponseException ex) { // create and save the + * challenge // construct the cmmf message together // in a + * sequence to challenge the requestor } catch (Exception e) { + * // failed, should only affect one request } } */ CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); @@ -948,95 +930,94 @@ public class HashEnrollServlet extends CMSServlet { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 - if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null + || certTemplate.getNotAfter() != null) { + CertificateValidity certValidity = new CertificateValidity( + certTemplate.getNotBefore(), + certTemplate.getNotAfter()); - certInfo.set(X509CertInfo.VALIDITY, certValidity); + certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { - // No subject name - error! - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + certInfo.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(subject)); + } else if (authToken == null + || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + // No subject name - error! + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } - // get extensions + // get extensions CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { extensions = null; } if (certTemplate.hasExtensions()) { - // put each extension from CRMF into CertInfo. - // index by extension name, consistent with + // put each extension from CRMF into CertInfo. + // index by extension name, consistent with // CertificateExtensions.parseExtension() method. - if (extensions == null) + if (extensions == null) extensions = new CertificateExtensions(); int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = certTemplate + .extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext + .getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); - ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext + .getExtnValue(); + ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = - new Extension(oid, isCritical, extValue); + Extension ext = new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } - // Added a new configuration parameter + // Added a new configuration parameter // eeGateway.Enrollment.authTokenOverride=[true|false] // By default, it is set to true. In most // of the case, administrator would want // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { - // if authenticated override subect name, validity and + if (authToken != null + && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); } @@ -1048,32 +1029,34 @@ public class HashEnrollServlet extends CMSServlet { return certInfoArray; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", - e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } - protected void renderServerEnrollResult(CMSRequest cmsReq) throws - IOException { + protected void renderServerEnrollResult(CMSRequest cmsReq) + throws IOException { HttpServletResponse httpResp = cmsReq.getHttpResp(); httpResp.setContentType("text/html"); @@ -1088,11 +1071,16 @@ public class HashEnrollServlet extends CMSServlet { out.println("</TITLE>"); // out.println("<BODY BGCOLOR=white>"); - if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) { + if (cmsReq.getIRequest().getRequestStatus() + .equals(RequestStatus.COMPLETE)) { out.println("<H1>"); out.println("SUCCESS"); out.println("</H1>"); - out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message + out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1106,25 +1094,30 @@ public class HashEnrollServlet extends CMSServlet { out.println("Certificate: "); out.println("<P>"); out.println("<PRE>"); - X509CertImpl certs[] = - cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl certs[] = cmsReq.getIRequest().getExtDataInCertArray( + IRequest.ISSUED_CERTS); out.println(CMS.getEncodedCert(certs[0])); out.println("</PRE>"); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); - out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + - CMS.getEncodedCert(certs[0]) + ">"); - } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) { + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" + + CMS.getEncodedCert(certs[0]) + ">"); + } else if (cmsReq.getIRequest().getRequestStatus() + .equals(RequestStatus.PENDING)) { out.println("<H1>"); out.println("PENDING"); out.println("</H1>"); - out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message + out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX + // - + // localize + // the + // message out.println("<P>"); out.println("Request Creation Time: "); out.println(cmsReq.getIRequest().getCreationTime().toString()); @@ -1135,18 +1128,22 @@ public class HashEnrollServlet extends CMSServlet { out.println("Request ID: "); out.println(cmsReq.getIRequest().getRequestId().toString()); out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + - cmsReq.getIRequest().getCreationTime().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT REQUEST_ID=" + - cmsReq.getIRequest().getRequestId().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" + + cmsReq.getIRequest().getCreationTime().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_ID=" + + cmsReq.getIRequest().getRequestId().toString() + ">"); } else { out.println("<H1>"); out.println("ERROR"); out.println("</H1>"); out.println("<!INFO>"); - out.println("Please consult your local administrator for assistance."); // XXX - localize the message + out.println("Please consult your local administrator for assistance."); // XXX + // - + // localize + // the + // message out.println("<!/INFO>"); out.println("<P>"); out.println("Request Status: "); @@ -1155,62 +1152,55 @@ public class HashEnrollServlet extends CMSServlet { out.println("Error: "); out.println(cmsReq.getError()); // XXX - need to parse in Locale out.println("<P>"); - out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + - cmsReq.getStatus().toString() + ">"); - out.println("<!HTTP_OUTPUT ERROR=" + - cmsReq.getError() + ">"); + out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + + cmsReq.getStatus().toString() + ">"); + out.println("<!HTTP_OUTPUT ERROR=" + cmsReq.getError() + ">"); } /** - // include all the input data - IArgBlock args = cmsReq.getHttpParams(); - Enumeration ele = args.getElements(); - while (ele.hasMoreElements()) { - String eleT = (String)ele.nextElement(); - out.println("<!HTTP_INPUT " + eleT + "=" + - args.get(eleT) + ">"); - } + * // include all the input data IArgBlock args = + * cmsReq.getHttpParams(); Enumeration ele = args.getElements(); while + * (ele.hasMoreElements()) { String eleT = (String)ele.nextElement(); + * out.println("<!HTTP_INPUT " + eleT + "=" + args.get(eleT) + ">"); } **/ out.println("</HTML>"); } - // XXX ALERT !! - // Remove the following and calls to them when we bundle a cartman - // later than alpha1. - // These are here to cover up problem in cartman where the - // key usage extension always ends up being digital signature only + // XXX ALERT !! + // Remove the following and calls to them when we bundle a cartman + // later than alpha1. + // These are here to cover up problem in cartman where the + // key usage extension always ends up being digital signature only // and for rsa-ex ends up having no bits set. private boolean mIsTestBed = false; - private void init_testbed_hack(IConfigStore config) - throws EBaseException { + private void init_testbed_hack(IConfigStore config) throws EBaseException { mIsTestBed = config.getBoolean("isTestBed", true); } - private void do_testbed_hack( - int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) - throws EBaseException { - if (!mIsTestBed) + private void do_testbed_hack(int nummsgs, X509CertInfo[] certinfo, + IArgBlock httpParams) throws EBaseException { + if (!mIsTestBed) return; - // get around bug in cartman - bits are off by one byte. + // get around bug in cartman - bits are off by one byte. for (int i = 0; i < certinfo.length; i++) { try { X509CertInfo cert = certinfo[i]; - CertificateExtensions exts = (CertificateExtensions) - cert.get(CertificateExtensions.NAME); + CertificateExtensions exts = (CertificateExtensions) cert + .get(CertificateExtensions.NAME); if (exts == null) { // should not happen. continue; } - KeyUsageExtension ext = (KeyUsageExtension) - exts.get(KeyUsageExtension.NAME); + KeyUsageExtension ext = (KeyUsageExtension) exts + .get(KeyUsageExtension.NAME); - if (ext == null) - // should not happen + if (ext == null) + // should not happen continue; byte[] value = ext.getExtensionValue(); @@ -1221,36 +1211,32 @@ public class HashEnrollServlet extends CMSServlet { newvalue[1] = 0x03; newvalue[2] = 0x07; newvalue[3] = value[3]; - // force encryption certs to have digitial signature + // force encryption certs to have digitial signature // set too so smime can find the cert for encryption. if (value[3] == 0x20) { /* - newvalue[3] = 0x3f; - newvalue[4] = (byte)0x80; + * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80; */ - if (httpParams.getValueAsBoolean( - "dual-use-hack", true)) { + if (httpParams.getValueAsBoolean("dual-use-hack", true)) { newvalue[3] = (byte) 0xE0; // same as rsa-dual-use. } } newvalue[4] = 0; - KeyUsageExtension newext = - new KeyUsageExtension(Boolean.valueOf(true), - (Object) newvalue); + KeyUsageExtension newext = new KeyUsageExtension( + Boolean.valueOf(true), (Object) newvalue); exts.delete(KeyUsageExtension.NAME); exts.set(KeyUsageExtension.NAME, newext); } } catch (IOException e) { - // should never happen + // should never happen continue; } catch (CertificateException e) { - // should never happen + // should never happen continue; } } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java index 75726730..8f1e57c4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.StringReader; @@ -58,25 +57,25 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** * Set up HTTP response to import certificate into browsers * - * The result must have been populate with the set of certificates - * to return. + * The result must have been populate with the set of certificates to return. + * * <pre> * inputs: certtype. * outputs: - * - cert type from http input (if any) + * - cert type from http input (if any) * - CA chain - * - authority name (RM, CM, DRM) + * - authority name (RM, CM, DRM) * - scheme:host:port of server. - * array of one or more + * array of one or more * - cert serial number * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * - cert in base 64 encoding. + * - cmmf blob to import * </pre> + * * @version $Revision$, $Date$ */ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { @@ -88,7 +87,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco public static final String CERT_NICKNAME = "certNickname"; public static final String CMMF_RESP = "cmmfResponse"; - public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE + public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE public ImportCertsTemplateFiller() { } @@ -99,33 +98,31 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) throws Exception { Certificate[] certs = (Certificate[]) cmsReq.getResult(); if (certs instanceof X509CertImpl[]) - return getX509TemplateParams(cmsReq, authority, locale, e); + return getX509TemplateParams(cmsReq, authority, locale, e); else return null; } - - public CMSTemplateParams getX509TemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + + public CMSTemplateParams getX509TemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) throws Exception { IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, fixed); - // set host name and port. + // set host name and port. HttpServletRequest httpReq = cmsReq.getHttpReq(); String host = httpReq.getServerName(); int port = httpReq.getServerPort(); String scheme = httpReq.getScheme(); String format = httpReq.getParameter("format"); - if(format!=null && format.equals("cmc")) + if (format != null && format.equals("cmc")) fixed.set("importCMC", "false"); - String agentPort = ""+port; + String agentPort = "" + port; fixed.set("agentHost", host); fixed.set("agentPort", agentPort); fixed.set(ICMSTemplateFiller.HOST, host); @@ -134,7 +131,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { IRequest r = cmsReq.getIRequest(); if (r != null) { - fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId().toString()); + fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId() + .toString()); } // set key record (if KRA enabled) @@ -142,53 +140,53 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { BigInteger keyRecSerialNo = r.getExtDataInBigInteger("keyRecord"); if (keyRecSerialNo != null) { - fixed.set(ICMSTemplateFiller.KEYREC_ID, keyRecSerialNo.toString()); + fixed.set(ICMSTemplateFiller.KEYREC_ID, + keyRecSerialNo.toString()); } } // set cert type. IArgBlock httpParams = cmsReq.getHttpParams(); - String certType = - httpParams.getValueAsString(CERT_TYPE, null); + String certType = httpParams.getValueAsString(CERT_TYPE, null); - if (certType != null) + if (certType != null) fixed.set(CERT_TYPE, certType); - // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + // this authority + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // CA chain. - CertificateChain cachain = - ((ICertAuthority) authority).getCACertChain(); + CertificateChain cachain = ((ICertAuthority) authority) + .getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); String replyTo = httpParams.getValueAsString("replyTo", null); - if (replyTo != null) fixed.set("replyTo", replyTo); + if (replyTo != null) + fixed.set("replyTo", replyTo); - // set user + CA cert chain and pkcs7 for MSIE. + // set user + CA cert chain and pkcs7 for MSIE. X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; int m = 1, n = 0; - for (; n < cacerts.length; m++, n++) + for (; n < cacerts.length; m++, n++) userChain[m] = (X509CertImpl) cacerts[n]; - // certs. + // certs. X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult(); // expose CRMF request id String crmfReqId = cmsReq.getExtData(IRequest.CRMF_REQID); if (crmfReqId == null) { - crmfReqId = (String) cmsReq.getResult( - IRequest.CRMF_REQID); + crmfReqId = (String) cmsReq.getResult(IRequest.CRMF_REQID); } if (crmfReqId != null) { fixed.set(CRMF_REQID, crmfReqId); } - // set CA certs in cmmf, initialize CertRepContent + // set CA certs in cmmf, initialize CertRepContent // note cartman can't trust ca certs yet but it'll import them. // also set cert nickname for cartman. CertRepContent certRepContent = null; @@ -196,33 +194,31 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { if (CMSServlet.doCMMFResponse(httpParams)) { byte[][] caPubs = new byte[cacerts.length][]; - for (int j = 0; j < cacerts.length; j++) + for (int j = 0; j < cacerts.length; j++) caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); certRepContent = new CertRepContent(caPubs); - String certnickname = - cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null); + String certnickname = cmsReq.getHttpParams().getValueAsString( + CERT_NICKNAME, null); // if nickname is not requested set to subject name by default. - if (certnickname == null) + if (certnickname == null) fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString()); else fixed.set(CERT_NICKNAME, certnickname); } - // make pkcs7 for MSIE - if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && - (certType == null || certType.equals("client"))) { + // make pkcs7 for MSIE + if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) + && (certType == null || certType.equals("client"))) { userChain[0] = certs[0]; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - userChain, - new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( + new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - // String p7Str = encoder.encodeBuffer(p7Bytes); + // String p7Str = encoder.encodeBuffer(p7Bytes); String p7Str = CMS.BtoA(p7Bytes); header.set(PKCS7_RESP, p7Str); @@ -234,24 +230,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { X509CertImpl cert = certs[i]; // set serial number. - BigInteger serialNo = - ((X509Certificate) cert).getSerialNumber(); + BigInteger serialNo = ((X509Certificate) cert).getSerialNumber(); repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16); // set base64 encoded blob. byte[] certEncoded = cert.getEncoded(); - // String b64 = encoder.encodeBuffer(certEncoded); + // String b64 = encoder.encodeBuffer(certEncoded); String b64 = CMS.BtoA(certEncoded); - String b64cert = "-----BEGIN CERTIFICATE-----\n" + - b64 + "\n-----END CERTIFICATE-----"; + String b64cert = "-----BEGIN CERTIFICATE-----\n" + b64 + + "\n-----END CERTIFICATE-----"; repeat.set(BASE64_CERT, b64cert); - + // set cert pretty print. - - String prettyPrintRequested = - cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null); + + String prettyPrintRequested = cmsReq.getHttpParams() + .getValueAsString(CERT_PRETTYPRINT, null); if (prettyPrintRequested == null) { prettyPrintRequested = "true"; @@ -266,21 +261,21 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { repeat.set(CERT_PRETTYPRINT, ppStr); // Now formulate a PKCS#7 blob - X509CertImpl[] certsInChain = new X509CertImpl[1];; + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { if (cert.equals(cacerts[j])) { - certsInChain = new - X509CertImpl[cacerts.length]; + certsInChain = new X509CertImpl[cacerts.length]; break; } certsInChain = new X509CertImpl[cacerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = cert; - + // Set the Ca certificate chain if (cacerts != null) { for (int j = 0; j < cacerts.length; j++) { @@ -292,23 +287,21 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), - certsInChain, - new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( + new byte[0]), certsInChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); - //p7Str = encoder.encodeBuffer(p7Bytes); + // p7Str = encoder.encodeBuffer(p7Bytes); p7Str = CMS.BtoA(p7Bytes); repeat.addStringValue("pkcs7ChainBase64", p7Str); } catch (Exception ex) { - //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() - //+ "; Please contact your administrator"; + // p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() + // + "; Please contact your administrator"; throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } // set cert fingerprint (for Cisco routers) @@ -318,25 +311,24 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { fingerprint = CMS.getFingerPrints(cert); } catch (CertificateEncodingException ex) { // should never happen - throw new EBaseException( - CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString())); + throw new EBaseException(CMS.getUserMessage(locale, + "CMS_BASE_INTERNAL_ERROR", ex.toString())); } catch (NoSuchAlgorithmException ex) { // should never happen - throw new EBaseException( - CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString())); + throw new EBaseException(CMS.getUserMessage(locale, + "CMS_BASE_INTERNAL_ERROR", ex.toString())); } - if (fingerprint != null && fingerprint.length() > 0) + if (fingerprint != null && fingerprint.length() > 0) repeat.set(CERT_FINGERPRINT, fingerprint); - // cmmf response for this cert. - if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null && - (certType == null || certType.equals("client"))) { + // cmmf response for this cert. + if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null + && (certType == null || certType.equals("client"))) { PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = - new CertifiedKeyPair(new CertOrEncCert(certEncoded)); - CertResponse resp = - new CertResponse(new INTEGER(crmfReqId), status, - certifiedKP); + CertifiedKeyPair certifiedKP = new CertifiedKeyPair( + new CertOrEncCert(certEncoded)); + CertResponse resp = new CertResponse(new INTEGER(crmfReqId), + status, certifiedKP); certRepContent.addCertResponse(resp); } @@ -352,19 +344,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { byte[] certRepBytes = certRepOut.toByteArray(); String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes); // add CR to each return as required by cartman - BufferedReader certRepB64lines = - new BufferedReader(new StringReader(certRepB64)); + BufferedReader certRepB64lines = new BufferedReader( + new StringReader(certRepB64)); StringWriter certRepStringOut = new StringWriter(); String oneLine = null; boolean first = true; while ((oneLine = certRepB64lines.readLine()) != null) { if (first) { - //certRepStringOut.write("\""+oneLine+"\""); + // certRepStringOut.write("\""+oneLine+"\""); certRepStringOut.write(oneLine); first = false; } else { - //certRepStringOut.write("+\"\\n"+oneLine+"\""); + // certRepStringOut.write("+\"\\n"+oneLine+"\""); certRepStringOut.write("\n" + oneLine); } } @@ -376,4 +368,3 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java index e79efc32..7ec6ee66 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Retrieve a paged list of certs matching the specified query - * + * * @version $Revision$, $Date$ */ public class ListCerts extends CMSServlet { @@ -81,8 +79,8 @@ public class ListCerts extends CMSServlet { private ICertificateRepository mCertDB = null; private X500Name mAuthName = null; private String mFormPath = null; - private boolean mReverse = false; - private boolean mHardJumpTo = false; //jump to the end + private boolean mReverse = false; + private boolean mHardJumpTo = false; // jump to the end private String mDirection = null; private boolean mUseClientFilter = false; private Vector mAllowedClientFilters = new Vector(); @@ -98,7 +96,7 @@ public class ListCerts extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryCert.template" to render the response - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -123,44 +121,54 @@ public class ListCerts extends CMSServlet { /* do nothing, just use the default if integer parsing failed */ } - /* useClientFilter should be off by default. We keep - this parameter around so that we do not break - the client applications that submits raw LDAP - filter into this servlet. */ - if (sc.getInitParameter(USE_CLIENT_FILTER) != null && - sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { mUseClientFilter = true; + /* + * useClientFilter should be off by default. We keep this parameter + * around so that we do not break the client applications that submits + * raw LDAP filter into this servlet. + */ + if (sc.getInitParameter(USE_CLIENT_FILTER) != null + && sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase( + "true")) { + mUseClientFilter = true; } - if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { - mAllowedClientFilters.addElement("(certStatus=*)"); - mAllowedClientFilters.addElement("(certStatus=VALID)"); - mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); - mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); + if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null + || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) { + mAllowedClientFilters.addElement("(certStatus=*)"); + mAllowedClientFilters.addElement("(certStatus=VALID)"); + mAllowedClientFilters + .addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"); + mAllowedClientFilters + .addElement("(|(certStatus=VALID)(certStatus=REVOKED))"); } else { - StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ","); + StringTokenizer st = new StringTokenizer( + sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ","); while (st.hasMoreTokens()) { - mAllowedClientFilters.addElement(st.nextToken()); + mAllowedClientFilters.addElement(st.nextToken()); } } } - public String buildFilter(HttpServletRequest req) - { + public String buildFilter(HttpServletRequest req) { String queryCertFilter = req.getParameter("queryCertFilter"); - com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter); + com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + + queryCertFilter); if (mUseClientFilter) { com.netscape.certsrv.apps.CMS.debug("useClientFilter=true"); Enumeration filters = mAllowedClientFilters.elements(); // check to see if the filter is allowed while (filters.hasMoreElements()) { - String filter = (String)filters.nextElement(); - com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter); + String filter = (String) filters.nextElement(); + com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + + filter + " queryCertFilter=" + queryCertFilter); if (filter.equals(queryCertFilter)) { return queryCertFilter; } } - com.netscape.certsrv.apps.CMS.debug("Requested filter '" + queryCertFilter + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter"); + com.netscape.certsrv.apps.CMS.debug("Requested filter '" + + queryCertFilter + "' is not allowed. Please check the " + + ALLOWED_CLIENT_FILTERS + "parameter"); return null; } else { com.netscape.certsrv.apps.CMS.debug("useClientFilter=false"); @@ -168,35 +176,38 @@ public class ListCerts extends CMSServlet { boolean skipRevoked = false; boolean skipNonValid = false; - if (req.getParameter("skipRevoked") != null && - req.getParameter("skipRevoked").equals("on")) { + if (req.getParameter("skipRevoked") != null + && req.getParameter("skipRevoked").equals("on")) { skipRevoked = true; } - if (req.getParameter("skipNonValid") != null && - req.getParameter("skipNonValid").equals("on")) { + if (req.getParameter("skipNonValid") != null + && req.getParameter("skipNonValid").equals("on")) { skipNonValid = true; } if (!skipRevoked && !skipNonValid) { - queryCertFilter = "(certStatus=*)"; - } else if (skipRevoked && skipNonValid) { - queryCertFilter = "(certStatus=VALID)"; - } else if (skipRevoked) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; - } else if (skipNonValid) { - queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; + queryCertFilter = "(certStatus=*)"; + } else if (skipRevoked && skipNonValid) { + queryCertFilter = "(certStatus=VALID)"; + } else if (skipRevoked) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; + } else if (skipNonValid) { + queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; } return queryCertFilter; } /** - * Process the HTTP request. - * <ul> - * <li>http.param maxCount Number of certificates to show + * Process the HTTP request. + * <ul> + * <li>http.param maxCount Number of certificates to show * <li>http.param queryFilter and ldap style filter specifying the - * certificates to show - * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down - * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up + * certificates to show + * <li>http.param querySentinelDown the serial number of the first + * certificate to show (default decimal, or hex if prefixed with 0x) when + * paging down + * <li>http.param querySentinelUp the serial number of the first certificate + * to show (default decimal, or hex if prefixed with 0x) when paging up * <li>http.param direction "up", "down", "begin", or "end" * </ul> */ @@ -209,8 +220,8 @@ public class ListCerts extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); } catch (Exception e) { } @@ -235,50 +246,54 @@ public class ListCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage( + "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - mHardJumpTo = false; + mHardJumpTo = false; try { - if (req.getParameter("direction") != null) { - mDirection = req.getParameter("direction").trim(); - mReverse = mDirection.equals("up"); - if (mReverse) - com.netscape.certsrv.apps.CMS.debug("reverse is true"); - else - com.netscape.certsrv.apps.CMS.debug("reverse is false"); + if (req.getParameter("direction") != null) { + mDirection = req.getParameter("direction").trim(); + mReverse = mDirection.equals("up"); + if (mReverse) + com.netscape.certsrv.apps.CMS.debug("reverse is true"); + else + com.netscape.certsrv.apps.CMS.debug("reverse is false"); - } + } if (req.getParameter("maxCount") != null) { maxCount = Integer.parseInt(req.getParameter("maxCount")); } if (maxCount == -1 || maxCount > mMaxReturns) { - com.netscape.certsrv.apps.CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns); + com.netscape.certsrv.apps.CMS.debug("Resetting page size from " + + maxCount + " to " + mMaxReturns); maxCount = mMaxReturns; } - String sentinelStr = ""; - if (mReverse) { - sentinelStr = req.getParameter("querySentinelUp"); - } else if (mDirection.equals("end")) { - // this servlet will figure out the end - sentinelStr = "0"; - mReverse = true; - mHardJumpTo = true; - } else if (mDirection.equals("down")) { - sentinelStr = req.getParameter("querySentinelDown"); - } else - sentinelStr = "0"; - //begin and non-specified have sentinel default "0" + String sentinelStr = ""; + if (mReverse) { + sentinelStr = req.getParameter("querySentinelUp"); + } else if (mDirection.equals("end")) { + // this servlet will figure out the end + sentinelStr = "0"; + mReverse = true; + mHardJumpTo = true; + } else if (mDirection.equals("down")) { + sentinelStr = req.getParameter("querySentinelDown"); + } else + sentinelStr = "0"; + // begin and non-specified have sentinel default "0" if (sentinelStr != null) { if (sentinelStr.trim().startsWith("0x")) { - sentinel = new BigInteger(sentinelStr.trim().substring(2), 16); + sentinel = new BigInteger(sentinelStr.trim().substring(2), + 16); } else { sentinel = new BigInteger(sentinelStr, 10); } @@ -287,11 +302,12 @@ public class ListCerts extends CMSServlet { revokeAll = req.getParameter("revokeAll"); if (mAuthority instanceof ICertificateAuthority) { - X509CertImpl caCert = ((ICertificateAuthority) mAuthority).getSigningUnit().getCertImpl(); + X509CertImpl caCert = ((ICertificateAuthority) mAuthority) + .getSigningUnit().getCertImpl(); - //if (isCertFromCA(caCert)) - header.addStringValue("caSerialNumber", - caCert.getSerialNumber().toString(16)); + // if (isCertFromCA(caCert)) + header.addStringValue("caSerialNumber", caCert + .getSerialNumber().toString(16)); } // constructs the ldap filter on the server side @@ -301,25 +317,28 @@ public class ListCerts extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter); + + com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + + queryCertFilter); int totalRecordCount = -1; try { - totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount")); + totalRecordCount = Integer.parseInt(req + .getParameter("totalRecordCount")); } catch (Exception e) { } - processCertFilter(argSet, header, maxCount, - sentinel, - totalRecordCount, - req.getParameter("serialTo"), - queryCertFilter, - req, resp, revokeAll, locale[0]); + processCertFilter(argSet, header, maxCount, sentinel, + totalRecordCount, req.getParameter("serialTo"), + queryCertFilter, req, resp, revokeAll, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - - error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS + .getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + + error = new EBaseException( + com.netscape.certsrv.apps.CMS.getUserMessage( + getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -332,44 +351,38 @@ public class ListCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage( + "CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + com.netscape.certsrv.apps.CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void processCertFilter(CMSTemplateParams argSet, - IArgBlock header, - int maxCount, - BigInteger sentinel, - int totalRecordCount, - String serialTo, - String filter, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, - Locale locale - ) throws EBaseException { + private void processCertFilter(CMSTemplateParams argSet, IArgBlock header, + int maxCount, BigInteger sentinel, int totalRecordCount, + String serialTo, String filter, HttpServletRequest req, + HttpServletResponse resp, String revokeAll, Locale locale) + throws EBaseException { BigInteger serialToVal = MINUS_ONE; try { if (serialTo != null) { serialTo = serialTo.trim(); if (serialTo.startsWith("0x")) { - serialToVal = new BigInteger - (serialTo.substring(2), 16); + serialToVal = new BigInteger(serialTo.substring(2), 16); serialTo = serialToVal.toString(); } else { serialToVal = new BigInteger(serialTo); @@ -379,32 +392,30 @@ public class ListCerts extends CMSServlet { } String jumpTo = sentinel.toString(); - int pSize = 0; - if (mReverse) { - if (!mHardJumpTo) //reverse gets one more - pSize = -1*maxCount-1; - else - pSize = -1*maxCount; - } else - pSize = maxCount; - - ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList( - filter, (String[]) null, jumpTo, mHardJumpTo, "serialno", - pSize); + int pSize = 0; + if (mReverse) { + if (!mHardJumpTo) // reverse gets one more + pSize = -1 * maxCount - 1; + else + pSize = -1 * maxCount; + } else + pSize = maxCount; + + ICertRecordList list = (ICertRecordList) mCertDB + .findCertRecordsInList(filter, (String[]) null, jumpTo, + mHardJumpTo, "serialno", pSize); // retrive maxCount + 1 entries - Enumeration e = list.getCertRecords(0, maxCount); + Enumeration e = list.getCertRecords(0, maxCount); ICertRecordList tolist = null; int toCurIndex = 0; if (!serialToVal.equals(MINUS_ONE)) { - // if user specify a range, we need to + // if user specify a range, we need to // calculate the totalRecordCount - tolist = (ICertRecordList) mCertDB.findCertRecordsInList( - filter, - (String[]) null, serialTo, - "serialno", maxCount); + tolist = (ICertRecordList) mCertDB.findCertRecordsInList(filter, + (String[]) null, serialTo, "serialno", maxCount); Enumeration en = tolist.getCertRecords(0, 0); if (en == null || (!en.hasMoreElements())) { @@ -417,88 +428,98 @@ public class ListCerts extends CMSServlet { if (curToSerial.compareTo(serialToVal) == -1) { toCurIndex = list.getSize() - 1; } else { - if (!rx.getSerialNumber().toString().equals(serialTo.trim())) { + if (!rx.getSerialNumber().toString() + .equals(serialTo.trim())) { toCurIndex = toCurIndex - 1; } } } } - + int curIndex = list.getCurrentIndex(); int count = 0; - BigInteger firstSerial = new BigInteger("0"); - BigInteger curSerial = new BigInteger("0"); - ICertRecord[] recs = new ICertRecord[maxCount]; - int rcount = 0; + BigInteger firstSerial = new BigInteger("0"); + BigInteger curSerial = new BigInteger("0"); + ICertRecord[] recs = new ICertRecord[maxCount]; + int rcount = 0; if (e != null) { - /* in reverse (page up), because the sentinel is the one after the - * last item to be displayed, we need to skip it - */ - while ((count < ((mReverse &&!mHardJumpTo)? (maxCount+1):maxCount)) && e.hasMoreElements()) { + /* + * in reverse (page up), because the sentinel is the one after the + * last item to be displayed, we need to skip it + */ + while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1) + : maxCount)) && e.hasMoreElements()) { ICertRecord rec = (ICertRecord) e.nextElement(); if (rec == null) { - com.netscape.certsrv.apps.CMS.debug("record "+count+" is null"); + com.netscape.certsrv.apps.CMS.debug("record " + count + + " is null"); break; - } + } curSerial = rec.getSerialNumber(); - com.netscape.certsrv.apps.CMS.debug("record "+count+" is serial#"+curSerial); - - if (count == 0) { - firstSerial = curSerial; - if (mReverse && !mHardJumpTo) {//reverse got one more, skip - count++; - continue; - } - } - - // DS has a problem where last record will be returned - // even though the filter is not matched. - /*cfu - is this necessary? it breaks when paging up - if (curSerial.compareTo(sentinel) == -1) { - com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break..."); - - break; - } - */ + com.netscape.certsrv.apps.CMS.debug("record " + count + + " is serial#" + curSerial); + + if (count == 0) { + firstSerial = curSerial; + if (mReverse && !mHardJumpTo) {// reverse got one more, skip + count++; + continue; + } + } + + // DS has a problem where last record will be returned + // even though the filter is not matched. + /* + * cfu - is this necessary? it breaks when paging up if + * (curSerial.compareTo(sentinel) == -1) { + * com.netscape.certsrv.apps + * .CMS.debug("curSerial compare sentinel -1 break..."); + * + * break; } + */ if (!serialToVal.equals(MINUS_ONE)) { // check if we go over the limit if (curSerial.compareTo(serialToVal) == 1) { - com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking..."); + com.netscape.certsrv.apps.CMS + .debug("curSerial compare serialToVal 1 breaking..."); break; - } + } } - if (mReverse) { - recs[rcount++] = rec; - } else { + if (mReverse) { + recs[rcount++] = rec; + } else { - IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); + IArgBlock rarg = com.netscape.certsrv.apps.CMS + .createArgBlock(); - fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - } + fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + } count++; } } else { - com.netscape.certsrv.apps.CMS.debug( - "ListCerts::processCertFilter() - no Cert Records found!" ); + com.netscape.certsrv.apps.CMS + .debug("ListCerts::processCertFilter() - no Cert Records found!"); return; } - if (mReverse) { - // fill records into arg block and argSet - for (int ii = rcount-1; ii>= 0; ii--) { - if (recs[ii] != null) { - IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock(); - //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber()); - fillRecordIntoArg(recs[ii], rarg); - argSet.addRepeatRecord(rarg); - } - } - } + if (mReverse) { + // fill records into arg block and argSet + for (int ii = rcount - 1; ii >= 0; ii--) { + if (recs[ii] != null) { + IArgBlock rarg = com.netscape.certsrv.apps.CMS + .createArgBlock(); + // com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ + // recs[ii].getSerialNumber()); + fillRecordIntoArg(recs[ii], rarg); + argSet.addRepeatRecord(rarg); + } + } + } // peek ahead ICertRecord nextRec = null; @@ -522,70 +543,72 @@ public class ListCerts extends CMSServlet { if (totalRecordCount == -1) { if (!serialToVal.equals(MINUS_ONE)) { totalRecordCount = toCurIndex - curIndex + 1; - com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + + totalRecordCount); } else { - totalRecordCount = list.getSize() - - list.getCurrentIndex(); - com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount); + totalRecordCount = list.getSize() - list.getCurrentIndex(); + com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + + totalRecordCount); } } header.addIntegerValue("totalRecordCount", totalRecordCount); - header.addIntegerValue("currentRecordCount", list.getSize() - - list.getCurrentIndex()); - - String qs = ""; - if (mReverse) - qs = "querySentinelUp"; - else - qs = "querySentinelDown"; - - if (mHardJumpTo) { - com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); - - header.addStringValue("querySentinelUp", curSerial.toString()); - } else { - if (nextRec == null) { - header.addStringValue(qs, null); - com.netscape.certsrv.apps.CMS.debug("nextRec is null"); - if (mReverse) { - com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString()); - - header.addStringValue("querySentinelUp", curSerial.toString()); - } - } else { - BigInteger nextRecNo = nextRec.getSerialNumber(); + header.addIntegerValue("currentRecordCount", + list.getSize() - list.getCurrentIndex()); + + String qs = ""; + if (mReverse) + qs = "querySentinelUp"; + else + qs = "querySentinelDown"; - if (serialToVal.equals(MINUS_ONE)) { - header.addStringValue( - qs, nextRecNo.toString()); + if (mHardJumpTo) { + com.netscape.certsrv.apps.CMS + .debug("curSerial added to querySentinelUp:" + + curSerial.toString()); + + header.addStringValue("querySentinelUp", curSerial.toString()); + } else { + if (nextRec == null) { + header.addStringValue(qs, null); + com.netscape.certsrv.apps.CMS.debug("nextRec is null"); + if (mReverse) { + com.netscape.certsrv.apps.CMS + .debug("curSerial added to querySentinelUp:" + + curSerial.toString()); + + header.addStringValue("querySentinelUp", + curSerial.toString()); + } } else { - if (nextRecNo.compareTo(serialToVal) <= 0) { - header.addStringValue( - qs, nextRecNo.toString()); + BigInteger nextRecNo = nextRec.getSerialNumber(); + + if (serialToVal.equals(MINUS_ONE)) { + header.addStringValue(qs, nextRecNo.toString()); } else { - header.addStringValue(qs, - null); + if (nextRecNo.compareTo(serialToVal) <= 0) { + header.addStringValue(qs, nextRecNo.toString()); + } else { + header.addStringValue(qs, null); + } } + com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs + + " = " + nextRecNo.toString()); } - com.netscape.certsrv.apps.CMS.debug("querySentinel "+qs+" = "+nextRecNo.toString()); - } - } // !mHardJumpto + } // !mHardJumpto - header.addStringValue(!mReverse? "querySentinelUp":"querySentinelDown", - firstSerial.toString()); + header.addStringValue(!mReverse ? "querySentinelUp" + : "querySentinelDown", firstSerial.toString()); } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - int maxCount, int sentinel, - String filter, HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + int maxCount, int sentinel, String filter, HttpServletRequest req, + HttpServletResponse resp, String revokeAll, Locale locale) + throws EBaseException { try { if (filter.indexOf(CURRENT_TIME, 0) > -1) { filter = insertCurrentTime(filter); @@ -595,11 +618,11 @@ public class ListCerts extends CMSServlet { } // xxx the filter includes serial number range??? - ICertRecordList list = - (ICertRecordList) mCertDB.findCertRecordsInList(filter, null, maxCount); + ICertRecordList list = (ICertRecordList) mCertDB + .findCertRecordsInList(filter, null, maxCount); // sentinel is the index on the list now, not serial number - Enumeration e = - list.getCertRecords(sentinel, sentinel + maxCount - 1); + Enumeration e = list.getCertRecords(sentinel, sentinel + maxCount + - 1); int count = 0; @@ -628,7 +651,9 @@ public class ListCerts extends CMSServlet { else header.addStringValue("querySentinelDown", null); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERROR_LISTCERTS", e.toString())); + log(ILogger.LL_FAILURE, + com.netscape.certsrv.apps.CMS.getLogMessage( + "CMSGW_ERROR_LISTCERTS", e.toString())); throw e; } return; @@ -641,7 +666,8 @@ public class ListCerts extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); if (newFilter.length() == 0) { newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); @@ -662,7 +688,7 @@ public class ListCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -670,15 +696,16 @@ public class ListCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); rarg.addIntegerValue("version", cert.getVersion()); rarg.addStringValue("serialNumber", cert.getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber().toString()); + rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber() + .toString()); if (cert.getSubjectDN().toString().equals("")) { rarg.addStringValue("subject", " "); @@ -699,28 +726,32 @@ public class ListCerts extends CMSServlet { if (pKey instanceof X509Key) { key = (X509Key) pKey; } - rarg.addStringValue("subjectPublicKeyAlgorithm", key.getAlgorithmId().getOID().toString()); + rarg.addStringValue("subjectPublicKeyAlgorithm", key + .getAlgorithmId().getOID().toString()); if (key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) { RSAPublicKey rsaKey = new RSAPublicKey(key.getEncoded()); - rarg.addIntegerValue("subjectPublicKeyLength", rsaKey.getKeySize()); + rarg.addIntegerValue("subjectPublicKeyLength", + rsaKey.getKeySize()); } } catch (Exception e) { rarg.addStringValue("subjectPublicKeyAlgorithm", null); rarg.addIntegerValue("subjectPublicKeyLength", 0); } - rarg.addLongValue("validNotBefore", cert.getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotBefore", + cert.getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", cert.getNotAfter().getTime() / 1000); rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) issuedBy = ""; + if (issuedBy == null) + issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); - rarg.addStringValue("revokedBy", - ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); + rarg.addStringValue("revokedBy", ((rec.getRevokedBy() == null) ? "" + : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { @@ -739,7 +770,8 @@ public class ListCerts extends CMSServlet { Extension ext = (Extension) enum1.nextElement(); if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext).getReason().toInt(); + reason = ((CRLReasonExtension) ext).getReason() + .toInt(); break; } } @@ -749,4 +781,3 @@ public class ListCerts extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java index db77d039..577caa18 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -51,10 +50,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Provide statistical queries of request and certificate records. - * + * * @version $Revision$, $Date$ */ public class Monitor extends CMSServlet { @@ -83,8 +81,8 @@ public class Monitor extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * 'monitor.template' to render the response. - * + * 'monitor.template' to render the response. + * * @param sc servlet configuration, read from the web.xml file */ @@ -111,8 +109,8 @@ public class Monitor extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param startTime start of time period to query - * <li>http.param endTime end of time period to query - * <li>http.param interval time between queries + * <li>http.param endTime end of time period to query + * <li>http.param interval time between queries * <li>http.param numberOfIntervals number of queries to run * <li>http.param maxResults =number * <li>http.param timeLimit =time @@ -126,14 +124,14 @@ public class Monitor extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -158,9 +156,11 @@ public class Monitor extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -169,10 +169,11 @@ public class Monitor extends CMSServlet { interval = req.getParameter("interval"); numberOfIntervals = req.getParameter("numberOfIntervals"); - process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]); + process(argSet, header, startTime, endTime, interval, + numberOfIntervals, locale[0]); } catch (EBaseException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); + CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString())); error = e; } @@ -182,35 +183,34 @@ public class Monitor extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void process(CMSTemplateParams argSet, IArgBlock header, - String startTime, String endTime, - String interval, String numberOfIntervals, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String startTime, String endTime, String interval, + String numberOfIntervals, Locale locale) throws EBaseException { if (interval == null || interval.length() == 0) { header.addStringValue("error", "Invalid interval: " + interval); return; } if (numberOfIntervals == null || numberOfIntervals.length() == 0) { - header.addStringValue("error", "Invalid number of intervals: " + numberOfIntervals); + header.addStringValue("error", "Invalid number of intervals: " + + numberOfIntervals); return; } @@ -235,7 +235,8 @@ public class Monitor extends CMSServlet { try { iNumberOfIntervals = Integer.parseInt(numberOfIntervals); } catch (NumberFormatException nfe) { - header.addStringValue("error", "Invalid number of intervals: " + numberOfIntervals); + header.addStringValue("error", "Invalid number of intervals: " + + numberOfIntervals); return; } @@ -270,7 +271,7 @@ public class Monitor extends CMSServlet { return; } - + Date nextDate(Date d, int seconds) { Date date = new Date((d.getTime()) + ((long) (seconds * 1000))); @@ -288,7 +289,8 @@ public class Monitor extends CMSServlet { try { if (mCertDB != null) { - filter = Filter(ICertRecord.ATTR_CREATE_TIME, startTime, endTime); + filter = Filter(ICertRecord.ATTR_CREATE_TIME, startTime, + endTime); Enumeration e = mCertDB.findCertRecs(filter); @@ -306,18 +308,21 @@ public class Monitor extends CMSServlet { } if (mQueue != null) { - filter = Filter(IRequestRecord.ATTR_CREATE_TIME, startTime, endTime); + filter = Filter(IRequestRecord.ATTR_CREATE_TIME, startTime, + endTime); IRequestList reqList = mQueue.listRequestsByFilter(filter); int count = 0; while (reqList != null && reqList.hasMoreElements()) { - IRequestRecord rec = (IRequestRecord) reqList.nextRequest(); + IRequestRecord rec = (IRequestRecord) reqList + .nextRequest(); if (rec != null) { if (count == 0) { - arg.addStringValue("firstRequest", rec.getRequestId().toString()); + arg.addStringValue("firstRequest", rec + .getRequestId().toString()); } count++; } @@ -326,20 +331,21 @@ public class Monitor extends CMSServlet { mTotalReqs += count; } } catch (Exception ex) { - return "Exception: " + ex; + return "Exception: " + ex; } return null; } else { - return "Missing start or end date"; + return "Missing start or end date"; } } Date StringToDate(String z) { Date d = null; - if (z != null && (z.length() == 14 || - z.length() == 15 && (z.charAt(14) == 'Z' || z.charAt(14) == 'z'))) { + if (z != null + && (z.length() == 14 || z.length() == 15 + && (z.charAt(14) == 'Z' || z.charAt(14) == 'z'))) { // 20020516132030Z or 20020516132030 try { int year = Integer.parseInt(z.substring(0, 4)); @@ -348,12 +354,12 @@ public class Monitor extends CMSServlet { int hour = Integer.parseInt(z.substring(8, 10)); int minute = Integer.parseInt(z.substring(10, 12)); int second = Integer.parseInt(z.substring(12, 14)); - Calendar calendar= Calendar.getInstance(); + Calendar calendar = Calendar.getInstance(); calendar.set(year, month, date, hour, minute, second); d = calendar.getTime(); } catch (NumberFormatException nfe) { } - } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 + } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5 try { int i = Integer.parseInt(z); @@ -370,37 +376,42 @@ public class Monitor extends CMSServlet { Calendar calendar = Calendar.getInstance(); calendar.setTime(d); - String time = "" + (calendar.get(Calendar.YEAR)); int i = calendar.get(Calendar.MONTH) + 1; - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; - i = calendar.get(Calendar.DAY_OF_MONTH); - if (i < 10) time += "0"; + i = calendar.get(Calendar.DAY_OF_MONTH); + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.HOUR_OF_DAY); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.MINUTE); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i; i = calendar.get(Calendar.SECOND); - if (i < 10) time += "0"; + if (i < 10) + time += "0"; time += i + "Z"; return time; } String Filter(String name, String start, String end) { - String filter = "(&(" + name + ">=" + start + ")(" + name + "<=" + end + "))"; + String filter = "(&(" + name + ">=" + start + ")(" + name + "<=" + end + + "))"; return filter; } String uriFilter(String name, String start, String end) { - String filter = "(%26(" + name + "%3e%3d" + start + ")(" + name + "%3c%3d" + end + "))"; + String filter = "(%26(" + name + "%3e%3d" + start + ")(" + name + + "%3c%3d" + end + "))"; return filter; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java index 50296cf1..2d11bff6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Specify the RevocationReason when revoking a certificate - * + * * @version $Revision$, $Date$ */ public class ReasonToRevoke extends CMSServlet { @@ -75,9 +73,9 @@ public class ReasonToRevoke extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template file - * 'reasonToRevoke.template' to render the response - * + * initialize the servlet. This servlet uses the template file + * 'reasonToRevoke.template' to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -85,7 +83,8 @@ public class ReasonToRevoke extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { mCA = (ICertificateAuthority) mAuthority; - mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository(); + mCertDB = ((ICertificateAuthority) mAuthority) + .getCertificateRepository(); } if (mCA != null && mCA.noncesEnabled()) { @@ -108,13 +107,13 @@ public class ReasonToRevoke extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -126,14 +125,14 @@ public class ReasonToRevoke extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "revoke"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "revoke"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -151,10 +150,11 @@ public class ReasonToRevoke extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -163,31 +163,28 @@ public class ReasonToRevoke extends CMSServlet { try { if (req.getParameter("totalRecordCount") != null) { - totalRecordCount = - Integer.parseInt(req.getParameter("totalRecordCount")); + totalRecordCount = Integer.parseInt(req + .getParameter("totalRecordCount")); } revokeAll = req.getParameter("revokeAll"); - process(argSet, header, req, resp, - revokeAll, totalRecordCount, locale[0]); + process(argSet, header, req, resp, revokeAll, totalRecordCount, + locale[0]); } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); + } /* - catch (Exception e) { - noError = false; - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - errorlocale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * catch (Exception e) { noError = false; + * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( + * errorlocale[0], BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ try { @@ -196,30 +193,28 @@ public class ReasonToRevoke extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String revokeAll, int totalRecordCount, - Locale locale) - throws EBaseException { + HttpServletRequest req, HttpServletResponse resp, String revokeAll, + int totalRecordCount, Locale locale) throws EBaseException { header.addStringValue("revokeAll", revokeAll); header.addIntegerValue("totalRecordCount", totalRecordCount); @@ -237,15 +232,15 @@ public class ReasonToRevoke extends CMSServlet { X509CertImpl caCert = mCA.getSigningUnit().getCertImpl(); if (isCertFromCA(caCert)) { - header.addStringValue("caSerialNumber", - caCert.getSerialNumber().toString(16)); + header.addStringValue("caSerialNumber", caCert + .getSerialNumber().toString(16)); } } /** - ICertRecordList list = mCertDB.findCertRecordsInList( - revokeAll, null, totalRecordCount); - Enumeration e = list.getCertRecords(0, totalRecordCount - 1); + * ICertRecordList list = mCertDB.findCertRecordsInList( revokeAll, + * null, totalRecordCount); Enumeration e = list.getCertRecords(0, + * totalRecordCount - 1); **/ Enumeration e = mCertDB.searchCertificates(revokeAll, totalRecordCount, mTimeLimits); @@ -265,16 +260,16 @@ public class ReasonToRevoke extends CMSServlet { count++; IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", - xcert.getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", - xcert.getSerialNumber().toString()); - rarg.addStringValue("subject", - xcert.getSubjectDN().toString()); - rarg.addLongValue("validNotBefore", - xcert.getNotBefore().getTime() / 1000); - rarg.addLongValue("validNotAfter", - xcert.getNotAfter().getTime() / 1000); + rarg.addStringValue("serialNumber", xcert + .getSerialNumber().toString(16)); + rarg.addStringValue("serialNumberDecimal", xcert + .getSerialNumber().toString()); + rarg.addStringValue("subject", xcert.getSubjectDN() + .toString()); + rarg.addLongValue("validNotBefore", xcert + .getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotAfter", xcert.getNotAfter() + .getTime() / 1000); argSet.addRepeatRecord(rarg); } } @@ -288,4 +283,3 @@ public class ReasonToRevoke extends CMSServlet { return; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java index 9c414b9c..fc81c70c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.util.Calendar; import java.util.Date; @@ -54,7 +53,6 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Allow agent to turn on/off authentication managers * @@ -89,11 +87,11 @@ public class RemoteAuthConfig extends CMSServlet { /** * Initializes the servlet. - * - * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg - * enables remote configuration for authentication plugins. - * List of remotely set instances can be found in CMS.cfg - * at "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>" + * + * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg enables + * remote configuration for authentication plugins. List of remotely set + * instances can be found in CMS.cfg at + * "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>" */ public void init(ServletConfig sc) throws ServletException { super.init(sc); @@ -102,9 +100,11 @@ public class RemoteAuthConfig extends CMSServlet { mFileConfig = CMS.getConfigStore(); mAuthConfig = mFileConfig.getSubStore("auths"); try { - mEnableRemoteConfiguration = mAuthConfig.getBoolean(ENABLE_REMOTE_CONFIG, false); + mEnableRemoteConfiguration = mAuthConfig.getBoolean( + ENABLE_REMOTE_CONFIG, false); } catch (EBaseException eb) { - // Thanks to design of getBoolean we have to catch but we will never get anything. + // Thanks to design of getBoolean we have to catch but we will never + // get anything. } String remoteList = null; @@ -112,7 +112,8 @@ public class RemoteAuthConfig extends CMSServlet { try { remoteList = mAuthConfig.getString(REMOTELY_SET_INSTANCES, null); } catch (EBaseException eb) { - // Thanks to design of getString we have to catch but we will never get anything. + // Thanks to design of getString we have to catch but we will never + // get anything. } if (remoteList != null) { StringTokenizer s = new StringTokenizer(remoteList, ","); @@ -133,16 +134,10 @@ public class RemoteAuthConfig extends CMSServlet { /** * Serves HTTPS request. The format of this request is as follows: - * https://host:ee-port/remoteAuthConfig? - * op="add"|"delete"& - * instance=<instanceName>& - * of=<authPluginName>& - * host=<hostName>& - * port=<portNumber>& - * password=<password>& - * [adminDN=<adminDN>]& - * [uid=<uid>]& - * [baseDN=<baseDN>] + * https://host:ee-port/remoteAuthConfig? op="add"|"delete"& + * instance=<instanceName>& of=<authPluginName>& host=<hostName>& + * port=<portNumber>& password=<password>& [adminDN=<adminDN>]& [uid=<uid>]& + * [baseDN=<baseDN>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -174,7 +169,8 @@ public class RemoteAuthConfig extends CMSServlet { if (adminDN != null && adminDN.length() > 0) { errMsg = authenticateRemoteAdmin(host, port, adminDN, password); } else { - errMsg = authenticateRemoteAdmin(host, port, uid, baseDN, password); + errMsg = authenticateRemoteAdmin(host, port, uid, baseDN, + password); } if (errMsg == null || errMsg.length() == 0) { if (mAuthSubsystem != null && mAuthConfig != null) { @@ -197,14 +193,17 @@ public class RemoteAuthConfig extends CMSServlet { header.addStringValue("error", errMsg); } else { header.addStringValue("plugin", plugin); - header.addStringValue("instance", instance); + header.addStringValue("instance", + instance); } } else { - header.addStringValue("error", "Unknown instance " + - instance + "."); + header.addStringValue("error", + "Unknown instance " + instance + + "."); } } else { - header.addStringValue("error", "Unknown plugin name: " + plugin); + header.addStringValue("error", + "Unknown plugin name: " + plugin); } } else if (op.equals("add")) { String plugin = req.getParameter("of"); @@ -216,28 +215,33 @@ public class RemoteAuthConfig extends CMSServlet { instance = makeInstanceName(); } if (isInstanceListed(instance)) { - header.addStringValue("error", "Instance name " + - instance + " is already in use."); + header.addStringValue("error", + "Instance name " + instance + + " is already in use."); } else { errMsg = addInstance(instance, plugin, - host, port, baseDN, - req.getParameter("dnPattern")); + host, port, baseDN, + req.getParameter("dnPattern")); if (errMsg != null && errMsg.length() > 0) { header.addStringValue("error", errMsg); } else { header.addStringValue("plugin", plugin); - header.addStringValue("instance", instance); + header.addStringValue("instance", + instance); } } } else { - header.addStringValue("error", "Unknown plugin name: " + plugin); + header.addStringValue("error", + "Unknown plugin name: " + plugin); } } else { - header.addStringValue("error", "Unsupported operation: " + op); + header.addStringValue("error", + "Unsupported operation: " + op); } } } else { - header.addStringValue("error", "Invalid configuration data."); + header.addStringValue("error", + "Invalid configuration data."); } } else { header.addStringValue("error", errMsg); @@ -251,9 +255,10 @@ public class RemoteAuthConfig extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -263,15 +268,15 @@ public class RemoteAuthConfig extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private String authenticateRemoteAdmin(String host, String port, - String adminDN, String password) { + String adminDN, String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -313,13 +318,16 @@ public class RemoteAuthConfig extends CMSServlet { LDAPEntry groupEntry = c.read(nextValue); if (groupEntry != null) { - LDAPAttribute gAttr = groupEntry.getAttribute(UNIQUE_MEMBER); + LDAPAttribute gAttr = groupEntry + .getAttribute(UNIQUE_MEMBER); if (gAttr != null) { - Enumeration eValues = gAttr.getStringValues(); + Enumeration eValues = gAttr + .getStringValues(); while (eValues.hasMoreElements()) { - String value = (String) eValues.nextElement(); + String value = (String) eValues + .nextElement(); if (value.equals(entry.getDN())) { c.disconnect(); @@ -339,13 +347,11 @@ public class RemoteAuthConfig extends CMSServlet { } catch (LDAPException e) { /* - switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - case LDAPException.INVALID_CREDENTIALS: - case LDAPException.INSUFFICIENT_ACCESS_RIGHTS: - case LDAPException.LDAP_PARTIAL_RESULTS: - default: - } + * switch (e.getLDAPResultCode()) { case + * LDAPException.NO_SUCH_OBJECT: case + * LDAPException.INVALID_CREDENTIALS: case + * LDAPException.INSUFFICIENT_ACCESS_RIGHTS: case + * LDAPException.LDAP_PARTIAL_RESULTS: default: } */ c.disconnect(); return "LDAP error: " + e.toString(); @@ -362,8 +368,7 @@ public class RemoteAuthConfig extends CMSServlet { } private String authenticateRemoteAdmin(String host, String port, - String uid, String baseDN, - String password) { + String uid, String baseDN, String password) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -398,8 +403,7 @@ public class RemoteAuthConfig extends CMSServlet { connected = true; boolean memberOf = false; LDAPSearchResults results = c.search(baseDN, LDAPv2.SCOPE_SUB, - "(uid=" + uid + ")", - null, false); + "(uid=" + uid + ")", null, false); while (results.hasMoreElements()) { LDAPEntry entry = null; @@ -420,13 +424,16 @@ public class RemoteAuthConfig extends CMSServlet { LDAPEntry groupEntry = c.read(nextValue); if (groupEntry != null) { - LDAPAttribute gAttr = groupEntry.getAttribute(UNIQUE_MEMBER); + LDAPAttribute gAttr = groupEntry + .getAttribute(UNIQUE_MEMBER); if (gAttr != null) { - Enumeration eValues = gAttr.getStringValues(); + Enumeration eValues = gAttr + .getStringValues(); while (eValues.hasMoreElements()) { - String value = (String) eValues.nextElement(); + String value = (String) eValues + .nextElement(); if (value.equals(entry.getDN())) { c.disconnect(); @@ -472,9 +479,8 @@ public class RemoteAuthConfig extends CMSServlet { return "Access unauthorized"; } - private String addInstance(String instance, String plugin, - String host, String port, - String baseDN, String dnPattern) { + private String addInstance(String instance, String plugin, String host, + String port, String baseDN, String dnPattern) { if (host == null || host.length() == 0) { return "Missing host name."; } @@ -516,7 +522,8 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) list.append(","); + if (i > 0) + list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -542,7 +549,8 @@ public class RemoteAuthConfig extends CMSServlet { StringBuffer list = new StringBuffer(); for (int i = 0; i < mRemotelySetInstances.size(); i++) { - if (i > 0) list.append(","); + if (i > 0) + list.append(","); list.append((String) mRemotelySetInstances.elementAt(i)); } @@ -602,17 +610,21 @@ public class RemoteAuthConfig extends CMSServlet { int y = now.get(Calendar.YEAR); String name = "R" + y; - if (now.get(Calendar.MONTH) < 10) name += "0"; + if (now.get(Calendar.MONTH) < 10) + name += "0"; name += now.get(Calendar.MONTH); - if (now.get(Calendar.DAY_OF_MONTH) < 10) name += "0"; + if (now.get(Calendar.DAY_OF_MONTH) < 10) + name += "0"; name += now.get(Calendar.DAY_OF_MONTH); - if (now.get(Calendar.HOUR_OF_DAY) < 10) name += "0"; + if (now.get(Calendar.HOUR_OF_DAY) < 10) + name += "0"; name += now.get(Calendar.HOUR_OF_DAY); - if (now.get(Calendar.MINUTE) < 10) name += "0"; + if (now.get(Calendar.MINUTE) < 10) + name += "0"; name += now.get(Calendar.MINUTE); - if (now.get(Calendar.SECOND) < 10) name += "0"; + if (now.get(Calendar.SECOND) < 10) + name += "0"; name += now.get(Calendar.SECOND); return name; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java index 050dd36d..1eccf40e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; @@ -59,7 +58,7 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; /** * Certificate Renewal - * + * * @version $Revision$, $Date$ */ public class RenewalServlet extends CMSServlet { @@ -69,29 +68,27 @@ public class RenewalServlet extends CMSServlet { private static final long serialVersionUID = -3094124661102395244L; // renewal templates. - public static final String - RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; + public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template"; - // http params + // http params public static final String CERT_TYPE = "certType"; public static final String SERIAL_NO = "serialNo"; - // XXX can't do pkcs10 cause it's got no serial no. + // XXX can't do pkcs10 cause it's got no serial no. // (unless put serial no in pki attributes) - // public static final String PKCS10 = "pkcs10"; + // public static final String PKCS10 = "pkcs10"; public static final String IMPORT_CERT = "importCert"; private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - private ICMSTemplateFiller - mRenewalSuccessFiller = new ImportCertsTemplateFiller(); + private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller(); public RenewalServlet() { super(); } /** - * initialize the servlet. This servlet makes use of the - * template file "RenewalSuccess.template" to render the - * response + * initialize the servlet. This servlet makes use of the template file + * "RenewalSuccess.template" to render the response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -99,47 +96,44 @@ public class RenewalServlet extends CMSServlet { // override success template. has same info as enrollment. mTemplates.remove(CMSRequest.SUCCESS); try { - mRenewalSuccessTemplate = sc.getInitParameter( - PROP_SUCCESS_TEMPLATE); + mRenewalSuccessTemplate = sc + .getInitParameter(PROP_SUCCESS_TEMPLATE); if (mRenewalSuccessTemplate == null) mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE; - String fillername = - sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); + String fillername = sc + .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER); if (fillername != null) { ICMSTemplateFiller filler = newFillerObject(fillername); - if (filler != null) + if (filler != null) mRenewalSuccessFiller = filler; } } catch (Exception e) { - // this should never happen. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), - mId)); + // this should never happen. + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); - // renewal requires either: - // - coming from ee: - // - old cert from ssl client auth - // - old certs from auth manager - // - coming from agent or trusted RA: - // - serial no of cert to be renewed. - + // renewal requires either: + // - coming from ee: + // - old cert from ssl client auth + // - old certs from auth manager + // - coming from agent or trusted RA: + // - serial no of cert to be renewed. + BigInteger old_serial_no = null; X509CertImpl old_cert = null; X509CertImpl renewed_cert = null; @@ -152,14 +146,14 @@ public class RenewalServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "renew"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "renew"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -170,12 +164,12 @@ public class RenewalServlet extends CMSServlet { String authMgr = AuditFormat.NOAUTH; if (authToken != null && !mAuthMgr.equals("sslClientCertAuthMgr")) { - authMgr = - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - // coming from agent - if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + // coming from agent + if (mAuthMgr != null + && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { X509Certificate[] cert = new X509Certificate[1]; old_serial_no = getCertFromAgent(httpParams, cert); @@ -189,8 +183,8 @@ public class RenewalServlet extends CMSServlet { int endMonth = httpParams.getValueAsInt("endMonth", -1); int endDate = httpParams.getValueAsInt("endDate", -1); - if (beginYear != -1 && beginMonth != -1 && beginDate != -1 && - endYear != -1 && endMonth != -1 && endDate != -1) { + if (beginYear != -1 && beginMonth != -1 && beginDate != -1 + && endYear != -1 && endMonth != -1 && endDate != -1) { Calendar calendar = Calendar.getInstance(); calendar.set(beginYear, beginMonth, beginDate); notBefore = calendar.getTime(); @@ -199,7 +193,7 @@ public class RenewalServlet extends CMSServlet { } } // coming from client else { - // from auth manager + // from auth manager X509CertImpl[] cert = new X509CertImpl[1]; old_serial_no = getCertFromAuthMgr(authToken, cert); @@ -213,44 +207,43 @@ public class RenewalServlet extends CMSServlet { X509CertInfo new_certInfo = null; req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST); - req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] {old_serial_no}); + req.setExtData(IRequest.OLD_SERIALS, + new BigInteger[] { old_serial_no }); if (old_cert != null) { req.setExtData(IRequest.OLD_CERTS, - new X509CertImpl[] { old_cert } - ); - // create new certinfo from old_cert contents. - X509CertInfo old_certInfo = (X509CertInfo) - ((X509CertImpl) old_cert).get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); + new X509CertImpl[] { old_cert }); + // create new certinfo from old_cert contents. + X509CertInfo old_certInfo = (X509CertInfo) ((X509CertImpl) old_cert) + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo()); } else { - // if no old cert (came from RA agent) create new cert info - // (serializable) to pass through policies. And set the old + // if no old cert (came from RA agent) create new cert info + // (serializable) to pass through policies. And set the old // serial number to pick up. new_certInfo = new CertInfo(); - new_certInfo.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber(old_serial_no)); + new_certInfo.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(old_serial_no)); } - + if (notBefore == null || notAfter == null) { notBefore = new Date(0); notAfter = new Date(0); } - new_certInfo.set(X509CertInfo.VALIDITY, - new CertificateValidity(notBefore, notAfter)); - req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo } - ); + new_certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity( + notBefore, notAfter)); + req.setExtData(IRequest.CERT_INFO, + new X509CertInfo[] { new_certInfo }); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR")); } saveHttpHeaders(httpReq, req); @@ -259,22 +252,23 @@ public class RenewalServlet extends CMSServlet { saveAuthToken(authToken, req); cmsReq.setIRequest(req); - // send request to request queue. + // send request to request queue. mRequestQueue.processRequest(req); // for audit log String initiative = null; String agentID = null; - if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + if (mAuthMgr != null + && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { agentID = authToken.getInString("userid"); initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; - }else { + } else { // request is from eegateway, so fromUser. initiative = AuditFormat.FROMUSER; } - // check resulting status + // check resulting status RequestStatus status = req.getRequestStatus(); if (status != RequestStatus.COMPLETE) { @@ -292,92 +286,76 @@ public class RenewalServlet extends CMSServlet { wholeMsg.append(msgs.nextElement()); } - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "violation: " + - wholeMsg.toString()} - // wholeMsg}, - // ILogger.L_MULTILINE + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "violation: " + wholeMsg.toString() } + // wholeMsg}, + // ILogger.L_MULTILINE ); } else { // no policy violation, from agent - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { req.getRequestId(), initiative, + authMgr, status.toString(), + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), "" }); } - } else { // other imcomplete status - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - status.toString(), - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); + } else { // other imcomplete status + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, AuditFormat.RENEWALFORMAT, + new Object[] { req.getRequestId(), initiative, authMgr, + status.toString(), old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), "" }); } return; } - // service error + // service error Integer result = req.getExtDataInInteger(IRequest.RESULT); - CMS.debug( - "RenewalServlet: Result for request " + req.getRequestId() + " is " + result); + CMS.debug("RenewalServlet: Result for request " + req.getRequestId() + + " is " + result); if (result.equals(IRequest.RES_ERROR)) { - CMS.debug( - "RenewalServlet: Result for request " + req.getRequestId() + " is error."); + CMS.debug("RenewalServlet: Result for request " + + req.getRequestId() + " is error."); cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(req.getExtDataInString(IRequest.ERROR)); - String[] svcErrors = - req.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = req + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { String err = svcErrors[i]; if (err != null) { - //System.out.println( - //"revocation servlet: setting error description "+ - //err.toString()); + // System.out.println( + // "revocation servlet: setting error description "+ + // err.toString()); cmsReq.setErrorDescription(err); - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed with error: " + - err, - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "" } - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed with error: " + err, + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "" }); } } @@ -392,32 +370,29 @@ public class RenewalServlet extends CMSServlet { respondSuccess(cmsReq, renewed_cert); long endTime = CMS.getCurrentDate().getTime(); - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - req.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime)} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + req.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber().toString(16), + "new serial number: 0x" + + renewed_cert.getSerialNumber().toString(16) + + " time: " + (endTime - startTime) }); return; } - private void respondSuccess( - CMSRequest cmsReq, X509CertImpl renewed_cert) - throws EBaseException { - cmsReq.setResult(new X509CertImpl[] {renewed_cert} - ); + private void respondSuccess(CMSRequest cmsReq, X509CertImpl renewed_cert) + throws EBaseException { + cmsReq.setResult(new X509CertImpl[] { renewed_cert }); cmsReq.setStatus(CMSRequest.SUCCESS); - // check if cert should be imported. - // browser must have input type set to nav or cartman since + // check if cert should be imported. + // browser must have input type set to nav or cartman since // there's no other way to tell IArgBlock httpParams = cmsReq.getHttpParams(); @@ -425,73 +400,73 @@ public class RenewalServlet extends CMSServlet { String certType = httpParams.getValueAsString(CERT_TYPE, "client"); String agent = httpReq.getHeader("user-agent"); - if (checkImportCertToNav(cmsReq.getHttpResp(), - httpParams, renewed_cert)) { + if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, renewed_cert)) { return; } else { try { - renderTemplate(cmsReq, - mRenewalSuccessTemplate, mRenewalSuccessFiller); + renderTemplate(cmsReq, mRenewalSuccessTemplate, + mRenewalSuccessFiller); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1", + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGE_ERROR_DISPLAY_TEMPLATE_1", mRenewalSuccessTemplate, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } return; } - protected BigInteger getRenewedCert(ICertRecord certRec) - throws EBaseException { + protected BigInteger getRenewedCert(ICertRecord certRec) + throws EBaseException { BigInteger renewedCert = null; String serial = null; - MetaInfo meta = certRec.getMetaInfo(); + MetaInfo meta = certRec.getMetaInfo(); if (meta == null) { - log(ILogger.LL_INFO, - "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, "no meta info in cert serial 0x" + + certRec.getSerialNumber().toString(16)); return null; } serial = (String) meta.get(ICertRecord.META_RENEWED_CERT); if (serial == null) { - log(ILogger.LL_INFO, - "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, "no renewed cert in cert 0x" + + certRec.getSerialNumber().toString(16)); return null; } renewedCert = new BigInteger(serial); - log(ILogger.LL_INFO, - "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" + - certRec.getSerialNumber().toString(16)); + log(ILogger.LL_INFO, + "renewed cert serial 0x" + renewedCert.toString(16) + + "found for 0x" + + certRec.getSerialNumber().toString(16)); return renewedCert; } /** * get certs to renew from agent. */ - private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { + private BigInteger getCertFromAgent(IArgBlock httpParams, + X509Certificate[] certContainer) throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_MISSING_SERIALNO_FOR_RENEW_1", + serialno.toString(16))); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } } certContainer[0] = cert; @@ -501,24 +476,21 @@ public class RenewalServlet extends CMSServlet { /** * get cert to renew from auth manager */ - private BigInteger getCertFromAuthMgr( - IAuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { - X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); + private BigInteger getCertFromAuthMgr(IAuthToken authToken, + X509Certificate[] certContainer) throws EBaseException { + X509CertImpl cert = authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, "certficate from auth manager for " + - " renewal is not from this ca."); + if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) { + log(ILogger.LL_FAILURE, "certficate from auth manager for " + + " renewal is not from this ca."); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java index 9b39acc7..6142d685 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateEncodingException; @@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Perform the first step in revoking a certificate - * + * * @version $Revision$, $Date$ */ public class RevocationServlet extends CMSServlet { @@ -72,11 +70,11 @@ public class RevocationServlet extends CMSServlet { // revocation templates. private final static String TPL_FILE = "reasonToRevoke.template"; - // http params + // http params public static final String SERIAL_NO = "serialNo"; - // XXX can't do pkcs10 cause it's got no serial no. + // XXX can't do pkcs10 cause it's got no serial no. // (unless put serial no in pki attributes) - // public static final String PKCS10 = "pkcs10"; + // public static final String PKCS10 = "pkcs10"; public static final String REASON_CODE = "reasonCode"; private String mFormPath = null; @@ -85,15 +83,14 @@ public class RevocationServlet extends CMSServlet { private Random mRandom = null; private Nonces mNonces = null; - public RevocationServlet() { super(); } /** - * initialize the servlet. This servlet uses - * the template file "reasonToRevoke.template" to render the - * result. + * initialize the servlet. This servlet uses the template file + * "reasonToRevoke.template" to render the result. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,8 +100,7 @@ public class RevocationServlet extends CMSServlet { mFormPath = "/" + TPL_FILE; try { - mFormPath = sc.getInitParameter( - PROP_SUCCESS_TEMPLATE); + mFormPath = sc.getInitParameter(PROP_SUCCESS_TEMPLATE); if (mFormPath == null) mFormPath = "/" + TPL_FILE; @@ -115,7 +111,7 @@ public class RevocationServlet extends CMSServlet { } } - // set to false by revokeByDN=false in web.xml + // set to false by revokeByDN=false in web.xml mRevokeByDN = false; String tmp = sc.getInitParameter(PROP_REVOKEBYDN); @@ -127,28 +123,26 @@ public class RevocationServlet extends CMSServlet { } } - /** - * Process the HTTP request. Note that this servlet does not - * actually perform the certificate revocation. This is the first - * step in the multi-step revocation process. (the next step is - * in the ReasonToRevoke servlet. - * + * Process the HTTP request. Note that this servlet does not actually + * perform the certificate revocation. This is the first step in the + * multi-step revocation process. (the next step is in the ReasonToRevoke + * servlet. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { IArgBlock httpParams = cmsReq.getHttpParams(); HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - // revocation requires either: - // - coming from ee: - // - old cert from ssl client auth - // - old certs from auth manager - // - coming from agent or trusted RA: - // - serial no of cert to be revoked. - + // revocation requires either: + // - coming from ee: + // - old cert from ssl client auth + // - old certs from auth manager + // - coming from agent or trusted RA: + // - serial no of cert to be revoked. + BigInteger old_serial_no = null; X509CertImpl old_cert = null; String revokeAll = null; @@ -159,10 +153,11 @@ public class RevocationServlet extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -174,45 +169,50 @@ public class RevocationServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "submit"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - - // coming from agent - if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { + + // coming from agent + if (mAuthMgr != null + && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { X509Certificate[] cert = new X509Certificate[1]; old_serial_no = getCertFromAgent(httpParams, cert); old_cert = (X509CertImpl) cert[0]; } // coming from client else { - // from auth manager + // from auth manager X509CertImpl[] cert = new X509CertImpl[1]; - + old_serial_no = getCertFromAuthMgr(authToken, cert); old_cert = cert[0]; } - header.addStringValue("serialNumber", old_cert.getSerialNumber().toString(16)); - header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber().toString()); - // header.addStringValue("subject", old_cert.getSubjectDN().toString()); - // header.addLongValue("validNotBefore", old_cert.getNotBefore().getTime()/1000); - // header.addLongValue("validNotAfter", old_cert.getNotAfter().getTime()/1000); + header.addStringValue("serialNumber", old_cert.getSerialNumber() + .toString(16)); + header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber() + .toString()); + // header.addStringValue("subject", old_cert.getSubjectDN().toString()); + // header.addLongValue("validNotBefore", + // old_cert.getNotBefore().getTime()/1000); + // header.addLongValue("validNotAfter", + // old_cert.getNotAfter().getTime()/1000); if (mNonces != null) { long n = mRandom.nextLong(); - long m = mNonces.addNonce(n, (X509Certificate)old_cert); + long m = mNonces.addNonce(n, (X509Certificate) old_cert); if ((n + m) != 0) { header.addStringValue("nonce", Long.toString(m)); } @@ -222,19 +222,20 @@ public class RevocationServlet extends CMSServlet { X509CertImpl[] certsToRevoke = null; if (mAuthority instanceof ICertificateAuthority) { - certsToRevoke = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificates( - old_cert.getSubjectDN().toString(), - ICertificateRepository.ALL_UNREVOKED_CERTS); + certsToRevoke = ((ICertificateAuthority) mAuthority) + .getCertificateRepository().getX509Certificates( + old_cert.getSubjectDN().toString(), + ICertificateRepository.ALL_UNREVOKED_CERTS); } else if (mAuthority instanceof IRegistrationAuthority) { IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST); - String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." + - X509CertInfo.SUBJECT + "=" + - old_cert.getSubjectDN().toString() + ")(|(" + - ICertRecord.ATTR_CERT_STATUS + "=" + - ICertRecord.STATUS_VALID + ")(" + - ICertRecord.ATTR_CERT_STATUS + "=" + - ICertRecord.STATUS_EXPIRED + ")))"; + String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." + + X509CertInfo.SUBJECT + "=" + + old_cert.getSubjectDN().toString() + ")(|(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_VALID + ")(" + + ICertRecord.ATTR_CERT_STATUS + "=" + + ICertRecord.STATUS_EXPIRED + ")))"; req.setExtData(IRequest.CERT_FILTER, filter); mRequestQueue.processRequest(req); @@ -248,7 +249,8 @@ public class RevocationServlet extends CMSServlet { String name = (String) enum1.nextElement(); if (name.equals(IRequest.OLD_CERTS)) { - X509CertImpl[] certs = req.getExtDataInCertArray(IRequest.OLD_CERTS); + X509CertImpl[] certs = req + .getExtDataInCertArray(IRequest.OLD_CERTS); certsToRevoke = certs; } @@ -262,18 +264,20 @@ public class RevocationServlet extends CMSServlet { if (certsToRevoke != null && certsToRevoke.length > 0) { for (int i = 0; i < certsToRevoke.length; i++) { - if (old_cert.getSerialNumber().equals(certsToRevoke[i].getSerialNumber())) { + if (old_cert.getSerialNumber().equals( + certsToRevoke[i].getSerialNumber())) { authorized = true; break; } } } - if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 || - (!authorized))) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED")); + if (!noInfo + && (certsToRevoke == null || certsToRevoke.length == 0 || (!authorized))) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16))); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED")); } if (!mRevokeByDN || noInfo) { @@ -283,7 +287,8 @@ public class RevocationServlet extends CMSServlet { byte[] ba = old_cert.getEncoded(); // Do base 64 encoding - header.addStringValue("b64eCertificate", com.netscape.osutil.OSUtil.BtoA(ba)); + header.addStringValue("b64eCertificate", + com.netscape.osutil.OSUtil.BtoA(ba)); } catch (CertificateEncodingException e) { } } @@ -295,16 +300,16 @@ public class RevocationServlet extends CMSServlet { for (int i = 0; i < certsToRevoke.length; i++) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("serialNumber", - certsToRevoke[i].getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", - certsToRevoke[i].getSerialNumber().toString()); - rarg.addStringValue("subject", - certsToRevoke[i].getSubjectDN().toString()); - rarg.addLongValue("validNotBefore", - certsToRevoke[i].getNotBefore().getTime() / 1000); - rarg.addLongValue("validNotAfter", - certsToRevoke[i].getNotAfter().getTime() / 1000); + rarg.addStringValue("serialNumber", certsToRevoke[i] + .getSerialNumber().toString(16)); + rarg.addStringValue("serialNumberDecimal", certsToRevoke[i] + .getSerialNumber().toString()); + rarg.addStringValue("subject", certsToRevoke[i].getSubjectDN() + .toString()); + rarg.addLongValue("validNotBefore", certsToRevoke[i] + .getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotAfter", certsToRevoke[i] + .getNotAfter().getTime() / 1000); argSet.addRepeatRecord(rarg); } } else { @@ -313,7 +318,7 @@ public class RevocationServlet extends CMSServlet { } // set revocation reason, default to unspecified if not set. - int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); + int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); header.addIntegerValue("reason", reasonCode); @@ -324,10 +329,11 @@ public class RevocationServlet extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; @@ -336,29 +342,28 @@ public class RevocationServlet extends CMSServlet { /** * get cert to revoke from agent. */ - private BigInteger getCertFromAgent( - IArgBlock httpParams, X509Certificate[] certContainer) - throws EBaseException { + private BigInteger getCertFromAgent(IArgBlock httpParams, + X509Certificate[] certContainer) throws EBaseException { BigInteger serialno = null; X509Certificate cert = null; // get serial no serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null); if (serialno == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); + CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE")); } // get cert from db if we're cert authority. if (mAuthority instanceof ICertificateAuthority) { cert = getX509Certificate(serialno); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } } certContainer[0] = cert; @@ -368,23 +373,21 @@ public class RevocationServlet extends CMSServlet { /** * get cert to revoke from auth manager */ - private BigInteger getCertFromAuthMgr( - IAuthToken authToken, X509Certificate[] certContainer) - throws EBaseException { - X509CertImpl cert = - authToken.getInCert(AuthToken.TOKEN_CERT); + private BigInteger getCertFromAuthMgr(IAuthToken authToken, + X509Certificate[] certContainer) throws EBaseException { + X509CertImpl cert = authToken.getInCert(AuthToken.TOKEN_CERT); if (cert == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); + CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR")); } - if (mAuthority instanceof ICertificateAuthority && - !isCertFromCA(cert)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); + if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); + CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION")); } certContainer[0] = cert; BigInteger serialno = ((X509Certificate) cert).getSerialNumber(); @@ -393,4 +396,3 @@ public class RevocationServlet extends CMSServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java index 3a571d44..d3513320 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.util.Locale; import javax.servlet.http.HttpServletRequest; @@ -31,21 +30,13 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Certificates Template filler. - * must have list of certificates in result. - * looks at inputs: certtype. - * outputs: - * - cert type from http input (if any) - * - CA chain - * - authority name (RM, CM, DRM) - * - scheme:host:port of server. - * array of one or more - * - cert serial number - * - cert pretty print - * - cert in base 64 encoding. - * - cmmf blob to import + * Certificates Template filler. must have list of certificates in result. looks + * at inputs: certtype. outputs: - cert type from http input (if any) - CA chain + * - authority name (RM, CM, DRM) - scheme:host:port of server. array of one or + * more - cert serial number - cert pretty print - cert in base 64 encoding. - + * cmmf blob to import + * * @version $Revision$, $Date$ */ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { @@ -60,13 +51,12 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) throws Exception { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - // set host name and port. + // set host name and port. HttpServletRequest httpReq = cmsReq.getHttpReq(); String host = httpReq.getServerName(); int port = httpReq.getServerPort(); @@ -77,15 +67,14 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.SCHEME, scheme); // this authority - fixed.set(ICMSTemplateFiller.AUTHORITY, - (String) authority.getOfficialName()); + fixed.set(ICMSTemplateFiller.AUTHORITY, + (String) authority.getOfficialName()); // XXX CA chain. - RevokedCertImpl[] revoked = - (RevokedCertImpl[]) cmsReq.getResult(); + RevokedCertImpl[] revoked = (RevokedCertImpl[]) cmsReq.getResult(); - // revoked certs. + // revoked certs. for (int i = 0; i < revoked.length; i++) { IArgBlock repeat = CMS.createArgBlock(); @@ -96,4 +85,3 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java index 84e7e784..40464e9e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.security.PublicKey; @@ -61,10 +60,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SrchCerts extends CMSServlet { @@ -96,8 +94,9 @@ public class SrchCerts extends CMSServlet { } /** - * initialize the servlet. This servlet uses srchCert.template - * to render the response + * initialize the servlet. This servlet uses srchCert.template to render the + * response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -111,7 +110,8 @@ public class SrchCerts extends CMSServlet { if (authConfig != null) { try { - mMaxReturns = authConfig.getInteger(PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); + mMaxReturns = authConfig.getInteger( + PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); } catch (EBaseException e) { // do nothing } @@ -128,7 +128,8 @@ public class SrchCerts extends CMSServlet { /* Server-Side time limit */ try { - int maxResults = Integer.parseInt(sc.getInitParameter("maxResults")); + int maxResults = Integer + .parseInt(sc.getInitParameter("maxResults")); if (maxResults < mMaxReturns) mMaxReturns = maxResults; } catch (Exception e) { @@ -140,20 +141,21 @@ public class SrchCerts extends CMSServlet { /* do nothing, just use the default if integer parsing failed */ } - /* useClientFilter should be off by default. We keep - this parameter around so that we do not break - the client applications that submits raw LDAP - filter into this servlet. */ - if (sc.getInitParameter("useClientFilter") != null && - sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) { + /* + * useClientFilter should be off by default. We keep this parameter + * around so that we do not break the client applications that submits + * raw LDAP filter into this servlet. + */ + if (sc.getInitParameter("useClientFilter") != null + && sc.getInitParameter("useClientFilter").equalsIgnoreCase( + "true")) { mUseClientFilter = true; } } - private boolean isOn(HttpServletRequest req, String name) - { + private boolean isOn(HttpServletRequest req, String name) { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("on")) { @@ -162,10 +164,9 @@ public class SrchCerts extends CMSServlet { return false; } - private boolean isOff(HttpServletRequest req, String name) - { + private boolean isOff(HttpServletRequest req, String name) { String inUse = req.getParameter(name); - if (inUse == null) { + if (inUse == null) { return false; } if (inUse.equals("off")) { @@ -174,8 +175,8 @@ public class SrchCerts extends CMSServlet { return false; } - private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildCertStatusFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "statusInUse")) { return; } @@ -185,8 +186,7 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "profileInUse")) { return; } @@ -196,16 +196,16 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildBasicConstraintsFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "basicConstraintsInUse")) { return; } filter.append("(x509cert.BasicConstraints.isCA=on)"); } - private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildSerialNumberRangeFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "serialNumberRangeInUse")) { return; } @@ -225,9 +225,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildAVAFilter(HttpServletRequest req, String paramName, - String avaName, StringBuffer lf, String match) - { + private void buildAVAFilter(HttpServletRequest req, String paramName, + String avaName, StringBuffer lf, String match) { String val = req.getParameter(paramName); if (val != null && !val.equals("")) { if (match != null && match.equals("exact")) { @@ -254,8 +253,7 @@ public class SrchCerts extends CMSServlet { } } - private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) - { + private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "subjectInUse")) { return; } @@ -286,9 +284,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildRevokedByFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildRevokedByFilter(HttpServletRequest req, + StringBuffer filter) { if (!isOn(req, "revokedByInUse")) { return; } @@ -302,10 +299,8 @@ public class SrchCerts extends CMSServlet { } } - private void buildDateFilter(HttpServletRequest req, String prefix, - String outStr, long adjustment, - StringBuffer filter) - { + private void buildDateFilter(HttpServletRequest req, String prefix, + String outStr, long adjustment, StringBuffer filter) { String queryCertFilter = null; long epoch = 0; try { @@ -324,19 +319,16 @@ public class SrchCerts extends CMSServlet { } private void buildRevokedOnFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "revokedOnInUse")) { return; } buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter); - buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, - filter); + buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, filter); } private void buildRevocationReasonFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "revocationReasonInUse")) { return; } @@ -347,23 +339,21 @@ public class SrchCerts extends CMSServlet { String queryCertFilter = null; StringTokenizer st = new StringTokenizer(reasons, ","); if (st.hasMoreTokens()) { - filter.append("(|"); - while (st.hasMoreTokens()) { - String token = st.nextToken(); - if (queryCertFilter == null) { - queryCertFilter = ""; - } - filter.append("(x509cert.certRevoInfo="); - filter.append(token); - filter.append(")"); - } - filter.append(")"); + filter.append("(|"); + while (st.hasMoreTokens()) { + String token = st.nextToken(); + if (queryCertFilter == null) { + queryCertFilter = ""; + } + filter.append("(x509cert.certRevoInfo="); + filter.append(token); + filter.append(")"); + } + filter.append(")"); } } - private void buildIssuedByFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildIssuedByFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "issuedByInUse")) { return; } @@ -377,44 +367,38 @@ public class SrchCerts extends CMSServlet { } } - private void buildIssuedOnFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildIssuedOnFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "issuedOnInUse")) { return; } buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter); - buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, - filter); + buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, filter); } private void buildValidNotBeforeFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validNotBeforeInUse")) { return; } - buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", - 0, filter); - buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", - 86399999, filter); + buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", 0, + filter); + buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", + 86399999, filter); } private void buildValidNotAfterFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validNotAfterInUse")) { return; } - buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", - 0, filter); - buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", - 86399999, filter); + buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", 0, + filter); + buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", + 86399999, filter); } private void buildValidityLengthFilter(HttpServletRequest req, - StringBuffer filter) - { + StringBuffer filter) { if (!isOn(req, "validityLengthInUse")) { return; } @@ -438,9 +422,7 @@ public class SrchCerts extends CMSServlet { filter.append(")"); } - private void buildCertTypeFilter(HttpServletRequest req, - StringBuffer filter) - { + private void buildCertTypeFilter(HttpServletRequest req, StringBuffer filter) { if (!isOn(req, "certTypeInUse")) { return; } @@ -471,8 +453,7 @@ public class SrchCerts extends CMSServlet { } } - public String buildFilter(HttpServletRequest req) - { + public String buildFilter(HttpServletRequest req) { String queryCertFilter = req.getParameter("queryCertFilter"); StringBuffer filter = new StringBuffer(); @@ -504,10 +485,8 @@ public class SrchCerts extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? - * [maxCount=<number>] - * [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? [maxCount=<number>] [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -518,14 +497,14 @@ public class SrchCerts extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -551,10 +530,10 @@ public class SrchCerts extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -570,11 +549,13 @@ public class SrchCerts extends CMSServlet { timeLimit = Integer.parseInt(timeLimitStr); String queryCertFilter = buildFilter(req); - process(argSet, header, queryCertFilter, - revokeAll, maxResults, timeLimit, req, resp, locale[0]); + process(argSet, header, queryCertFilter, revokeAll, maxResults, + timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -585,33 +566,32 @@ public class SrchCerts extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, String revokeAll, - int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, String revokeAll, int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -621,15 +601,19 @@ public class SrchCerts extends CMSServlet { // xxx the filter includes serial number range??? if (maxResults == -1 || maxResults > mMaxReturns) { - CMS.debug("Resetting maximum of returned results from " + maxResults + " to " + mMaxReturns); + CMS.debug("Resetting maximum of returned results from " + + maxResults + " to " + mMaxReturns); maxResults = mMaxReturns; } if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + + mTimeLimits); timeLimit = mTimeLimits; } - CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit); - Enumeration e = mCertDB.searchCertificates(filter, maxResults, timeLimit); + CMS.debug("Start searching ... " + "filter=" + filter + + " maxreturns=" + maxResults + " timelimit=" + timeLimit); + Enumeration e = mCertDB.searchCertificates(filter, maxResults, + timeLimit); int count = 0; @@ -671,7 +655,8 @@ public class SrchCerts extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); @@ -687,7 +672,7 @@ public class SrchCerts extends CMSServlet { * Fills cert record into argument block. */ private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl xcert = rec.getCertificate(); @@ -695,20 +680,21 @@ public class SrchCerts extends CMSServlet { fillX509RecordIntoArg(rec, rarg); } } - + private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg) - throws EBaseException { + throws EBaseException { X509CertImpl cert = rec.getCertificate(); rarg.addIntegerValue("version", cert.getVersion()); rarg.addStringValue("serialNumber", cert.getSerialNumber().toString(16)); - rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber().toString()); + rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber() + .toString()); String subject = (String) cert.getSubjectDN().toString(); if (subject.equals("")) { - rarg.addStringValue("subject", " "); + rarg.addStringValue("subject", " "); } else { rarg.addStringValue("subject", subject); @@ -728,28 +714,32 @@ public class SrchCerts extends CMSServlet { if (pKey instanceof X509Key) { key = (X509Key) pKey; } - rarg.addStringValue("subjectPublicKeyAlgorithm", key.getAlgorithmId().getOID().toString()); + rarg.addStringValue("subjectPublicKeyAlgorithm", key + .getAlgorithmId().getOID().toString()); if (key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) { RSAPublicKey rsaKey = new RSAPublicKey(key.getEncoded()); - rarg.addIntegerValue("subjectPublicKeyLength", rsaKey.getKeySize()); + rarg.addIntegerValue("subjectPublicKeyLength", + rsaKey.getKeySize()); } } catch (Exception e) { rarg.addStringValue("subjectPublicKeyAlgorithm", null); rarg.addIntegerValue("subjectPublicKeyLength", 0); } - rarg.addLongValue("validNotBefore", cert.getNotBefore().getTime() / 1000); + rarg.addLongValue("validNotBefore", + cert.getNotBefore().getTime() / 1000); rarg.addLongValue("validNotAfter", cert.getNotAfter().getTime() / 1000); rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID()); String issuedBy = rec.getIssuedBy(); - if (issuedBy == null) issuedBy = ""; + if (issuedBy == null) + issuedBy = ""; rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString() rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000); - rarg.addStringValue("revokedBy", - ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy())); + rarg.addStringValue("revokedBy", ((rec.getRevokedBy() == null) ? "" + : rec.getRevokedBy())); if (rec.getRevokedOn() == null) { rarg.addStringValue("revokedOn", null); } else { @@ -768,7 +758,8 @@ public class SrchCerts extends CMSServlet { Extension ext = (Extension) enum1.nextElement(); if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext).getReason().toInt(); + reason = ((CRLReasonExtension) ext).getReason() + .toInt(); break; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java index 396f333b..83e2d395 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -59,10 +58,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Force the CRL to be updated now. - * + * * @version $Revision$, $Date$ */ public class UpdateCRL extends CMSServlet { @@ -87,40 +85,41 @@ public class UpdateCRL extends CMSServlet { } /** - * Initializes the servlet. This servlet uses updateCRL.template - * to render the result + * Initializes the servlet. This servlet uses updateCRL.template to render + * the result */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) mCA = (ICertificateAuthority) mAuthority; - - // override success to do output orw own template. + + // override success to do output orw own template. mTemplates.remove(CMSRequest.SUCCESS); if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param signatureAlgorithm the algorithm to use to sign the CRL - * <li>http.param waitForUpdate true/false - should the servlet wait until - * the CRL update is complete? + * <li>http.param waitForUpdate true/false - should the servlet wait until + * the CRL update is complete? * <li>http.param clearCRLCache true/false - should the CRL cache cleared - * before the CRL is generated? + * before the CRL is generated? * <li>http.param crlIssuingPoint the CRL Issuing Point to Update * </ul> + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("crl", true /* main action */); + statsSub.startTiming("crl", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -128,20 +127,20 @@ public class UpdateCRL extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "update"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } return; } @@ -158,21 +157,20 @@ public class UpdateCRL extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { - String signatureAlgorithm = - req.getParameter("signatureAlgorithm"); + String signatureAlgorithm = req.getParameter("signatureAlgorithm"); - process(argSet, header, req, resp, - signatureAlgorithm, locale[0]); + process(argSet, header, req, resp, signatureAlgorithm, locale[0]); } catch (EBaseException e) { error = e; } @@ -183,42 +181,43 @@ public class UpdateCRL extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } if (statsSub != null) { - statsSub.endTiming("crl"); + statsSub.endTiming("crl"); } } - private CRLExtensions crlEntryExtensions (String reason, String invalidity) { + private CRLExtensions crlEntryExtensions(String reason, String invalidity) { CRLExtensions entryExts = new CRLExtensions(); CRLReasonExtension crlReasonExtn = null; if (reason != null && reason.length() > 0) { try { - RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason)); - if (revReason == null) revReason = RevocationReason.UNSPECIFIED; + RevocationReason revReason = RevocationReason.fromInt(Integer + .parseInt(reason)); + if (revReason == null) + revReason = RevocationReason.UNSPECIFIED; crlReasonExtn = new CRLReasonExtension(revReason); } catch (Exception e) { - CMS.debug("Invalid revocation reason: "+reason); + CMS.debug("Invalid revocation reason: " + reason); } } @@ -228,15 +227,16 @@ public class UpdateCRL extends CMSServlet { Date invalidityDate = null; try { long backInTime = Long.parseLong(invalidity); - invalidityDate = new Date(now-(backInTime*60000)); + invalidityDate = new Date(now - (backInTime * 60000)); } catch (Exception e) { - CMS.debug("Invalid invalidity time offset: "+invalidity); + CMS.debug("Invalid invalidity time offset: " + invalidity); } if (invalidityDate != null) { try { - invalidityDateExtn = new InvalidityDateExtension(invalidityDate); + invalidityDateExtn = new InvalidityDateExtension( + invalidityDate); } catch (Exception e) { - CMS.debug("Error creating invalidity extension: "+e); + CMS.debug("Error creating invalidity extension: " + e); } } } @@ -245,7 +245,8 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(crlReasonExtn.getName(), crlReasonExtn); } catch (Exception e) { - CMS.debug("Error adding revocation reason extension to entry extensions: "+e); + CMS.debug("Error adding revocation reason extension to entry extensions: " + + e); } } @@ -253,14 +254,16 @@ public class UpdateCRL extends CMSServlet { try { entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn); } catch (Exception e) { - CMS.debug("Error adding invalidity date extension to entry extensions: "+e); + CMS.debug("Error adding invalidity date extension to entry extensions: " + + e); } } return entryExts; } - private void addInfo(CMSTemplateParams argSet, ICRLIssuingPoint crlIssuingPoint, long cacheUpdate) { + private void addInfo(CMSTemplateParams argSet, + ICRLIssuingPoint crlIssuingPoint, long cacheUpdate) { IArgBlock rarg = CMS.createArgBlock(); rarg.addLongValue("cacheUpdate", cacheUpdate); @@ -292,18 +295,12 @@ public class UpdateCRL extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String signatureAlgorithm, - Locale locale) - throws EBaseException { + HttpServletRequest req, HttpServletResponse resp, + String signatureAlgorithm, Locale locale) throws EBaseException { long startTime = CMS.getCurrentDate().getTime(); - String waitForUpdate = - req.getParameter("waitForUpdate"); - String clearCache = - req.getParameter("clearCRLCache"); - String crlIssuingPointId = - req.getParameter("crlIssuingPoint"); + String waitForUpdate = req.getParameter("waitForUpdate"); + String clearCache = req.getParameter("clearCRLCache"); + String crlIssuingPointId = req.getParameter("crlIssuingPoint"); String test = req.getParameter("test"); String add = req.getParameter("add"); String from = req.getParameter("from"); @@ -321,40 +318,41 @@ public class UpdateCRL extends CMSServlet { if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } if (crlIssuingPointId == null) { crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL; } - ICRLIssuingPoint crlIssuingPoint = - mCA.getCRLIssuingPoint(crlIssuingPointId); + ICRLIssuingPoint crlIssuingPoint = mCA + .getCRLIssuingPoint(crlIssuingPointId); header.addStringValue("crlIssuingPoint", crlIssuingPointId); IPublisherProcessor lpm = mCA.getPublisherProcessor(); if (crlIssuingPoint != null) { - if (clearCache != null && clearCache.equals("true") && - crlIssuingPoint.isCRLGenerationEnabled() && - crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && - crlIssuingPoint.isCRLIssuingPointInitialized() - == ICRLIssuingPoint.CRL_IP_INITIALIZED) { + if (clearCache != null + && clearCache.equals("true") + && crlIssuingPoint.isCRLGenerationEnabled() + && crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE + && crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { crlIssuingPoint.clearCRLCache(); } - if (waitForUpdate != null && waitForUpdate.equals("true") && - crlIssuingPoint.isCRLGenerationEnabled() && - crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE && - crlIssuingPoint.isCRLIssuingPointInitialized() - == ICRLIssuingPoint.CRL_IP_INITIALIZED) { - if (test != null && test.equals("true") && - crlIssuingPoint.isCRLCacheTestingEnabled() && - (!mTesting.contains(crlIssuingPointId))) { + if (waitForUpdate != null + && waitForUpdate.equals("true") + && crlIssuingPoint.isCRLGenerationEnabled() + && crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE + && crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) { + if (test != null && test.equals("true") + && crlIssuingPoint.isCRLCacheTestingEnabled() + && (!mTesting.contains(crlIssuingPointId))) { CMS.debug("CRL test started."); mTesting.add(crlIssuingPointId); BigInteger addLen = null; BigInteger startFrom = null; - if (add != null && add.length() > 0 && - from != null && from.length() > 0) { + if (add != null && add.length() > 0 && from != null + && from.length() > 0) { try { addLen = new BigInteger(add); startFrom = new BigInteger(from); @@ -365,7 +363,8 @@ public class UpdateCRL extends CMSServlet { Date revocationDate = CMS.getCurrentDate(); String err = null; - CRLExtensions entryExts = crlEntryExtensions (reason, invalidity); + CRLExtensions entryExts = crlEntryExtensions(reason, + invalidity); BigInteger serialNumber = startFrom; BigInteger counter = addLen; @@ -379,22 +378,25 @@ public class UpdateCRL extends CMSServlet { long t1 = System.currentTimeMillis(); long t2 = 0; - + while (counter.compareTo(BigInteger.ZERO) > 0) { - RevokedCertImpl revokedCert = - new RevokedCertImpl(serialNumber, revocationDate, entryExts); - crlIssuingPoint.addRevokedCert(serialNumber, revokedCert); + RevokedCertImpl revokedCert = new RevokedCertImpl( + serialNumber, revocationDate, entryExts); + crlIssuingPoint.addRevokedCert(serialNumber, + revokedCert); serialNumber = serialNumber.add(BigInteger.ONE); counter = counter.subtract(BigInteger.ONE); - if ((counter.compareTo(BigInteger.ZERO) == 0) || - (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) { + if ((counter.compareTo(BigInteger.ZERO) == 0) + || (stepBy != null && ((counter.mod(stepBy)) + .compareTo(BigInteger.ZERO) == 0))) { t2 = System.currentTimeMillis(); long t0 = t2 - t1; t1 = t2; try { if (signatureAlgorithm != null) { - crlIssuingPoint.updateCRLNow(signatureAlgorithm); + crlIssuingPoint + .updateCRLNow(signatureAlgorithm); } else { crlIssuingPoint.updateCRLNow(); } @@ -420,12 +422,12 @@ public class UpdateCRL extends CMSServlet { mTesting.remove(crlIssuingPointId); CMS.debug("CRL test finished."); - } else if (test != null && test.equals("true") && - crlIssuingPoint.isCRLCacheTestingEnabled() && - mTesting.contains(crlIssuingPointId)) { + } else if (test != null && test.equals("true") + && crlIssuingPoint.isCRLCacheTestingEnabled() + && mTesting.contains(crlIssuingPointId)) { header.addStringValue("crlUpdate", "testingInProgress"); - } else if (test != null && test.equals("true") && - (!crlIssuingPoint.isCRLCacheTestingEnabled())) { + } else if (test != null && test.equals("true") + && (!crlIssuingPoint.isCRLCacheTestingEnabled())) { header.addStringValue("crlUpdate", "testingNotEnabled"); } else { try { @@ -435,7 +437,8 @@ public class UpdateCRL extends CMSServlet { long now1 = System.currentTimeMillis(); if (signatureAlgorithm != null) { - crlIssuingPoint.updateCRLNow(signatureAlgorithm); + crlIssuingPoint + .updateCRLNow(signatureAlgorithm); } else { crlIssuingPoint.updateCRLNow(); } @@ -448,60 +451,80 @@ public class UpdateCRL extends CMSServlet { } if (lpm != null && lpm.enabled()) { - Enumeration rules = lpm.getRules(IPublisherProcessor.PROP_LOCAL_CRL); + Enumeration rules = lpm + .getRules(IPublisherProcessor.PROP_LOCAL_CRL); if (rules != null && rules.hasMoreElements()) { if (publishError != null) { - header.addStringValue("crlPublished", "Failure"); - header.addStringValue("error", publishError.toString(locale)); + header.addStringValue("crlPublished", + "Failure"); + header.addStringValue("error", + publishError.toString(locale)); } else { - header.addStringValue("crlPublished", "Success"); + header.addStringValue("crlPublished", + "Success"); } } } // for audit log SessionContext sContext = SessionContext.getContext(); - String agentId = (String) sContext.get(SessionContext.USER_ID); - IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN); + String agentId = (String) sContext + .get(SessionContext.USER_ID); + IAuthToken authToken = (IAuthToken) sContext + .get(SessionContext.AUTH_TOKEN); String authMgr = AuditFormat.NOAUTH; - + if (authToken != null) { - authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } long endTime = CMS.getCurrentDate().getTime(); if (crlIssuingPoint.getNextUpdate() != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - crlIssuingPoint.getNextUpdate(), - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} - ); - }else { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.CRLUPDATEFORMAT, - new Object[] { - AuditFormat.FROMAGENT + " agentID: " + agentId, - authMgr, - "completed", - crlIssuingPoint.getId(), - crlIssuingPoint.getCRLNumber(), - crlIssuingPoint.getLastUpdate(), - "not set", - Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + crlIssuingPoint.getNextUpdate(), + Long.toString(crlIssuingPoint + .getCRLSize()) + + " time: " + + (endTime - startTime) }); + } else { + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.CRLUPDATEFORMAT, + new Object[] { + AuditFormat.FROMAGENT + + " agentID: " + agentId, + authMgr, + "completed", + crlIssuingPoint.getId(), + crlIssuingPoint.getCRLNumber(), + crlIssuingPoint.getLastUpdate(), + "not set", + Long.toString(crlIssuingPoint + .getCRLSize()) + + " time: " + + (endTime - startTime) }); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString())); - if ((lpm != null) && lpm.enabled() && (e instanceof ELdapException)) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", + e.toString())); + if ((lpm != null) && lpm.enabled() + && (e instanceof ELdapException)) { header.addStringValue("crlPublished", "Failure"); header.addStringValue("error", e.toString(locale)); } else { @@ -510,12 +533,10 @@ public class UpdateCRL extends CMSServlet { } } } else { - if (crlIssuingPoint.isCRLIssuingPointInitialized() - != ICRLIssuingPoint.CRL_IP_INITIALIZED) { + if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) { header.addStringValue("crlUpdate", "notInitialized"); - } else if (crlIssuingPoint.isCRLUpdateInProgress() - != ICRLIssuingPoint.CRL_UPDATE_DONE || - crlIssuingPoint.isManualUpdateSet()) { + } else if (crlIssuingPoint.isCRLUpdateInProgress() != ICRLIssuingPoint.CRL_UPDATE_DONE + || crlIssuingPoint.isManualUpdateSet()) { header.addStringValue("crlUpdate", "inProgress"); } else if (!crlIssuingPoint.isCRLGenerationEnabled()) { header.addStringValue("crlUpdate", "Disabled"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java index ccba3362..8ea34b1b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.cert; - import java.io.IOException; import java.math.BigInteger; import java.util.Enumeration; @@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Update the configured LDAP server with specified objects - * + * * @version $Revision$, $Date$ */ public class UpdateDir extends CMSServlet { @@ -85,12 +83,10 @@ public class UpdateDir extends CMSServlet { private final static int REVOKED_FROM = 10; private final static int REVOKED_TO = 11; private final static int CHECK_FLAG = 12; - private final static String[] updateName = - {"updateAll", "updateCRL", "updateCA", - "updateValid", "validFrom", "validTo", - "updateExpired", "expiredFrom", "expiredTo", - "updateRevoked", "revokedFrom", "revokedTo", - "checkFlag"}; + private final static String[] updateName = { "updateAll", "updateCRL", + "updateCA", "updateValid", "validFrom", "validTo", "updateExpired", + "expiredFrom", "expiredTo", "updateRevoked", "revokedFrom", + "revokedTo", "checkFlag" }; private String mFormPath = null; private ICertificateAuthority mCA = null; @@ -112,7 +108,7 @@ public class UpdateDir extends CMSServlet { public void init(ServletConfig sc) throws ServletException { super.init(sc); - if( mAuthority != null ) { + if (mAuthority != null) { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; if (mAuthority instanceof ICertificateAuthority) { mCA = (ICertificateAuthority) mAuthority; @@ -129,8 +125,8 @@ public class UpdateDir extends CMSServlet { } /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -142,14 +138,14 @@ public class UpdateDir extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "update"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "update"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -169,18 +165,19 @@ public class UpdateDir extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { String crlIssuingPointId = req.getParameter("crlIssuingPoint"); - if (mPublisherProcessor == null || - !mPublisherProcessor.enabled()) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE")); + if (mPublisherProcessor == null || !mPublisherProcessor.enabled()) + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_PUB_MODULE")); String[] updateValue = new String[updateName.length]; @@ -188,14 +185,17 @@ public class UpdateDir extends CMSServlet { updateValue[i] = req.getParameter(updateName[i]); } - String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", ""); - String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", ""); - if (masterHost != null && masterHost.length() > 0 && - masterPort != null && masterPort.length() > 0) { + String masterHost = CMS.getConfigStore().getString( + "master.ca.agent.host", ""); + String masterPort = CMS.getConfigStore().getString( + "master.ca.agent.port", ""); + if (masterHost != null && masterHost.length() > 0 + && masterPort != null && masterPort.length() > 0) { mClonedCA = true; } - process(argSet, header, req, resp, crlIssuingPointId, updateValue, locale[0]); + process(argSet, header, req, resp, crlIssuingPointId, updateValue, + locale[0]); } catch (EBaseException e) { error = e; } @@ -206,29 +206,28 @@ public class UpdateDir extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } - private void updateCRLIssuingPoint( - IArgBlock header, - String crlIssuingPointId, - ICRLIssuingPoint crlIssuingPoint, - Locale locale) { + private void updateCRLIssuingPoint(IArgBlock header, + String crlIssuingPointId, ICRLIssuingPoint crlIssuingPoint, + Locale locale) { SessionContext sc = SessionContext.getContext(); sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId); @@ -237,53 +236,67 @@ public class UpdateDir extends CMSServlet { try { if (mCRLRepository != null) { - crlRecord = (ICRLIssuingPointRecord)mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId); + crlRecord = (ICRLIssuingPointRecord) mCRLRepository + .readCRLIssuingPointRecord(crlIssuingPointId); } } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString())); } if (crlRecord == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId)); header.addStringValue("crlPublished", "Failure"); - header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + header.addStringValue( + "crlError", + new ECMSGWException(CMS.getUserMessage(locale, + "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { - String publishDN = (crlIssuingPoint != null)? crlIssuingPoint.getPublishDN(): null; + String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint + .getPublishDN() : null; byte[] crlbytes = crlRecord.getCRL(); if (crlbytes == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", "")); header.addStringValue("crlPublished", "Failure"); - header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); + header.addStringValue( + "crlError", + new ECMSGWException(CMS.getUserMessage(locale, + "CMS_GW_CRL_NOT_YET_UPDATED")).toString()); } else { X509CRLImpl crl = null; try { crl = new X509CRLImpl(crlbytes); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", + e.toString())); } if (crl == null) { header.addStringValue("crlPublished", "Failure"); - header.addStringValue("crlError", - new ECMSGWException(CMS.getUserMessage(locale,"CMS_GW_DECODE_CRL_FAILED")).toString()); + header.addStringValue( + "crlError", + new ECMSGWException(CMS.getUserMessage(locale, + "CMS_GW_DECODE_CRL_FAILED")).toString()); } else { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, crl); } else { - mPublisherProcessor.publishCRL(crl,crlIssuingPointId); + mPublisherProcessor.publishCRL(crl, + crlIssuingPointId); } header.addStringValue("crlPublished", "Success"); } catch (ELdapException e) { header.addStringValue("crlPublished", "Failure"); header.addStringValue("crlError", e.toString(locale)); - log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CRL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("LDAP_ERROR_PUBLISH_CRL", + e.toString())); } } } @@ -298,7 +311,9 @@ public class UpdateDir extends CMSServlet { try { deltaCrl = new X509CRLImpl(deltaCrlBytes); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", + e.toString())); } boolean goodDelta = false; @@ -306,24 +321,26 @@ public class UpdateDir extends CMSServlet { BigInteger crlNumber = crlRecord.getCRLNumber(); BigInteger deltaNumber = crlRecord.getDeltaCRLNumber(); Long deltaCRLSize = crlRecord.getDeltaCRLSize(); - if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 && - crlNumber != null && deltaNumber != null && - deltaNumber.compareTo(crlNumber) >= 0) { + if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 + && crlNumber != null && deltaNumber != null + && deltaNumber.compareTo(crlNumber) >= 0) { goodDelta = true; } } - if (deltaCrl != null && ((mClonedCA && goodDelta) || - (crlIssuingPoint != null && - crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) { + if (deltaCrl != null + && ((mClonedCA && goodDelta) || (crlIssuingPoint != null && crlIssuingPoint + .isThisCurrentDeltaCRL(deltaCrl)))) { try { if (publishDN != null) { mPublisherProcessor.publishCRL(publishDN, deltaCrl); } else { - mPublisherProcessor.publishCRL(deltaCrl,crlIssuingPointId); + mPublisherProcessor.publishCRL(deltaCrl, + crlIssuingPointId); } } catch (ELdapException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString())); } } } @@ -331,17 +348,14 @@ public class UpdateDir extends CMSServlet { } private void process(CMSTemplateParams argSet, IArgBlock header, - HttpServletRequest req, - HttpServletResponse resp, - String crlIssuingPointId, - String[] updateValue, - Locale locale) - throws EBaseException { + HttpServletRequest req, HttpServletResponse resp, + String crlIssuingPointId, String[] updateValue, Locale locale) + throws EBaseException { // all or crl - if ((updateValue[UPDATE_ALL] != null && - updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_CRL] != null && - updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] + .equalsIgnoreCase("yes")) + || (updateValue[UPDATE_CRL] != null && updateValue[UPDATE_CRL] + .equalsIgnoreCase("yes"))) { // check if received issuing point ID is known to the server if (crlIssuingPointId != null) { Enumeration ips = mCA.getCRLIssuingPoints(); @@ -352,7 +366,8 @@ public class UpdateDir extends CMSServlet { if (crlIssuingPointId.equals(ip.getId())) { break; } - if (!ips.hasMoreElements()) crlIssuingPointId = null; + if (!ips.hasMoreElements()) + crlIssuingPointId = null; } } if (crlIssuingPointId == null) { @@ -361,7 +376,7 @@ public class UpdateDir extends CMSServlet { Vector ipNames = mCRLRepository.getIssuingPointsNames(); if (ipNames != null && ipNames.size() > 0) { for (int i = 0; i < ipNames.size(); i++) { - String ipName = (String)ipNames.elementAt(i); + String ipName = (String) ipNames.elementAt(i); updateCRLIssuingPoint(header, ipName, null, locale); } @@ -370,46 +385,49 @@ public class UpdateDir extends CMSServlet { Enumeration oips = mCA.getCRLIssuingPoints(); while (oips.hasMoreElements()) { - ICRLIssuingPoint oip = (ICRLIssuingPoint) oips.nextElement(); + ICRLIssuingPoint oip = (ICRLIssuingPoint) oips + .nextElement(); updateCRLIssuingPoint(header, oip.getId(), oip, locale); } } } else { - ICRLIssuingPoint crlIssuingPoint = - mCA.getCRLIssuingPoint(crlIssuingPointId); + ICRLIssuingPoint crlIssuingPoint = mCA + .getCRLIssuingPoint(crlIssuingPointId); ICRLIssuingPointRecord crlRecord = null; - updateCRLIssuingPoint(header, crlIssuingPointId, - crlIssuingPoint, locale); + updateCRLIssuingPoint(header, crlIssuingPointId, + crlIssuingPoint, locale); } } - ICertificateRepository certificateRepository = (ICertificateRepository) mCA.getCertificateRepository(); + ICertificateRepository certificateRepository = (ICertificateRepository) mCA + .getCertificateRepository(); // all or ca - if ((updateValue[UPDATE_ALL] != null && - updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_CA] != null && - updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] + .equalsIgnoreCase("yes")) + || (updateValue[UPDATE_CA] != null && updateValue[UPDATE_CA] + .equalsIgnoreCase("yes"))) { X509CertImpl caCert = mCA.getSigningUnit().getCertImpl(); try { mPublisherProcessor.publishCACert(caCert); header.addStringValue("caCertPublished", "Success"); } catch (ELdapException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CACERT_1", - caCert.getSerialNumber().toString(16), e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "LDAP_ERROR_PUBLISH_CACERT_1", caCert.getSerialNumber() + .toString(16), e.toString())); header.addStringValue("caCertPublished", "Failure"); header.addStringValue("caCertError", e.toString(locale)); } } // all or valid - if ((updateValue[UPDATE_ALL] != null && - updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_VALID] != null && - updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] + .equalsIgnoreCase("yes")) + || (updateValue[UPDATE_VALID] != null && updateValue[UPDATE_VALID] + .equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[VALID_FROM].startsWith("0x")) { updateValue[VALID_FROM] = hexToDecimal(updateValue[VALID_FROM]); @@ -419,17 +437,15 @@ public class UpdateDir extends CMSServlet { } Enumeration validCerts = null; - if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { - validCerts = - certificateRepository.getValidNotPublishedCertificates( - updateValue[VALID_FROM], - updateValue[VALID_TO]); + if (updateValue[CHECK_FLAG] != null + && updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + validCerts = certificateRepository + .getValidNotPublishedCertificates( + updateValue[VALID_FROM], + updateValue[VALID_TO]); } else { - validCerts = - certificateRepository.getValidCertificates( - updateValue[VALID_FROM], - updateValue[VALID_TO]); + validCerts = certificateRepository.getValidCertificates( + updateValue[VALID_FROM], updateValue[VALID_TO]); } int i = 0; int l = 0; @@ -437,9 +453,9 @@ public class UpdateDir extends CMSServlet { if (validCerts != null) { while (validCerts.hasMoreElements()) { - ICertRecord certRecord = - (ICertRecord) validCerts.nextElement(); - //X509CertImpl cert = certRecord.getCertificate(); + ICertRecord certRecord = (ICertRecord) validCerts + .nextElement(); + // X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -449,84 +465,92 @@ public class UpdateDir extends CMSServlet { MetaInfo metaInfo = null; String ridString = null; - metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO); + metaInfo = (MetaInfo) certRecord + .get(ICertRecord.ATTR_META_INFO); if (metaInfo == null) { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAIL_GET_ICERT_RECORD", cert + .getSerialNumber().toString(16))); } else { - ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); + ridString = (String) metaInfo + .get(ICertRecord.META_REQUEST_ID); } IRequest r = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; - SessionContext sc = SessionContext.getContext(); + SessionContext sc = SessionContext.getContext(); if (r == null) { if (CMS.isEncryptionCert(cert)) - sc.put((Object) "isEncryptionCert", (Object) "true"); - else - sc.put((Object) "isEncryptionCert", (Object) "false"); + sc.put((Object) "isEncryptionCert", + (Object) "true"); + else + sc.put((Object) "isEncryptionCert", + (Object) "false"); mPublisherProcessor.publishCert(cert, null); } else { if (CMS.isEncryptionCert(cert)) r.setExtData("isEncryptionCert", "true"); - else + else r.setExtData("isEncryptionCert", "false"); mPublisherProcessor.publishCert(cert, r); } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16), - e.toString())); - validCertsError += - "Failed to publish certificate: 0x" + - certRecord.getSerialNumber().toString(16) + - ".\n <BR> "; + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAIL_PUBLISH_CERT", certRecord + .getSerialNumber().toString(16), e + .toString())); + validCertsError += "Failed to publish certificate: 0x" + + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { - header.addStringValue("validCertsPublished", - "Success"); + header.addStringValue("validCertsPublished", "Success"); if (i == 1) - header.addStringValue("validCertsError", i + - " valid certificate is published in the directory."); + header.addStringValue( + "validCertsError", + i + + " valid certificate is published in the directory."); else - header.addStringValue("validCertsError", i + - " valid certificates are published in the directory."); + header.addStringValue( + "validCertsError", + i + + " valid certificates are published in the directory."); } else { if (l == 0) { header.addStringValue("validCertsPublished", "No"); } else { header.addStringValue("validCertsPublished", "Failure"); - header.addStringValue("validCertsError", - validCertsError); + header.addStringValue("validCertsError", + validCertsError); } } } else { header.addStringValue("validCertsPublished", "Failure"); - header.addStringValue("validCertsError", "Certificate repository is unavailable."); + header.addStringValue("validCertsError", + "Certificate repository is unavailable."); } } // all or expired - if ((updateValue[UPDATE_ALL] != null && - updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_EXPIRED] != null && - updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] + .equalsIgnoreCase("yes")) + || (updateValue[UPDATE_EXPIRED] != null && updateValue[UPDATE_EXPIRED] + .equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[EXPIRED_FROM].startsWith("0x")) { updateValue[EXPIRED_FROM] = hexToDecimal(updateValue[EXPIRED_FROM]); @@ -536,27 +560,26 @@ public class UpdateDir extends CMSServlet { } Enumeration expiredCerts = null; - if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { - expiredCerts = - certificateRepository.getExpiredPublishedCertificates( - updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + if (updateValue[CHECK_FLAG] != null + && updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + expiredCerts = certificateRepository + .getExpiredPublishedCertificates( + updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } else { - expiredCerts = - certificateRepository.getExpiredCertificates( - updateValue[EXPIRED_FROM], - updateValue[EXPIRED_TO]); + expiredCerts = certificateRepository + .getExpiredCertificates(updateValue[EXPIRED_FROM], + updateValue[EXPIRED_TO]); } int i = 0; int l = 0; StringBuffer expiredCertsError = new StringBuffer(); - if (expiredCerts != null) { + if (expiredCerts != null) { while (expiredCerts.hasMoreElements()) { - ICertRecord certRecord = - (ICertRecord) expiredCerts.nextElement(); - //X509CertImpl cert = certRecord.getCertificate(); + ICertRecord certRecord = (ICertRecord) expiredCerts + .nextElement(); + // X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -566,25 +589,27 @@ public class UpdateDir extends CMSServlet { MetaInfo metaInfo = null; String ridString = null; - metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO); + metaInfo = (MetaInfo) certRecord + .get(ICertRecord.ATTR_META_INFO); if (metaInfo == null) { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAIL_GET_ICERT_RECORD", cert + .getSerialNumber().toString(16))); } else { - ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); + ridString = (String) metaInfo + .get(ICertRecord.META_REQUEST_ID); } IRequest r = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -595,47 +620,53 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", - certRecord.getSerialNumber().toString(16), - e.toString())); - expiredCertsError.append( - "Failed to unpublish certificate: 0x"); - expiredCertsError.append( - certRecord.getSerialNumber().toString(16)); - expiredCertsError.append( - ".\n <BR> "); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "LDAP_ERROR_UNPUBLISH_CERT", certRecord + .getSerialNumber().toString(16), e + .toString())); + expiredCertsError + .append("Failed to unpublish certificate: 0x"); + expiredCertsError.append(certRecord + .getSerialNumber().toString(16)); + expiredCertsError + .append(".\n <BR> "); } } } if (i > 0 && i == l) { header.addStringValue("expiredCertsUnpublished", "Success"); if (i == 1) - header.addStringValue("expiredCertsError", i + - " expired certificate is unpublished in the directory."); + header.addStringValue( + "expiredCertsError", + i + + " expired certificate is unpublished in the directory."); else - header.addStringValue("expiredCertsError", i + - " expired certificates are unpublished in the directory."); + header.addStringValue( + "expiredCertsError", + i + + " expired certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("expiredCertsUnpublished", "No"); } else { - header.addStringValue("expiredCertsUnpublished", "Failure"); - header.addStringValue("expiredCertsError", - expiredCertsError.toString()); + header.addStringValue("expiredCertsUnpublished", + "Failure"); + header.addStringValue("expiredCertsError", + expiredCertsError.toString()); } } } else { header.addStringValue("expiredCertsUnpublished", "Failure"); - header.addStringValue("expiredCertsError", "Certificate repository is unavailable."); + header.addStringValue("expiredCertsError", + "Certificate repository is unavailable."); } } // all or revoked - if ((updateValue[UPDATE_ALL] != null && - updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) || - (updateValue[UPDATE_REVOKED] != null && - updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) { + if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL] + .equalsIgnoreCase("yes")) + || (updateValue[UPDATE_REVOKED] != null && updateValue[UPDATE_REVOKED] + .equalsIgnoreCase("yes"))) { if (certificateRepository != null) { if (updateValue[REVOKED_FROM].startsWith("0x")) { updateValue[REVOKED_FROM] = hexToDecimal(updateValue[REVOKED_FROM]); @@ -645,27 +676,26 @@ public class UpdateDir extends CMSServlet { } Enumeration revokedCerts = null; - if (updateValue[CHECK_FLAG] != null && - updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { - revokedCerts = - certificateRepository.getRevokedPublishedCertificates( - updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + if (updateValue[CHECK_FLAG] != null + && updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) { + revokedCerts = certificateRepository + .getRevokedPublishedCertificates( + updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } else { - revokedCerts = - certificateRepository.getRevokedCertificates( - updateValue[REVOKED_FROM], - updateValue[REVOKED_TO]); + revokedCerts = certificateRepository + .getRevokedCertificates(updateValue[REVOKED_FROM], + updateValue[REVOKED_TO]); } int i = 0; int l = 0; String revokedCertsError = ""; - if (revokedCerts != null) { + if (revokedCerts != null) { while (revokedCerts.hasMoreElements()) { - ICertRecord certRecord = - (ICertRecord) revokedCerts.nextElement(); - //X509CertImpl cert = certRecord.getCertificate(); + ICertRecord certRecord = (ICertRecord) revokedCerts + .nextElement(); + // X509CertImpl cert = certRecord.getCertificate(); X509CertImpl cert = null; Object o = certRecord.getCertificate(); @@ -675,25 +705,27 @@ public class UpdateDir extends CMSServlet { MetaInfo metaInfo = null; String ridString = null; - metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO); + metaInfo = (MetaInfo) certRecord + .get(ICertRecord.ATTR_META_INFO); if (metaInfo == null) { // ca's self signed signing cert and // server cert has no related request and // have no metaInfo - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD", - cert.getSerialNumber().toString(16))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAIL_GET_ICERT_RECORD", cert + .getSerialNumber().toString(16))); } else { - ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); + ridString = (String) metaInfo + .get(ICertRecord.META_REQUEST_ID); } IRequest r = null; if (ridString != null) { RequestId rid = new RequestId(ridString); - + r = mCA.getRequestQueue().findRequest(rid); - } + } try { l++; @@ -704,37 +736,42 @@ public class UpdateDir extends CMSServlet { } i++; } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT", - certRecord.getSerialNumber().toString(16), - e.toString())); - revokedCertsError += - "Failed to unpublish certificate: 0x" + - certRecord.getSerialNumber().toString(16) + - ".\n <BR> "; + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "LDAP_ERROR_UNPUBLISH_CERT", certRecord + .getSerialNumber().toString(16), e + .toString())); + revokedCertsError += "Failed to unpublish certificate: 0x" + + certRecord.getSerialNumber().toString(16) + + ".\n <BR> "; } } } if (i > 0 && i == l) { header.addStringValue("revokedCertsUnpublished", "Success"); if (i == 1) - header.addStringValue("revokedCertsError", i + - " revoked certificate is unpublished in the directory."); + header.addStringValue( + "revokedCertsError", + i + + " revoked certificate is unpublished in the directory."); else - header.addStringValue("revokedCertsError", i + - " revoked certificates are unpublished in the directory."); + header.addStringValue( + "revokedCertsError", + i + + " revoked certificates are unpublished in the directory."); } else { if (l == 0) { header.addStringValue("revokedCertsUnpublished", "No"); } else { - header.addStringValue("revokedCertsUnpublished", "Failure"); - header.addStringValue("revokedCertsError", - revokedCertsError); + header.addStringValue("revokedCertsUnpublished", + "Failure"); + header.addStringValue("revokedCertsError", + revokedCertsError); } } } else { header.addStringValue("revokedCertsUnpublished", "Failure"); - header.addStringValue("revokedCertsError", "Certificate repository is unavailable."); + header.addStringValue("revokedCertsError", + "Certificate repository is unavailable."); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java index 79151072..fe2485a6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java @@ -123,298 +123,303 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.profile.SSLClientCertProvider; import com.netscape.cmsutil.scep.CRSPKIMessage; - /** - * This servlet deals with PKCS#10-based certificate requests from - * CRS, now called SCEP, and defined at: - * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt + * This servlet deals with PKCS#10-based certificate requests from CRS, now + * called SCEP, and defined at: + * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt * * The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe - * - * The HTTP parameters are 'operation' and 'message' - * operation can be either 'GetCACert' or 'PKIOperation' - * + * + * The HTTP parameters are 'operation' and 'message' operation can be either + * 'GetCACert' or 'PKIOperation' + * * @version $Revision$, $Date$ */ -public class CRSEnrollment extends HttpServlet -{ - /** +public class CRSEnrollment extends HttpServlet { + /** * */ private static final long serialVersionUID = 8483002540957382369L; -protected IProfileSubsystem mProfileSubsystem = null; - protected String mProfileId = null; - protected ICertAuthority mAuthority; - protected IConfigStore mConfig = null; - protected IAuthSubsystem mAuthSubsystem; - protected String mAppendDN=null; - protected String mEntryObjectclass=null; - protected boolean mCreateEntry=false; - protected boolean mFlattenDN=false; - - private String mAuthManagerName; - private String mSubstoreName; - private boolean mEnabled = false; - private boolean mUseCA = true; - private String mNickname = null; - private String mTokenName = ""; - private String mHashAlgorithm = "SHA1"; - private String mHashAlgorithmList = null; - private String[] mAllowedHashAlgorithm; - private String mConfiguredEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithm = "DES3"; - private String mEncryptionAlgorithmList = null; - private String[] mAllowedEncryptionAlgorithm; - private Random mRandom = null; - private int mNonceSizeLimit = 0; - protected ILogger mLogger = CMS.getLogger(); - private ICertificateAuthority ca; - /* for hashing challenge password */ - protected MessageDigest mSHADigest = null; - - private static final String PROP_SUBSTORENAME = "substorename"; - private static final String PROP_AUTHORITY = "authority"; - private static final String PROP_CRS = "crs"; - private static final String PROP_CRSCA = "casubsystem"; - private static final String PROP_CRSAUTHMGR = "authName"; - private static final String PROP_APPENDDN = "appendDN"; - private static final String PROP_CREATEENTRY= "createEntry"; - private static final String PROP_FLATTENDN = "flattenDN"; - private static final String PROP_ENTRYOC = "entryObjectclass"; - - // URL parameters - private static final String URL_OPERATION = "operation"; - private static final String URL_MESSAGE = "message"; - - // possible values for 'operation' - private static final String OP_GETCACERT = "GetCACert"; - private static final String OP_PKIOPERATION = "PKIOperation"; - - public static final String AUTH_PASSWORD = "pwd"; - - public static final String AUTH_CREDS = "AuthCreds"; - public static final String AUTH_TOKEN = "AuthToken"; - public static final String AUTH_FAILED = "AuthFailed"; - - public static final String SANE_DNSNAME = "DNSName"; - public static final String SANE_IPADDRESS = "IPAddress"; - - public static final String CERTINFO = "CertInfo"; - public static final String SUBJECTNAME = "SubjectName"; - - - public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; - public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; - public static ObjectIdentifier OID_SERIALNUMBER = null; - - public CRSEnrollment(){} - - public static Hashtable toHashtable(HttpServletRequest req) { - Hashtable httpReqHash = new Hashtable(); - Enumeration names = req.getParameterNames(); - while (names.hasMoreElements()) { - String name = (String)names.nextElement(); - httpReqHash.put(name, req.getParameter(name)); - } - return httpReqHash; - } - - public void init(ServletConfig sc) { - // Find the CertificateAuthority we should use for CRS. - String crsCA = sc.getInitParameter(PROP_AUTHORITY); - if (crsCA == null) - crsCA = "ca"; - mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); - ca = (ICertificateAuthority)mAuthority; - - if (mAuthority == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY",crsCA)); - } - - try { - if (mAuthority instanceof ISubsystem) { - IConfigStore authorityConfig = ((ISubsystem)mAuthority).getConfigStore(); - IConfigStore scepConfig = authorityConfig.getSubStore("scep"); - mEnabled = scepConfig.getBoolean("enable", false); - mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); - mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3"); - mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); - mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512"); - mAllowedHashAlgorithm = mHashAlgorithmList.split(","); - mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3"); - mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(","); - mNickname = scepConfig.getString("nickname", ca.getNickname()); - if (mNickname.equals(ca.getNickname())) { - mTokenName = ca.getSigningUnit().getTokenName(); - } else { - mTokenName = scepConfig.getString("tokenname", ""); - mUseCA = false; - } - if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - mTokenName.equalsIgnoreCase("Internal Key Storage Token") || - mTokenName.length() == 0)) { - int i = mNickname.indexOf(':'); - if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) { - mNickname = mTokenName + ":" + mNickname; - } - } - } - } catch (EBaseException e) { - CMS.debug("CRSEnrollment: init: EBaseException: "+e); - } - mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - CMS.debug("CRSEnrollment: init: SCEP support is "+((mEnabled)?"enabled":"disabled")+"."); - CMS.debug("CRSEnrollment: init: SCEP nickname: "+mNickname); - CMS.debug("CRSEnrollment: init: CA nickname: "+ca.getNickname()); - CMS.debug("CRSEnrollment: init: Token name: "+mTokenName); - CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: "+mUseCA); - CMS.debug("CRSEnrollment: init: mNonceSizeLimit: "+mNonceSizeLimit); - CMS.debug("CRSEnrollment: init: mHashAlgorithm: "+mHashAlgorithm); - CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "+mHashAlgorithmList); - for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { - mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); - CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm["+i+"]="+mAllowedHashAlgorithm[i]); - } - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "+mEncryptionAlgorithm); - CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "+mEncryptionAlgorithmList); - for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { - mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim(); - CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm["+i+"]="+mAllowedEncryptionAlgorithm[i]); - } - - try { - mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile"); - mProfileId = sc.getInitParameter("profileId"); - CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId); - - mAuthSubsystem = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); - mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); - mAppendDN = sc.getInitParameter(PROP_APPENDDN); - String tmp = sc.getInitParameter(PROP_CREATEENTRY); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mCreateEntry = true; - else - mCreateEntry = false; - tmp = sc.getInitParameter(PROP_FLATTENDN); - if (tmp != null && tmp.trim().equalsIgnoreCase("true")) - mFlattenDN = true; - else - mFlattenDN = false; - mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); - if (mEntryObjectclass == null) - mEntryObjectclass = "cep"; - mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); - if (mSubstoreName == null) - mSubstoreName = "default"; - } catch (Exception e) { - } - - OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME"); - OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS"); - OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); - - - try { - mSHADigest = MessageDigest.getInstance("SHA1"); + protected IProfileSubsystem mProfileSubsystem = null; + protected String mProfileId = null; + protected ICertAuthority mAuthority; + protected IConfigStore mConfig = null; + protected IAuthSubsystem mAuthSubsystem; + protected String mAppendDN = null; + protected String mEntryObjectclass = null; + protected boolean mCreateEntry = false; + protected boolean mFlattenDN = false; + + private String mAuthManagerName; + private String mSubstoreName; + private boolean mEnabled = false; + private boolean mUseCA = true; + private String mNickname = null; + private String mTokenName = ""; + private String mHashAlgorithm = "SHA1"; + private String mHashAlgorithmList = null; + private String[] mAllowedHashAlgorithm; + private String mConfiguredEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithm = "DES3"; + private String mEncryptionAlgorithmList = null; + private String[] mAllowedEncryptionAlgorithm; + private Random mRandom = null; + private int mNonceSizeLimit = 0; + protected ILogger mLogger = CMS.getLogger(); + private ICertificateAuthority ca; + /* for hashing challenge password */ + protected MessageDigest mSHADigest = null; + + private static final String PROP_SUBSTORENAME = "substorename"; + private static final String PROP_AUTHORITY = "authority"; + private static final String PROP_CRS = "crs"; + private static final String PROP_CRSCA = "casubsystem"; + private static final String PROP_CRSAUTHMGR = "authName"; + private static final String PROP_APPENDDN = "appendDN"; + private static final String PROP_CREATEENTRY = "createEntry"; + private static final String PROP_FLATTENDN = "flattenDN"; + private static final String PROP_ENTRYOC = "entryObjectclass"; + + // URL parameters + private static final String URL_OPERATION = "operation"; + private static final String URL_MESSAGE = "message"; + + // possible values for 'operation' + private static final String OP_GETCACERT = "GetCACert"; + private static final String OP_PKIOPERATION = "PKIOperation"; + + public static final String AUTH_PASSWORD = "pwd"; + + public static final String AUTH_CREDS = "AuthCreds"; + public static final String AUTH_TOKEN = "AuthToken"; + public static final String AUTH_FAILED = "AuthFailed"; + + public static final String SANE_DNSNAME = "DNSName"; + public static final String SANE_IPADDRESS = "IPAddress"; + + public static final String CERTINFO = "CertInfo"; + public static final String SUBJECTNAME = "SubjectName"; + + public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null; + public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null; + public static ObjectIdentifier OID_SERIALNUMBER = null; + + public CRSEnrollment() { } - catch (NoSuchAlgorithmException e) { - } - - mRandom = new Random(); - } - - - /** - * - * Service a CRS Request. It all starts here. This is where the message from the - * router is processed - * - * @param httpReq The HttpServletRequest. - * @param httpResp The HttpServletResponse. - * - */ - public void service(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException - { - boolean running_state = CMS.isInRunningState(); - if (!running_state) - throw new ServletException( - "CMS server is not ready to serve."); + + public static Hashtable toHashtable(HttpServletRequest req) { + Hashtable httpReqHash = new Hashtable(); + Enumeration names = req.getParameterNames(); + while (names.hasMoreElements()) { + String name = (String) names.nextElement(); + httpReqHash.put(name, req.getParameter(name)); + } + return httpReqHash; + } + + public void init(ServletConfig sc) { + // Find the CertificateAuthority we should use for CRS. + String crsCA = sc.getInitParameter(PROP_AUTHORITY); + if (crsCA == null) + crsCA = "ca"; + mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA); + ca = (ICertificateAuthority) mAuthority; + + if (mAuthority == null) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA)); + } + + try { + if (mAuthority instanceof ISubsystem) { + IConfigStore authorityConfig = ((ISubsystem) mAuthority) + .getConfigStore(); + IConfigStore scepConfig = authorityConfig.getSubStore("scep"); + mEnabled = scepConfig.getBoolean("enable", false); + mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1"); + mConfiguredEncryptionAlgorithm = scepConfig.getString( + "encryptionAlgorithm", "DES3"); + mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0); + mHashAlgorithmList = scepConfig.getString( + "allowedHashAlgorithms", "SHA1,SHA256,SHA512"); + mAllowedHashAlgorithm = mHashAlgorithmList.split(","); + mEncryptionAlgorithmList = scepConfig.getString( + "allowedEncryptionAlgorithms", "DES3"); + mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList + .split(","); + mNickname = scepConfig.getString("nickname", ca.getNickname()); + if (mNickname.equals(ca.getNickname())) { + mTokenName = ca.getSigningUnit().getTokenName(); + } else { + mTokenName = scepConfig.getString("tokenname", ""); + mUseCA = false; + } + if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) + || mTokenName + .equalsIgnoreCase("Internal Key Storage Token") || mTokenName + .length() == 0)) { + int i = mNickname.indexOf(':'); + if (!((i > -1) && (mTokenName.length() == i) && (mNickname + .startsWith(mTokenName)))) { + mNickname = mTokenName + ":" + mNickname; + } + } + } + } catch (EBaseException e) { + CMS.debug("CRSEnrollment: init: EBaseException: " + e); + } + mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; + CMS.debug("CRSEnrollment: init: SCEP support is " + + ((mEnabled) ? "enabled" : "disabled") + "."); + CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname); + CMS.debug("CRSEnrollment: init: CA nickname: " + ca.getNickname()); + CMS.debug("CRSEnrollment: init: Token name: " + mTokenName); + CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA); + CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit); + CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm); + CMS.debug("CRSEnrollment: init: mHashAlgorithmList: " + + mHashAlgorithmList); + for (int i = 0; i < mAllowedHashAlgorithm.length; i++) { + mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim(); + CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]=" + + mAllowedHashAlgorithm[i]); + } + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: " + + mEncryptionAlgorithm); + CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: " + + mEncryptionAlgorithmList); + for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) { + mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i] + .trim(); + CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i + + "]=" + mAllowedEncryptionAlgorithm[i]); + } + + try { + mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile"); + mProfileId = sc.getInitParameter("profileId"); + CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId); + + mAuthSubsystem = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); + mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR); + mAppendDN = sc.getInitParameter(PROP_APPENDDN); + String tmp = sc.getInitParameter(PROP_CREATEENTRY); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mCreateEntry = true; + else + mCreateEntry = false; + tmp = sc.getInitParameter(PROP_FLATTENDN); + if (tmp != null && tmp.trim().equalsIgnoreCase("true")) + mFlattenDN = true; + else + mFlattenDN = false; + mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC); + if (mEntryObjectclass == null) + mEntryObjectclass = "cep"; + mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME); + if (mSubstoreName == null) + mSubstoreName = "default"; + } catch (Exception e) { + } + + OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid( + "UNSTRUCTUREDNAME"); + OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid( + "UNSTRUCTUREDADDRESS"); + OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER"); + + try { + mSHADigest = MessageDigest.getInstance("SHA1"); + } catch (NoSuchAlgorithmException e) { + } + + mRandom = new Random(); + } + + /** + * + * Service a CRS Request. It all starts here. This is where the message from + * the router is processed + * + * @param httpReq The HttpServletRequest. + * @param httpResp The HttpServletResponse. + * + */ + public void service(HttpServletRequest httpReq, HttpServletResponse httpResp) + throws ServletException { + boolean running_state = CMS.isInRunningState(); + if (!running_state) + throw new ServletException("CMS server is not ready to serve."); String operation = null; - String message = null; + String message = null; mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm; - - + // Parse the URL from the HTTP Request. Split it up into // a structure which enables us to read the form elements IArgBlock input = CMS.createArgBlock(toHashtable(httpReq)); - - try { + + try { // Read in two form parameters - the router sets these - operation = (String)input.get(URL_OPERATION); + operation = (String) input.get(URL_OPERATION); CMS.debug("operation=" + operation); - message = (String)input.get(URL_MESSAGE); + message = (String) input.get(URL_MESSAGE); CMS.debug("message=" + message); - + if (!mEnabled) { CMS.debug("CRSEnrollment: SCEP support is disabled."); throw new ServletException("SCEP support is disabled."); } if (operation == null) { // 'operation' is mandatory. - throw new ServletException("Bad request: operation missing from URL"); + throw new ServletException( + "Bad request: operation missing from URL"); } - - /** - * the router can make two kinds of requests - * 1) simple request for CA cert - * 2) encoded, signed, enveloped request for anything else (PKIOperation) + + /** + * the router can make two kinds of requests 1) simple request for + * CA cert 2) encoded, signed, enveloped request for anything else + * (PKIOperation) */ - + if (operation.equals(OP_GETCACERT)) { - handleGetCACert(httpReq, httpResp); - } - else if (operation.equals(OP_PKIOPERATION)) { - String decodeMode = (String)input.get("decode"); + handleGetCACert(httpReq, httpResp); + } else if (operation.equals(OP_PKIOPERATION)) { + String decodeMode = (String) input.get("decode"); if (decodeMode == null || decodeMode.equals("false")) { - handlePKIOperation(httpReq, httpResp, message); + handlePKIOperation(httpReq, httpResp, message); } else { - decodePKIMessage(httpReq, httpResp, message); + decodePKIMessage(httpReq, httpResp, message); } - } - else { + } else { CMS.debug("Invalid operation " + operation); - throw new ServletException("unknown operation requested: "+operation); + throw new ServletException("unknown operation requested: " + + operation); } - - } - catch (ServletException e) - { + + } catch (ServletException e) { CMS.debug("ServletException " + e); throw new ServletException(e.getMessage().toString()); + } catch (Exception e) { + CMS.debug("Service exception " + e); + log(ILogger.LL_FAILURE, e.getMessage()); } - catch (Exception e) - { - CMS.debug("Service exception " + e); - log(ILogger.LL_FAILURE,e.getMessage()); - } - + } /** - * Log a message to the system log + * Log a message to the system log */ - private void log(int level, String msg) { - - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, - level, "CEP Enrollment: "+msg); + + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, + "CEP Enrollment: " + msg); } - private boolean isAlgorithmAllowed (String[] allowedAlgorithm, String algorithm) { + private boolean isAlgorithmAllowed(String[] allowedAlgorithm, + String algorithm) { boolean allowed = false; if (algorithm != null && algorithm.length() > 0) { @@ -428,8 +433,9 @@ protected IProfileSubsystem mProfileSubsystem = null; return allowed; } - public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + public IAuthToken authenticate(AuthCredentials credentials, + IProfileAuthenticator authenticator, HttpServletRequest request) + throws EBaseException { // build credential Enumeration authNames = authenticator.getValueNames(); @@ -445,313 +451,319 @@ protected IProfileSubsystem mProfileSubsystem = null; credentials.set("clientHost", request.getRemoteHost()); IAuthToken authToken = authenticator.authenticate(credentials); if (authToken == null) { - return null; + return null; } SessionContext sc = SessionContext.getContext(); if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - /** - * Return the CA certificate back to the requestor. - * This needs to be changed so that if the CA has a certificate chain, - * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no - * signerInfo) - */ - - public void handleGetCACert(HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws ServletException { - java.security.cert.X509Certificate[] chain = null; - - CertificateChain certChain = mAuthority.getCACertChain(); - - try { - if (certChain == null) { - throw new ServletException("Internal Error: cannot get CA Cert"); - } - - chain = certChain.getChain(); - - byte[] bytes = null; - - int i = 0; - String message = (String)httpReq.getParameter(URL_MESSAGE); - CMS.debug("handleGetCACert message=" + message); - if (message != null) { + /** + * Return the CA certificate back to the requestor. This needs to be changed + * so that if the CA has a certificate chain, the whole thing should get + * packaged as a PKIMessage (degnerate PKCS7 - no signerInfo) + */ + + public void handleGetCACert(HttpServletRequest httpReq, + HttpServletResponse httpResp) throws ServletException { + java.security.cert.X509Certificate[] chain = null; + + CertificateChain certChain = mAuthority.getCACertChain(); + + try { + if (certChain == null) { + throw new ServletException("Internal Error: cannot get CA Cert"); + } + + chain = certChain.getChain(); + + byte[] bytes = null; + + int i = 0; + String message = (String) httpReq.getParameter(URL_MESSAGE); + CMS.debug("handleGetCACert message=" + message); + if (message != null) { + try { + int j = Integer.parseInt(message); + if (j < chain.length) { + i = j; + } + } catch (NumberFormatException e1) { + } + } + CMS.debug("handleGetCACert selected chain=" + i); + + if (mUseCA) { + bytes = chain[i].getEncoded(); + } else { + CryptoContext cx = new CryptoContext(); + bytes = cx.getSigningCert().getEncoded(); + } + + httpResp.setContentType("application/x-x509-ca-cert"); + + // The following code may be used one day to encode + // the RA/CA cert chain for RA mode, but it will need some + // work. + + /****** + * SET certs = new SET(); for (int i=0; i<chain.length; i++) { ANY + * cert = new ANY(chain[i].getEncoded()); certs.addElement(cert); } + * + * SignedData crsd = new SignedData( new SET(), // empty set of + * digestAlgorithmID's new ContentInfo( new OBJECT_IDENTIFIER(new + * long[] {1,2,840,113549,1,7,1}), null), //empty content certs, + * null, // no CRL's new SET() // empty SignerInfos ); + * + * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, + * crsd); + * + * ByteArrayOutputStream baos = new ByteArrayOutputStream(); + * wrap.encode(baos); + * + * bytes = baos.toByteArray(); + * + * httpResp.setContentType("application/x-x509-ca-ra-cert"); + *****/ + + httpResp.setContentLength(bytes.length); + httpResp.getOutputStream().write(bytes); + httpResp.getOutputStream().flush(); + + CMS.debug("Output certificate chain:"); + CMS.debug(bytes); + } catch (Exception e) { + CMS.debug("handleGetCACert exception " + e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT", + e.getMessage())); + throw new ServletException( + "Failed sending DER encoded version of CA cert to client"); + } + + } + + public String getPasswordFromP10(PKCS10 p10) { + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration e = p10atts.getElements(); + + try { + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + return (String) attr.get(ChallengePassword.PASSWORD); + } + } + } + } catch (Exception e1) { + // do nothing + } + return null; + } + + /** + * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a + * PKIMessage structure. We decode it to see what type message it is. + */ + + /** + * Decodes the PKI message and return information to RA. + */ + public void decodePKIMessage(HttpServletRequest httpReq, + HttpServletResponse httpResp, String msg) throws ServletException { + + CryptoContext cx = null; + + CRSPKIMessage req = null; + + byte[] decodedPKIMessage; + byte[] response = null; + String responseData = ""; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream( + decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we + // initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException( + "CRS request is too small to be a real request (" + + decodedPKIMessage.length + " bytes)"); + } + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '" + + ea + + "' is not allowed (" + + mEncryptionAlgorithmList + ")."); + throw new ServletException("Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + + ")."); + } + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '" + + da + + "' is not allowed (" + + mHashAlgorithmList + + ")."); + throw new ServletException("Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + } + if (ea != null) { + mEncryptionAlgorithm = ea; + } + } catch (Exception e) { + CMS.debug(e); + throw new ServletException("Could not decode the request."); + } + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req, cx); + unwrapPKCS10(req, cx); + + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("Profile '" + mProfileId + "' not found."); + throw new ServletException("Profile '" + mProfileId + + "' not found."); + } else { + CMS.debug("Found profile '" + mProfileId + "'."); + } + + IProfileAuthenticator authenticator = null; try { - int j = Integer.parseInt(message); - if (j < chain.length) { - i = j; - } - } catch (NumberFormatException e1) { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("Authenticator not found."); + throw new ServletException("Authenticator not found."); + } else { + CMS.debug("Got authenticator=" + + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + throw new ServletException("Authenticator not found."); } - } - CMS.debug("handleGetCACert selected chain=" + i); - - if (mUseCA) { - bytes = chain[i].getEncoded(); - } else { - CryptoContext cx = new CryptoContext(); - bytes = cx.getSigningCert().getEncoded(); - } - - httpResp.setContentType("application/x-x509-ca-cert"); - - -// The following code may be used one day to encode -// the RA/CA cert chain for RA mode, but it will need some -// work. - - /****** - SET certs = new SET(); - for (int i=0; i<chain.length; i++) { - ANY cert = new ANY(chain[i].getEncoded()); - certs.addElement(cert); - } - - SignedData crsd = new SignedData( - new SET(), // empty set of digestAlgorithmID's - new ContentInfo( - new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}), - null), //empty content - certs, - null, // no CRL's - new SET() // empty SignerInfos - ); - - ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd); - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - wrap.encode(baos); - - bytes = baos.toByteArray(); - - httpResp.setContentType("application/x-x509-ca-ra-cert"); - *****/ - - httpResp.setContentLength(bytes.length); - httpResp.getOutputStream().write(bytes); - httpResp.getOutputStream().flush(); - - CMS.debug("Output certificate chain:"); - CMS.debug(bytes); - } - catch (Exception e) { - CMS.debug("handleGetCACert exception " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",e.getMessage())); - throw new ServletException("Failed sending DER encoded version of CA cert to client"); - } - - } - - public String getPasswordFromP10(PKCS10 p10) - { - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration e = p10atts.getElements(); - - try { - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - return (String)attr.get(ChallengePassword.PASSWORD); - } - } - } - } catch(Exception e1) { - // do nothing - } - return null; - } - - /** - * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a - * PKIMessage structure. We decode it to see what type message it is. - */ - - /** - * Decodes the PKI message and return information to RA. - */ - public void decodePKIMessage(HttpServletRequest httpReq, - HttpServletResponse httpResp, - String msg) - throws ServletException { - - CryptoContext cx=null; - - CRSPKIMessage req=null; - - byte[] decodedPKIMessage; - byte[] response=null; - String responseData = ""; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException("CRS request is too small to be a real request ("+ - decodedPKIMessage.length+" bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); - throw new ServletException("Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); + AuthCredentials credentials = new AuthCredentials(); + IAuthToken authToken = null; + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("sslClientCertProvider", new SSLClientCertProvider( + httpReq)); + + try { + authToken = authenticate(credentials, authenticator, httpReq); + } catch (Exception e) { + CMS.debug("Authentication failure: " + e.getMessage()); + throw new ServletException("Authentication failure: " + + e.getMessage()); } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); - throw new ServletException("Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); + if (authToken == null) { + CMS.debug("Authentication failure."); + throw new ServletException("Authentication failure."); } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - } - catch (Exception e) { - CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req,cx); - unwrapPKCS10(req,cx); - - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("Profile '" + mProfileId + "' not found."); - throw new ServletException("Profile '" + mProfileId + "' not found."); - } else { - CMS.debug("Found profile '" + mProfileId + "'."); - } - - IProfileAuthenticator authenticator = null; - try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); - if (authenticator == null) { - CMS.debug("Authenticator not found."); - throw new ServletException("Authenticator not found."); - } else { - CMS.debug("Got authenticator=" + authenticator.getClass().getName()); - } - } catch (EProfileException e) { - throw new ServletException("Authenticator not found."); - } - AuthCredentials credentials = new AuthCredentials(); - IAuthToken authToken = null; - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - // insert profile context so that input parameter can be retrieved - context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq)); - - try { - authToken = authenticate(credentials, authenticator, httpReq); - } catch (Exception e) { - CMS.debug("Authentication failure: "+ e.getMessage()); - throw new ServletException("Authentication failure: "+ e.getMessage()); - } - if (authToken == null) { - CMS.debug("Authentication failure."); - throw new ServletException("Authentication failure."); - } - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - responseData = responseData + - "<TransactionID>" + transactionID + "</TransactionID>"; - - // End-User or RA's IP address - responseData = responseData + - "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>"; - - responseData = responseData + - "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>"; - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - - // Deal with message type - String mt = req.getMessageType(); - responseData = responseData + - "<MessageType>" + mt + "</MessageType>"; - - PKCS10 p10 = (PKCS10)req.getP10(); - X500Name p10subject = p10.getSubjectName(); - responseData = responseData + - "<SubjectName>" + p10subject.toString() + "</SubjectName>"; - - String pkcs10Attr = ""; - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - pkcs10Attr = pkcs10Attr + - "<ChallengePassword><Password>" + (String)attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>"; - } - - } - String extensionsStr = ""; - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration exts = ((ExtensionsRequested)attr).getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = (Extension) exts.nextElement(); - - if (ext.getExtensionId().equals( - OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { - DerOutputStream dos = new DerOutputStream(); - SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( - Boolean.valueOf(false), // noncritical - ext.getExtensionValue()); - - - Vector v = - (Vector) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); - - Enumeration gne = v.elements(); - StringBuffer subjAltNameStr = new StringBuffer(); - while (gne.hasMoreElements()) { - GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + responseData = responseData + "<TransactionID>" + transactionID + + "</TransactionID>"; + + // End-User or RA's IP address + responseData = responseData + "<RemoteAddr>" + + httpReq.getRemoteAddr() + "</RemoteAddr>"; + + responseData = responseData + "<RemoteHost>" + + httpReq.getRemoteHost() + "</RemoteHost>"; + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + + // Deal with message type + String mt = req.getMessageType(); + responseData = responseData + "<MessageType>" + mt + + "</MessageType>"; + + PKCS10 p10 = (PKCS10) req.getP10(); + X500Name p10subject = p10.getSubjectName(); + responseData = responseData + "<SubjectName>" + + p10subject.toString() + "</SubjectName>"; + + String pkcs10Attr = ""; + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0,colon).trim(); - String gnValue = gn.substring(colon+1).trim(); + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + pkcs10Attr = pkcs10Attr + + "<ChallengePassword><Password>" + + (String) attr.get(ChallengePassword.PASSWORD) + + "</Password></ChallengePassword>"; + } + + } + String extensionsStr = ""; + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration exts = ((ExtensionsRequested) attr) + .getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = (Extension) exts.nextElement(); + + if (ext.getExtensionId() + .equals(OIDMap + .getOID(SubjectAlternativeNameExtension.IDENT))) { + DerOutputStream dos = new DerOutputStream(); + SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension( + Boolean.valueOf(false), // noncritical + ext.getExtensionValue()); + + Vector v = (Vector) sane + .get(SubjectAlternativeNameExtension.SUBJECT_NAME); + + Enumeration gne = v.elements(); + + StringBuffer subjAltNameStr = new StringBuffer(); + while (gne.hasMoreElements()) { + GeneralNameInterface gni = (GeneralNameInterface) gne + .nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; + + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0, colon) + .trim(); + String gnValue = gn.substring(colon + 1) + .trim(); subjAltNameStr.append("<"); subjAltNameStr.append(gnType); @@ -760,1465 +772,1460 @@ protected IProfileSubsystem mProfileSubsystem = null; subjAltNameStr.append("</"); subjAltNameStr.append(gnType); subjAltNameStr.append(">"); - } - } // while - extensionsStr = "<SubjAltName>" + - subjAltNameStr.toString() + "</SubjAltName>"; - } // if - } // while - pkcs10Attr = pkcs10Attr + - "<Extensions>" + extensionsStr + "</Extensions>"; - } // if extensions - } // while - responseData = responseData + - "<PKCS10>" + pkcs10Attr + "</PKCS10>"; - - } catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - } catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); - } - - // We have now processed the request, and need to make the response message - - try { - - responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; - // Get the response coding - response = responseData.getBytes(); - - // Encode the httpResp into B64 - httpResp.setContentType("application/xml"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - int i1 = responseData.indexOf("<Password>"); - if (i1 > -1) { - i1 += 10; // 10 is a length of "<Password>" - int i2 = responseData.indexOf("</Password>", i1); - if (i2 > -1) { - responseData = responseData.substring(0, i1) + "********" + - responseData.substring(i2, responseData.length()); - } - } - - CMS.debug("Output (decoding) PKIOperation response:"); - CMS.debug(responseData); - } - catch (Exception e) { - throw new ServletException("Failed to create response for CEP message"+e.getMessage()); - } - - } - - - /** - * finds a request with this transaction ID. - * If could not find any request - return null - * If could only find 'rejected' or 'cancelled' requests, return null - * If found 'pending' or 'completed' request - return that request - */ - - - public void handlePKIOperation(HttpServletRequest httpReq, - HttpServletResponse httpResp, - String msg) - throws ServletException { - - - CryptoContext cx=null; - - CRSPKIMessage req=null; - CRSPKIMessage crsResp=null; - - byte[] decodedPKIMessage; - byte[] response=null; - X509CertImpl cert = null; - - decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); - - try { - ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage); - - // We make two CRSPKIMessages. One of them, is the request, so we initialize - // it from the DER given to us from the router. - // The second is the response, and we'll fill this in as we go. - - if (decodedPKIMessage.length < 50) { - throw new ServletException("CRS request is too small to be a real request ("+ - decodedPKIMessage.length+" bytes)"); - } - try { - req = new CRSPKIMessage(is); - String ea = req.getEncryptionAlgorithm(); - if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); - throw new ServletException("Encryption algorithm '"+ea+ - "' is not allowed ("+mEncryptionAlgorithmList+")."); + } + } // while + extensionsStr = "<SubjAltName>" + + subjAltNameStr.toString() + + "</SubjAltName>"; + } // if + } // while + pkcs10Attr = pkcs10Attr + "<Extensions>" + extensionsStr + + "</Extensions>"; + } // if extensions + } // while + responseData = responseData + "<PKCS10>" + pkcs10Attr + "</PKCS10>"; + + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + } catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + throw new ServletException( + "Failed to process message in CEP servlet: " + + e.getMessage()); + } + + // We have now processed the request, and need to make the response + // message + + try { + + responseData = "<XMLResponse>" + responseData + "</XMLResponse>"; + // Get the response coding + response = responseData.getBytes(); + + // Encode the httpResp into B64 + httpResp.setContentType("application/xml"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + int i1 = responseData.indexOf("<Password>"); + if (i1 > -1) { + i1 += 10; // 10 is a length of "<Password>" + int i2 = responseData.indexOf("</Password>", i1); + if (i2 > -1) { + responseData = responseData.substring(0, i1) + "********" + + responseData.substring(i2, responseData.length()); + } + } + + CMS.debug("Output (decoding) PKIOperation response:"); + CMS.debug(responseData); + } catch (Exception e) { + throw new ServletException( + "Failed to create response for CEP message" + + e.getMessage()); + } + + } + + /** + * finds a request with this transaction ID. If could not find any request - + * return null If could only find 'rejected' or 'cancelled' requests, return + * null If found 'pending' or 'completed' request - return that request + */ + + public void handlePKIOperation(HttpServletRequest httpReq, + HttpServletResponse httpResp, String msg) throws ServletException { + + CryptoContext cx = null; + + CRSPKIMessage req = null; + CRSPKIMessage crsResp = null; + + byte[] decodedPKIMessage; + byte[] response = null; + X509CertImpl cert = null; + + decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg); + + try { + ByteArrayInputStream is = new ByteArrayInputStream( + decodedPKIMessage); + + // We make two CRSPKIMessages. One of them, is the request, so we + // initialize + // it from the DER given to us from the router. + // The second is the response, and we'll fill this in as we go. + + if (decodedPKIMessage.length < 50) { + throw new ServletException( + "CRS request is too small to be a real request (" + + decodedPKIMessage.length + " bytes)"); + } + try { + req = new CRSPKIMessage(is); + String ea = req.getEncryptionAlgorithm(); + if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '" + + ea + + "' is not allowed (" + + mEncryptionAlgorithmList + ")."); + throw new ServletException("Encryption algorithm '" + ea + + "' is not allowed (" + mEncryptionAlgorithmList + + ")."); + } + String da = req.getDigestAlgorithmName(); + if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) { + CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '" + + da + + "' is not allowed (" + + mHashAlgorithmList + + ")."); + throw new ServletException("Hashing algorithm '" + da + + "' is not allowed (" + mHashAlgorithmList + ")."); + } + if (ea != null) { + mEncryptionAlgorithm = ea; + } + crsResp = new CRSPKIMessage(); + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (Exception e) { + CMS.debug(e); + throw new ServletException("Could not decode the request."); + } + crsResp.setMessageType(CRSPKIMessage.mType_CertRep); + + // Create a new crypto context for doing all the crypto operations + cx = new CryptoContext(); + + // Verify Signature on message (throws exception if sig bad) + verifyRequest(req, cx); + + // Deal with Transaction ID + String transactionID = req.getTransactionID(); + if (transactionID == null) { + throw new ServletException( + "Error: malformed PKIMessage - missing transactionID"); + } else { + crsResp.setTransactionID(transactionID); + } + + // Deal with Nonces + byte[] sn = req.getSenderNonce(); + if (sn == null) { + throw new ServletException( + "Error: malformed PKIMessage - missing sendernonce"); + } else { + if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { + byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit] + : null; + System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); + crsResp.setRecipientNonce(snLimited); + } else { + crsResp.setRecipientNonce(sn); + } + byte[] serverNonce = new byte[16]; + mRandom.nextBytes(serverNonce); + crsResp.setSenderNonce(serverNonce); + // crsResp.setSenderNonce(new byte[] {0}); + } + + // Deal with message type + String mt = req.getMessageType(); + if (mt == null) { + throw new ServletException( + "Error: malformed PKIMessage - missing messageType"); } - String da = req.getDigestAlgorithmName(); - if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) { - CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); - throw new ServletException("Hashing algorithm '"+da+ - "' is not allowed ("+mHashAlgorithmList+")."); + + // now run appropriate code, depending on message type + if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { + CMS.debug("Processing PKCSReq"); + try { + // Check if there is an existing request. If this returns + // non-null, + // then the request is 'active' (either pending or + // completed) in + // which case, we compare the hash of the new request to the + // hash of the + // one in the queue - if they are the same, I return the + // state of the + // original request - as if it was 'getCertInitial' message. + // If the hashes are different, then the user attempted to + // enroll + // for a new request with the same txid, which is not + // allowed - + // so we return 'failure'. + + IRequest cmsRequest = findRequestByTransactionID( + req.getTransactionID(), true); + + // If there was no request (with a cert) with this + // transaction ID, + // process it as a new request + + cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx); + + } catch (CRSFailureException e) { + throw new ServletException( + "Couldn't handle CEP request (PKCSReq) - " + + e.getMessage()); + } + } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { + CMS.debug("Processing GetCertInitial"); + cert = handleGetCertInitial(req, crsResp); + } else { + CMS.debug("Invalid request type " + mt); } - if (ea != null) { - mEncryptionAlgorithm = ea; - } - crsResp = new CRSPKIMessage(); - } - catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } - catch (Exception e) { + } catch (ServletException e) { + throw new ServletException(e.getMessage().toString()); + } catch (CRSInvalidSignatureException e) { + CMS.debug("handlePKIMessage exception " + e); CMS.debug(e); - throw new ServletException("Could not decode the request."); - } - crsResp.setMessageType(CRSPKIMessage.mType_CertRep); - - // Create a new crypto context for doing all the crypto operations - cx = new CryptoContext(); - - // Verify Signature on message (throws exception if sig bad) - verifyRequest(req,cx); - - // Deal with Transaction ID - String transactionID = req.getTransactionID(); - if (transactionID == null) { - throw new ServletException("Error: malformed PKIMessage - missing transactionID"); - } - else { - crsResp.setTransactionID(transactionID); - } - - // Deal with Nonces - byte[] sn = req.getSenderNonce(); - if (sn == null) { - throw new ServletException("Error: malformed PKIMessage - missing sendernonce"); - } - else { - if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) { - byte[] snLimited = (mNonceSizeLimit > 0)? new byte[mNonceSizeLimit]: null; - System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit); - crsResp.setRecipientNonce(snLimited); - } else { - crsResp.setRecipientNonce(sn); - } - byte[] serverNonce = new byte[16]; - mRandom.nextBytes(serverNonce); - crsResp.setSenderNonce(serverNonce); - // crsResp.setSenderNonce(new byte[] {0}); - } - - // Deal with message type - String mt = req.getMessageType(); - if (mt == null) { - throw new ServletException("Error: malformed PKIMessage - missing messageType"); - } - - // now run appropriate code, depending on message type - if (mt.equals(CRSPKIMessage.mType_PKCSReq)) { - CMS.debug("Processing PKCSReq"); - try { - // Check if there is an existing request. If this returns non-null, - // then the request is 'active' (either pending or completed) in - // which case, we compare the hash of the new request to the hash of the - // one in the queue - if they are the same, I return the state of the - // original request - as if it was 'getCertInitial' message. - // If the hashes are different, then the user attempted to enroll - // for a new request with the same txid, which is not allowed - - // so we return 'failure'. - - IRequest cmsRequest= findRequestByTransactionID(req.getTransactionID(),true); - - // If there was no request (with a cert) with this transaction ID, - // process it as a new request - - cert = handlePKCSReq(httpReq, cmsRequest,req,crsResp,cx); - - } - catch (CRSFailureException e) { - throw new ServletException("Couldn't handle CEP request (PKCSReq) - "+e.getMessage()); - } - } - else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) { - CMS.debug("Processing GetCertInitial"); - cert = handleGetCertInitial(req,crsResp); - } else { - CMS.debug("Invalid request type " + mt); - } - } - catch (ServletException e) { - throw new ServletException(e.getMessage().toString()); - } - catch (CRSInvalidSignatureException e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - } - catch (Exception e) { - CMS.debug("handlePKIMessage exception " + e); - CMS.debug(e); - throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage()); - } - - // We have now processed the request, and need to make the response message - - try { - // make the response - processCertRep(cx, cert,crsResp, req); - - // Get the response coding - response = crsResp.getResponse(); - - // Encode the crsResp into B64 - httpResp.setContentType("application/x-pki-message"); - httpResp.setContentLength(response.length); - httpResp.getOutputStream().write(response); - httpResp.getOutputStream().flush(); - - CMS.debug("Output PKIOperation response:"); - CMS.debug(CMS.BtoA(response)); - } - catch (Exception e) { - throw new ServletException("Failed to create response for CEP message"+e.getMessage()); - } - - } - - - /** - * finds a request with this transaction ID. - * If could not find any request - return null - * If could only find 'rejected' or 'cancelled' requests, return null - * If found 'pending' or 'completed' request - return that request - */ - - public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected) - throws EBaseException { - - /* Check if certificate request has been completed */ - - IRequestQueue rq = ca.getRequestQueue(); - IRequest foundRequest = null; - - Enumeration rids = rq.findRequestsBySourceId(txid); - if (rids == null) { return null; } - - int count=0; - while (rids.hasMoreElements()) { - RequestId rid = (RequestId) rids.nextElement(); - if (rid == null) { - continue; - } - - IRequest request = rq.findRequest(rid); - if (request == null) { - continue; - } - if ( !ignoreRejected || - request.getRequestStatus().equals(RequestStatus.PENDING) || - request.getRequestStatus().equals(RequestStatus.COMPLETE)) { - if (foundRequest != null) { - } - foundRequest = request; - } - } - return foundRequest; - } - - /** - * Called if the router is requesting us to send it its certificate - * Examine request queue for a request matching the transaction ID. - * Ignore any rejected or cancelled requests. - * - * If a request is found in the pending state, the response should be - * 'pending' - * - * If a request is found in the completed state, the response should be - * to return the certificate - * - * If no request is found, the response should be to return null - * - */ - - public X509CertImpl handleGetCertInitial(CRSPKIMessage req,CRSPKIMessage resp) - { - IRequest foundRequest=null; - - // already done by handlePKIOperation - // resp.setRecipientNonce(req.getSenderNonce()); - // resp.setSenderNonce(null); - - try { - foundRequest = findRequestByTransactionID(req.getTransactionID(),false); - } catch (EBaseException e) { - } - - if (foundRequest == null) { - resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); - resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - - return makeResponseFromRequest(req,resp,foundRequest); - } - - - public void verifyRequest(CRSPKIMessage req, CryptoContext cx) - throws CRSInvalidSignatureException { - - // Get Signed Data - - byte[] reqAAbytes = req.getAA(); - byte[] reqAAsig = req.getAADigest(); - - } - - - /** - * Create an entry for this user in the publishing directory - * - */ - - private boolean createEntry(String dn) - { - boolean result = false; - - IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); - if (ldapPub == null || !ldapPub.enabled()) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); - - return result; - } - - ILdapConnFactory connFactory = ((IPublisherProcessor)ldapPub).getLdapConnModule().getLdapConnFactory(); - if (connFactory == null) { - return result; - } - - LDAPConnection connection=null; - try { - connection = connFactory.getConn(); - String[] objectclasses = { "top", mEntryObjectclass }; - LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",objectclasses); - - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - attrSet.add(ocAttrs); - - LDAPEntry newEntry = new LDAPEntry(dn, attrSet); - connection.add(newEntry); - result=true; - } - catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS",dn)); - } - finally { - try { - connFactory.returnConn(connection); - } - catch (Exception f) {} - } - return result; + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + } catch (Exception e) { + CMS.debug("handlePKIMessage exception " + e); + CMS.debug(e); + throw new ServletException( + "Failed to process message in CEP servlet: " + + e.getMessage()); + } + + // We have now processed the request, and need to make the response + // message + + try { + // make the response + processCertRep(cx, cert, crsResp, req); + + // Get the response coding + response = crsResp.getResponse(); + + // Encode the crsResp into B64 + httpResp.setContentType("application/x-pki-message"); + httpResp.setContentLength(response.length); + httpResp.getOutputStream().write(response); + httpResp.getOutputStream().flush(); + + CMS.debug("Output PKIOperation response:"); + CMS.debug(CMS.BtoA(response)); + } catch (Exception e) { + throw new ServletException( + "Failed to create response for CEP message" + + e.getMessage()); + } + } + /** + * finds a request with this transaction ID. If could not find any request - + * return null If could only find 'rejected' or 'cancelled' requests, return + * null If found 'pending' or 'completed' request - return that request + */ + + public IRequest findRequestByTransactionID(String txid, + boolean ignoreRejected) throws EBaseException { + /* Check if certificate request has been completed */ - /** - * Here we decrypt the PKCS10 message from the client - * - */ - - public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) - throws ServletException, - CryptoManager.NotInitializedException, - CryptoContext.CryptoContextException, - CRSFailureException { - - byte[] decryptedP10bytes = null; - SymmetricKey sk; - SymmetricKey skinternal; - SymmetricKey.Type skt; - KeyWrapper kw; - Cipher cip; - EncryptionAlgorithm ea; - boolean errorInRequest = false; - - // Unwrap the session key with the Cert server key - try { - kw = cx.getKeyWrapper(); - - kw.initUnwrap(cx.getPrivateKey(),null); - - skt = SymmetricKey.Type.DES; - ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - skt = SymmetricKey.Type.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - sk = kw.unwrapSymmetric(req.getWrappedKey(), - skt, - SymmetricKey.Usage.DECRYPT, - 0); // keylength is ignored - - skinternal = cx.getDESKeyGenerator().clone(sk); - - cip = skinternal.getOwningToken().getCipherContext(ea); - - cip.initDecrypt(skinternal,(new IVParameterSpec(req.getIV()))); - - decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); - CMS.debug("decryptedP10bytes:"); - CMS.debug(decryptedP10bytes); - - req.setP10(new PKCS10(decryptedP10bytes)); - } catch (Exception e) { - CMS.debug("failed to unwrap PKCS10 " + e); - throw new CRSFailureException("Could not unwrap PKCS10 blob: "+e.getMessage()); - } - - } - - - -private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) - throws CRSFailureException { - - IRequest issueReq = null; - X509CertImpl issuedCert=null; - Vector extensionsRequested = null; - SubjectAlternativeNameExtension sane = null; - CertAttrSet requested_ext = null; - - try { - PKCS10 p10 = (PKCS10)req.getP10(); - - if (p10 == null) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - throw new CRSFailureException("Failed to decode pkcs10 from CEP request"); - } - - AuthCredentials authCreds = new AuthCredentials(); - - String challengePassword = null; - // Here, we make a new CertInfo - it's a new start for a certificate - - X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); - - // get some stuff out of the request - X509Key key = p10.getSubjectPublicKeyInfo(); - X500Name p10subject = p10.getSubjectName(); - - X500Name subject=null; - - // The following code will copy all the attributes - // into the AuthCredentials so they can be used for - // authentication - // - // Optionally, you can re-map the subject name from: - // one RDN, with many AVA's to - // many RDN's with one AVA in each. - - Enumeration rdne = p10subject.getRDNs(); - Vector rdnv = new Vector(); - - Hashtable sanehash = new Hashtable(); - - X500NameAttrMap xnap = X500NameAttrMap.getDefault(); - while (rdne.hasMoreElements()) { - RDN rdn = (RDN) rdne.nextElement(); - int i=0; - AVA[] oldavas = rdn.getAssertion(); - for (i=0; i<rdn.getAssertionLength(); i++) { - AVA[] newavas = new AVA[1]; - newavas[0] = oldavas[i]; - - authCreds.set(xnap.getName(oldavas[i].getOid()), - oldavas[i].getValue().getAsString()); - - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { - - sanehash.put(SANE_DNSNAME,oldavas[i].getValue().getAsString()); - } - if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { - sanehash.put(SANE_IPADDRESS,oldavas[i].getValue().getAsString()); - } - - RDN newrdn = new RDN(newavas); - if (mFlattenDN) { - rdnv.addElement(newrdn); - } - } - } - - if (mFlattenDN) subject = new X500Name(rdnv); - else subject = p10subject; - - - // create default key usage extension - KeyUsageExtension kue = new KeyUsageExtension(); - kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); - kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); - - - PKCS10Attributes p10atts = p10.getAttributes(); - Enumeration e = p10atts.getElements(); - - while (e.hasMoreElements()) { - PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement(); - CertAttrSet attr = p10a.getAttributeValue(); - - - if (attr.getName().equals(ChallengePassword.NAME)) { - if (attr.get(ChallengePassword.PASSWORD) != null) { - req.put(AUTH_PASSWORD, - (String)attr.get(ChallengePassword.PASSWORD)); - req.put(ChallengePassword.NAME, - hashPassword( - (String)attr.get(ChallengePassword.PASSWORD))); - } - } - - if (attr.getName().equals(ExtensionsRequested.NAME)) { - - Enumeration exts = ((ExtensionsRequested)attr).getExtensions().elements(); - while (exts.hasMoreElements()) { - Extension ext = (Extension) exts.nextElement(); - - if (ext.getExtensionId().equals( - OIDMap.getOID(KeyUsageExtension.IDENT)) ) { - - kue = new KeyUsageExtension( - new Boolean(false), // noncritical - ext.getExtensionValue()); - } - - if (ext.getExtensionId().equals( - OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) { - DerOutputStream dos = new DerOutputStream(); - sane = new SubjectAlternativeNameExtension( - new Boolean(false), // noncritical - ext.getExtensionValue()); - - - Vector v = - (Vector) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME); - - Enumeration gne = v.elements(); - - while (gne.hasMoreElements()) { - GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement(); - if (gni instanceof GeneralName) { - GeneralName genName = (GeneralName) gni; - - String gn = genName.toString(); - int colon = gn.indexOf(':'); - String gnType = gn.substring(0,colon).trim(); - String gnValue = gn.substring(colon+1).trim(); - - authCreds.set(gnType,gnValue); - } - } - } - } - } - } - - if (authCreds != null) req.put(AUTH_CREDS,authCreds); - - try { - if (sane == null) sane = makeDefaultSubjectAltName(sanehash); - } catch (Exception sane_e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - sane_e.getMessage())); - } - - - - try { - if (mAppendDN != null && ! mAppendDN.equals("")) { - - X500Name newSubject = new X500Name(subject.toString()); - subject = new X500Name( subject.toString().concat(","+mAppendDN)); - } - - } catch (Exception sne) { - log(ILogger.LL_INFO, "Unable to use appendDN parameter: "+mAppendDN+". Error is "+sne.getMessage()+" Using unmodified subjectname"); - } - - if (subject != null) req.put(SUBJECTNAME, subject); - - if (key == null || subject == null) { - // log - //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); - } - - - - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); - - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - - certInfo.set(X509CertInfo.KEY, - new CertificateX509Key(key)); - - CertificateExtensions ext = new CertificateExtensions(); - - if (kue != null) { - ext.set(KeyUsageExtension.NAME, kue); - } - - // add subjectAltName extension, if present - if (sane != null) { - ext.set(SubjectAlternativeNameExtension.NAME, sane); - } - - certInfo.set(X509CertInfo.EXTENSIONS,ext); - - req.put(CERTINFO, certInfo); - } catch (Exception e) { - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return ; - } // NEED TO FIX - } - - - private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable ht) { - - // if no subjectaltname extension was requested, we try to make it up - // from some of the elements of the subject name - - int itemCount = ht.size(); - GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; - - itemCount = 0; - Enumeration en = ht.keys(); - while (en.hasMoreElements()) { - String key = (String) en.nextElement(); - if (key.equals(SANE_DNSNAME)) { - gn[itemCount++] = new DNSName((String)ht.get(key)); - } - if (key.equals(SANE_IPADDRESS)) { - gn[itemCount++] = new IPAddressName((String)ht.get(key)); + IRequestQueue rq = ca.getRequestQueue(); + IRequest foundRequest = null; + + Enumeration rids = rq.findRequestsBySourceId(txid); + if (rids == null) { + return null; + } + + int count = 0; + while (rids.hasMoreElements()) { + RequestId rid = (RequestId) rids.nextElement(); + if (rid == null) { + continue; + } + + IRequest request = rq.findRequest(rid); + if (request == null) { + continue; + } + if (!ignoreRejected + || request.getRequestStatus().equals(RequestStatus.PENDING) + || request.getRequestStatus() + .equals(RequestStatus.COMPLETE)) { + if (foundRequest != null) { + } + foundRequest = request; + } } + return foundRequest; } - try { - return new SubjectAlternativeNameExtension( new GeneralNames(gn) ); - } catch (Exception e) { - log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", - e.getMessage())); - return null; - } - } - - - - // Perform authentication - - /* - * if the authentication is set up for CEP, and the user provides - * some credential, an attempt is made to authenticate the user - * If this fails, this method will return true - * If it is sucessful, this method will return true and - * an authtoken will be in the request - * - * If authentication is not configured, this method will - * return false. The request will be processed in the usual - * way, but no authtoken will be in the request. - * - * In other word, this method returns true if the request - * should be aborted, false otherwise. - */ - - private boolean authenticateUser(CRSPKIMessage req) { - boolean authenticationFailed = true; - - if (mAuthManagerName == null) { - return false; - } - - String password = (String)req.get(AUTH_PASSWORD); - - AuthCredentials authCreds = (AuthCredentials)req.get(AUTH_CREDS); - - if (authCreds == null) { - authCreds = new AuthCredentials(); - } - - // authtoken starts as null - AuthToken token = null; - - if (password != null && !password.equals("")) { - try { - authCreds.set(AUTH_PASSWORD,password); - } catch (Exception e) {} - } - + /** + * Called if the router is requesting us to send it its certificate Examine + * request queue for a request matching the transaction ID. Ignore any + * rejected or cancelled requests. + * + * If a request is found in the pending state, the response should be + * 'pending' + * + * If a request is found in the completed state, the response should be to + * return the certificate + * + * If no request is found, the response should be to return null + * + */ + + public X509CertImpl handleGetCertInitial(CRSPKIMessage req, + CRSPKIMessage resp) { + IRequest foundRequest = null; + + // already done by handlePKIOperation + // resp.setRecipientNonce(req.getSenderNonce()); + // resp.setSenderNonce(null); + + try { + foundRequest = findRequestByTransactionID(req.getTransactionID(), + false); + } catch (EBaseException e) { + } + + if (foundRequest == null) { + resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId); + resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + + return makeResponseFromRequest(req, resp, foundRequest); + } + + public void verifyRequest(CRSPKIMessage req, CryptoContext cx) + throws CRSInvalidSignatureException { + + // Get Signed Data + + byte[] reqAAbytes = req.getAA(); + byte[] reqAAsig = req.getAADigest(); + + } + + /** + * Create an entry for this user in the publishing directory + * + */ + + private boolean createEntry(String dn) { + boolean result = false; + + IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor(); + if (ldapPub == null || !ldapPub.enabled()) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); + + return result; + } + + ILdapConnFactory connFactory = ((IPublisherProcessor) ldapPub) + .getLdapConnModule().getLdapConnFactory(); + if (connFactory == null) { + return result; + } + + LDAPConnection connection = null; + try { + connection = connFactory.getConn(); + String[] objectclasses = { "top", mEntryObjectclass }; + LDAPAttribute ocAttrs = new LDAPAttribute("objectclass", + objectclasses); + + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + attrSet.add(ocAttrs); + + LDAPEntry newEntry = new LDAPEntry(dn, attrSet); + connection.add(newEntry); + result = true; + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn)); + } finally { + try { + connFactory.returnConn(connection); + } catch (Exception f) { + } + } + return result; + } + + /** + * Here we decrypt the PKCS10 message from the client + * + */ + + public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx) + throws ServletException, CryptoManager.NotInitializedException, + CryptoContext.CryptoContextException, CRSFailureException { + + byte[] decryptedP10bytes = null; + SymmetricKey sk; + SymmetricKey skinternal; + SymmetricKey.Type skt; + KeyWrapper kw; + Cipher cip; + EncryptionAlgorithm ea; + boolean errorInRequest = false; + + // Unwrap the session key with the Cert server key + try { + kw = cx.getKeyWrapper(); + + kw.initUnwrap(cx.getPrivateKey(), null); + + skt = SymmetricKey.Type.DES; + ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null + && mEncryptionAlgorithm.equals("DES3")) { + skt = SymmetricKey.Type.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } + + sk = kw.unwrapSymmetric(req.getWrappedKey(), skt, + SymmetricKey.Usage.DECRYPT, 0); // keylength is ignored + + skinternal = cx.getDESKeyGenerator().clone(sk); + + cip = skinternal.getOwningToken().getCipherContext(ea); + + cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV()))); + + decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10()); + CMS.debug("decryptedP10bytes:"); + CMS.debug(decryptedP10bytes); + + req.setP10(new PKCS10(decryptedP10bytes)); + } catch (Exception e) { + CMS.debug("failed to unwrap PKCS10 " + e); + throw new CRSFailureException("Could not unwrap PKCS10 blob: " + + e.getMessage()); + } + + } + + private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp) + throws CRSFailureException { + + IRequest issueReq = null; + X509CertImpl issuedCert = null; + Vector extensionsRequested = null; + SubjectAlternativeNameExtension sane = null; + CertAttrSet requested_ext = null; + + try { + PKCS10 p10 = (PKCS10) req.getP10(); + + if (p10 == null) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + throw new CRSFailureException( + "Failed to decode pkcs10 from CEP request"); + } + + AuthCredentials authCreds = new AuthCredentials(); + + String challengePassword = null; + // Here, we make a new CertInfo - it's a new start for a certificate + + X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); + + // get some stuff out of the request + X509Key key = p10.getSubjectPublicKeyInfo(); + X500Name p10subject = p10.getSubjectName(); + + X500Name subject = null; + + // The following code will copy all the attributes + // into the AuthCredentials so they can be used for + // authentication + // + // Optionally, you can re-map the subject name from: + // one RDN, with many AVA's to + // many RDN's with one AVA in each. + + Enumeration rdne = p10subject.getRDNs(); + Vector rdnv = new Vector(); + + Hashtable sanehash = new Hashtable(); + + X500NameAttrMap xnap = X500NameAttrMap.getDefault(); + while (rdne.hasMoreElements()) { + RDN rdn = (RDN) rdne.nextElement(); + int i = 0; + AVA[] oldavas = rdn.getAssertion(); + for (i = 0; i < rdn.getAssertionLength(); i++) { + AVA[] newavas = new AVA[1]; + newavas[0] = oldavas[i]; + + authCreds.set(xnap.getName(oldavas[i].getOid()), oldavas[i] + .getValue().getAsString()); + + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) { + + sanehash.put(SANE_DNSNAME, oldavas[i].getValue() + .getAsString()); + } + if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) { + sanehash.put(SANE_IPADDRESS, oldavas[i].getValue() + .getAsString()); + } + + RDN newrdn = new RDN(newavas); + if (mFlattenDN) { + rdnv.addElement(newrdn); + } + } + } + + if (mFlattenDN) + subject = new X500Name(rdnv); + else + subject = p10subject; + + // create default key usage extension + KeyUsageExtension kue = new KeyUsageExtension(); + kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true)); + kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true)); + + PKCS10Attributes p10atts = p10.getAttributes(); + Enumeration e = p10atts.getElements(); + + while (e.hasMoreElements()) { + PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement(); + CertAttrSet attr = p10a.getAttributeValue(); + + if (attr.getName().equals(ChallengePassword.NAME)) { + if (attr.get(ChallengePassword.PASSWORD) != null) { + req.put(AUTH_PASSWORD, + (String) attr.get(ChallengePassword.PASSWORD)); + req.put(ChallengePassword.NAME, + hashPassword((String) attr + .get(ChallengePassword.PASSWORD))); + } + } + + if (attr.getName().equals(ExtensionsRequested.NAME)) { + + Enumeration exts = ((ExtensionsRequested) attr) + .getExtensions().elements(); + while (exts.hasMoreElements()) { + Extension ext = (Extension) exts.nextElement(); + + if (ext.getExtensionId().equals( + OIDMap.getOID(KeyUsageExtension.IDENT))) { + + kue = new KeyUsageExtension(new Boolean(false), // noncritical + ext.getExtensionValue()); + } + + if (ext.getExtensionId() + .equals(OIDMap + .getOID(SubjectAlternativeNameExtension.IDENT))) { + DerOutputStream dos = new DerOutputStream(); + sane = new SubjectAlternativeNameExtension( + new Boolean(false), // noncritical + ext.getExtensionValue()); + + Vector v = (Vector) sane + .get(SubjectAlternativeNameExtension.SUBJECT_NAME); + + Enumeration gne = v.elements(); + + while (gne.hasMoreElements()) { + GeneralNameInterface gni = (GeneralNameInterface) gne + .nextElement(); + if (gni instanceof GeneralName) { + GeneralName genName = (GeneralName) gni; + + String gn = genName.toString(); + int colon = gn.indexOf(':'); + String gnType = gn.substring(0, colon) + .trim(); + String gnValue = gn.substring(colon + 1) + .trim(); + + authCreds.set(gnType, gnValue); + } + } + } + } + } + } + + if (authCreds != null) + req.put(AUTH_CREDS, authCreds); + + try { + if (sane == null) + sane = makeDefaultSubjectAltName(sanehash); + } catch (Exception sane_e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + sane_e.getMessage())); + } + + try { + if (mAppendDN != null && !mAppendDN.equals("")) { + + X500Name newSubject = new X500Name(subject.toString()); + subject = new X500Name(subject.toString().concat( + "," + mAppendDN)); + } + + } catch (Exception sne) { + log(ILogger.LL_INFO, "Unable to use appendDN parameter: " + + mAppendDN + ". Error is " + sne.getMessage() + + " Using unmodified subjectname"); + } + + if (subject != null) + req.put(SUBJECTNAME, subject); + + if (key == null || subject == null) { + // log + // throw new + // ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10); + } + + certInfo.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); + + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + subject)); + + certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); + + CertificateExtensions ext = new CertificateExtensions(); + + if (kue != null) { + ext.set(KeyUsageExtension.NAME, kue); + } + + // add subjectAltName extension, if present + if (sane != null) { + ext.set(SubjectAlternativeNameExtension.NAME, sane); + } + + certInfo.set(X509CertInfo.EXTENSIONS, ext); + + req.put(CERTINFO, certInfo); + } catch (Exception e) { + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return; + } // NEED TO FIX + } + + private SubjectAlternativeNameExtension makeDefaultSubjectAltName( + Hashtable ht) { + + // if no subjectaltname extension was requested, we try to make it up + // from some of the elements of the subject name + + int itemCount = ht.size(); + GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()]; + + itemCount = 0; + Enumeration en = ht.keys(); + while (en.hasMoreElements()) { + String key = (String) en.nextElement(); + if (key.equals(SANE_DNSNAME)) { + gn[itemCount++] = new DNSName((String) ht.get(key)); + } + if (key.equals(SANE_IPADDRESS)) { + gn[itemCount++] = new IPAddressName((String) ht.get(key)); + } + } + + try { + return new SubjectAlternativeNameExtension(new GeneralNames(gn)); + } catch (Exception e) { + log(ILogger.LL_INFO, + CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME", + e.getMessage())); + return null; + } + } + + // Perform authentication + + /* + * if the authentication is set up for CEP, and the user provides some + * credential, an attempt is made to authenticate the user If this fails, + * this method will return true If it is sucessful, this method will return + * true and an authtoken will be in the request + * + * If authentication is not configured, this method will return false. The + * request will be processed in the usual way, but no authtoken will be in + * the request. + * + * In other word, this method returns true if the request should be aborted, + * false otherwise. + */ + + private boolean authenticateUser(CRSPKIMessage req) { + boolean authenticationFailed = true; + + if (mAuthManagerName == null) { + return false; + } + + String password = (String) req.get(AUTH_PASSWORD); + + AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS); + + if (authCreds == null) { + authCreds = new AuthCredentials(); + } + + // authtoken starts as null + AuthToken token = null; + + if (password != null && !password.equals("")) { + try { + authCreds.set(AUTH_PASSWORD, password); + } catch (Exception e) { + } + } + + try { + token = (AuthToken) mAuthSubsystem.authenticate(authCreds, + mAuthManagerName); + authCreds.delete(AUTH_PASSWORD); + // if we got here, the authenticate call must not have thrown + // an exception + authenticationFailed = false; + } catch (EInvalidCredentials ex) { + // Invalid credentials - we must reject the request + authenticationFailed = true; + } catch (EMissingCredential mc) { + // Misssing credential - we'll log, and process manually + authenticationFailed = false; + } catch (EBaseException ex) { + // If there's some other error, we'll reject + // So, we just continue on, - AUTH_TOKEN will not be set. + } + + if (token != null) { + req.put(AUTH_TOKEN, token); + } + + return authenticationFailed; + } + + private boolean areFingerprintsEqual(IRequest req, Hashtable fingerprints) { + + Hashtable old_fprints = req + .getExtDataInHashtable(IRequest.FINGERPRINTS); + if (old_fprints == null) { + return false; + } + + byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); + byte[] new_md5 = (byte[]) fingerprints.get("MD5"); + + if (old_md5.length != new_md5.length) + return false; + + for (int i = 0; i < old_md5.length; i++) { + if (old_md5[i] != new_md5[i]) + return false; + } + return true; + } + + public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, + IRequest cmsRequest, CRSPKIMessage req, CRSPKIMessage crsResp, + CryptoContext cx) throws ServletException, + CryptoManager.NotInitializedException, CRSFailureException { + + try { + unwrapPKCS10(req, cx); + Hashtable fingerprints = makeFingerPrints(req); + + if (cmsRequest != null) { + if (areFingerprintsEqual(cmsRequest, fingerprints)) { + CMS.debug("created response from request"); + return makeResponseFromRequest(req, crsResp, cmsRequest); + } else { + CMS.debug("duplicated transaction id"); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + return null; + } + } + + getDetailFromRequest(req, crsResp); + boolean authFailed = authenticateUser(req); + + if (authFailed) { + CMS.debug("authentication failed"); + log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + + // perform audit log + String auditMessage = CMS.getLogMessage( + "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5", + httpReq.getRemoteAddr(), ILogger.FAILURE, + req.getTransactionID(), "CRSEnrollment", + ILogger.SIGNED_AUDIT_EMPTY_VALUE); + ILogger signedAuditLogger = CMS.getSignedAuditLogger(); + if (signedAuditLogger != null) { + signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, + auditMessage); + } + + return null; + } else { + IRequest ireq = postRequest(httpReq, req, crsResp); + + CMS.debug("created response"); + return makeResponseFromRequest(req, crsResp, ireq); + } + } catch (CryptoContext.CryptoContextException e) { + CMS.debug("failed to decrypt the request " + e); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", + e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } catch (EBaseException e) { + CMS.debug("operation failure - " + e); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", e.getMessage())); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + } + return null; + } + + // //// post the request + + /* + * needed: + * + * token (authtoken) certInfo fingerprints x req.transactionID crsResp + */ + + private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, + CRSPKIMessage crsResp) throws EBaseException { + X500Name subject = (X500Name) req.get(SUBJECTNAME); + + if (mCreateEntry) { + if (subject == null) { + CMS.debug("CRSEnrollment::postRequest() - subject is null!"); + return null; + } + createEntry(subject.toString()); + } + + // use profile framework to handle SCEP + if (mProfileId != null) { + PKCS10 pkcs10data = (PKCS10) req.getP10(); + String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); + + // XXX authentication handling + CMS.debug("Found profile=" + mProfileId); + IProfile profile = mProfileSubsystem.getProfile(mProfileId); + if (profile == null) { + CMS.debug("profile " + mProfileId + " not found"); + return null; + } + IProfileContext ctx = profile.createContext(); + + IProfileAuthenticator authenticator = null; + try { + CMS.debug("Retrieving authenticator"); + authenticator = profile.getAuthenticator(); + if (authenticator == null) { + CMS.debug("No authenticator Found"); + } else { + CMS.debug("Got authenticator=" + + authenticator.getClass().getName()); + } + } catch (EProfileException e) { + // authenticator not installed correctly + } + + IAuthToken authToken = null; + + // for ssl authentication; pass in servlet for retrieving + // ssl client certificates + SessionContext context = SessionContext.getContext(); + + // insert profile context so that input parameter can be retrieved + context.put("profileContext", ctx); + context.put("sslClientCertProvider", new SSLClientCertProvider( + httpReq)); + + String p10Password = getPasswordFromP10(pkcs10data); + AuthCredentials credentials = new AuthCredentials(); + credentials.set("UID", httpReq.getRemoteAddr()); + credentials.set("PWD", p10Password); - try { - token = (AuthToken)mAuthSubsystem.authenticate(authCreds,mAuthManagerName); - authCreds.delete(AUTH_PASSWORD); - // if we got here, the authenticate call must not have thrown - // an exception - authenticationFailed = false; - } - catch (EInvalidCredentials ex) { - // Invalid credentials - we must reject the request - authenticationFailed = true; - } - catch (EMissingCredential mc) { - // Misssing credential - we'll log, and process manually - authenticationFailed = false; - } - catch (EBaseException ex) { - // If there's some other error, we'll reject - // So, we just continue on, - AUTH_TOKEN will not be set. - } - - if (token != null) { - req.put(AUTH_TOKEN,token); - } - - return authenticationFailed; - } - - private boolean areFingerprintsEqual(IRequest req, Hashtable fingerprints) - { - - Hashtable old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS); - if (old_fprints == null) { return false; } - - byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5")); - byte[] new_md5 = (byte[]) fingerprints.get("MD5"); - - if (old_md5.length != new_md5.length) return false; - - for (int i=0;i<old_md5.length; i++) { - if (old_md5[i] != new_md5[i]) return false; - } - return true; - } - - public X509CertImpl handlePKCSReq(HttpServletRequest httpReq, - IRequest cmsRequest, CRSPKIMessage req, - CRSPKIMessage crsResp, CryptoContext cx) - throws ServletException, - CryptoManager.NotInitializedException, - CRSFailureException { - - try { - unwrapPKCS10(req,cx); - Hashtable fingerprints = makeFingerPrints(req); - - if (cmsRequest != null) { - if (areFingerprintsEqual(cmsRequest, fingerprints)) { - CMS.debug("created response from request"); - return makeResponseFromRequest(req,crsResp,cmsRequest); - } - else { - CMS.debug("duplicated transaction id"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - return null; - } - } - - getDetailFromRequest(req,crsResp); - boolean authFailed = authenticateUser(req); - - if (authFailed) { - CMS.debug("authentication failed"); - log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH")); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - - - // perform audit log - String auditMessage = CMS.getLogMessage( - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5", - httpReq.getRemoteAddr(), - ILogger.FAILURE, - req.getTransactionID(), - "CRSEnrollment", - ILogger.SIGNED_AUDIT_EMPTY_VALUE); - ILogger signedAuditLogger = CMS.getSignedAuditLogger(); - if (signedAuditLogger != null) { - signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, auditMessage); - } - - return null; - } - else { - IRequest ireq = postRequest(httpReq, req,crsResp); - - - CMS.debug("created response"); - return makeResponseFromRequest(req,crsResp, ireq); - } - } catch (CryptoContext.CryptoContextException e) { - CMS.debug("failed to decrypt the request " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10", - e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } catch (EBaseException e) { - CMS.debug("operation failure - " + e); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", - e.getMessage())); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError); - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - } - return null; - } - - -////// post the request - -/* - needed: - - token (authtoken) - certInfo - fingerprints x - req.transactionID - crsResp -*/ - -private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) -throws EBaseException { - X500Name subject = (X500Name)req.get(SUBJECTNAME); - - if (mCreateEntry) { - if (subject == null) { - CMS.debug( "CRSEnrollment::postRequest() - subject is null!" ); - return null; - } - createEntry(subject.toString()); - } - - // use profile framework to handle SCEP - if (mProfileId != null) { - PKCS10 pkcs10data = (PKCS10)req.getP10(); - String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray()); - - // XXX authentication handling - CMS.debug("Found profile=" + mProfileId); - IProfile profile = mProfileSubsystem.getProfile(mProfileId); - if (profile == null) { - CMS.debug("profile " + mProfileId + " not found"); - return null; - } - IProfileContext ctx = profile.createContext(); - - IProfileAuthenticator authenticator = null; - try { - CMS.debug("Retrieving authenticator"); - authenticator = profile.getAuthenticator(); if (authenticator == null) { - CMS.debug("No authenticator Found"); + // XXX - to help caRouterCert to work, we need to + // add authentication to caRouterCert + authToken = new AuthToken(null); + } else { + authToken = authenticate(credentials, authenticator, httpReq); + } + + IRequest reqs[] = null; + CMS.debug("CRSEnrollment: Creating profile requests"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); + ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + Locale locale = Locale.getDefault(); + reqs = profile.createRequests(ctx, locale); + if (reqs == null) { + CMS.debug("CRSEnrollment: No request has been created"); + return null; } else { - CMS.debug("Got authenticator=" + authenticator.getClass().getName()); + CMS.debug("CRSEnrollment: Request (" + reqs.length + + ") have been created"); + } + // set transaction id + reqs[0].setSourceId(req.getTransactionID()); + reqs[0].setExtData("profile", "true"); + reqs[0].setExtData("profileId", mProfileId); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, + IEnrollProfile.REQ_TYPE_PKCS10); + reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); + reqs[0].setExtData("requestor_name", ""); + reqs[0].setExtData("requestor_email", ""); + reqs[0].setExtData("requestor_phone", ""); + reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); + reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); + reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); + + CMS.debug("CRSEnrollment: Populating inputs"); + profile.populateInput(ctx, reqs[0]); + CMS.debug("CRSEnrollment: Populating requests"); + profile.populate(reqs[0]); + + CMS.debug("CRSEnrollment: Submitting request"); + profile.submit(authToken, reqs[0]); + CMS.debug("CRSEnrollment: Done submitting request"); + profile.getRequestQueue().markAsServiced(reqs[0]); + CMS.debug("CRSEnrollment: Request marked as serviced"); + + return reqs[0]; + + } + + IRequestQueue rq = ca.getRequestQueue(); + IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); + + AuthToken token = (AuthToken) req.get(AUTH_TOKEN); + if (token != null) { + pkiReq.setExtData(IRequest.AUTH_TOKEN, token); + } + + pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, + IRequest.CEP_CERT); + X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); + pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo }); + pkiReq.setExtData("cepsubstore", mSubstoreName); + + try { + String chpwd = (String) req.get(ChallengePassword.NAME); + if (chpwd != null) { + pkiReq.setExtData("challengePhrase", chpwd); + } + } catch (Exception pwex) { + } + + Hashtable fingerprints = (Hashtable) req.get(IRequest.FINGERPRINTS); + if (fingerprints.size() > 0) { + Hashtable encodedPrints = new Hashtable(fingerprints.size()); + Enumeration e = fingerprints.keys(); + while (e.hasMoreElements()) { + String key = (String) e.nextElement(); + byte[] value = (byte[]) fingerprints.get(key); + encodedPrints.put(key, CMS.BtoA(value)); } - } catch (EProfileException e) { - // authenticator not installed correctly - } - - IAuthToken authToken = null; - - // for ssl authentication; pass in servlet for retrieving - // ssl client certificates - SessionContext context = SessionContext.getContext(); - - - // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(httpReq)); - - String p10Password = getPasswordFromP10(pkcs10data); - AuthCredentials credentials = new AuthCredentials(); - credentials.set("UID", httpReq.getRemoteAddr()); - credentials.set("PWD", p10Password); - - if (authenticator == null) { - // XXX - to help caRouterCert to work, we need to - // add authentication to caRouterCert - authToken = new AuthToken(null); - } else { - authToken = authenticate(credentials, authenticator, httpReq); - } - - IRequest reqs[] = null; - CMS.debug("CRSEnrollment: Creating profile requests"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10"); - ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - Locale locale = Locale.getDefault(); - reqs = profile.createRequests(ctx, locale); - if (reqs == null) { - CMS.debug("CRSEnrollment: No request has been created"); - return null; - } else { - CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created"); - } - // set transaction id - reqs[0].setSourceId(req.getTransactionID()); - reqs[0].setExtData("profile", "true"); - reqs[0].setExtData("profileId", mProfileId); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10); - reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob); - reqs[0].setExtData("requestor_name", ""); - reqs[0].setExtData("requestor_email", ""); - reqs[0].setExtData("requestor_phone", ""); - reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost()); - reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr()); - reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy()); - - CMS.debug("CRSEnrollment: Populating inputs"); - profile.populateInput(ctx, reqs[0]); - CMS.debug("CRSEnrollment: Populating requests"); - profile.populate(reqs[0]); - - CMS.debug("CRSEnrollment: Submitting request"); - profile.submit(authToken, reqs[0]); - CMS.debug("CRSEnrollment: Done submitting request"); - profile.getRequestQueue().markAsServiced(reqs[0]); - CMS.debug("CRSEnrollment: Request marked as serviced"); - - return reqs[0]; - - } - - IRequestQueue rq = ca.getRequestQueue(); - IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST); - - AuthToken token = (AuthToken) req.get(AUTH_TOKEN); - if (token != null) { - pkiReq.setExtData(IRequest.AUTH_TOKEN,token); - } - - pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT); - X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO); - pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo } ); - pkiReq.setExtData("cepsubstore", mSubstoreName); - - try { - String chpwd = (String)req.get(ChallengePassword.NAME); - if (chpwd != null) { - pkiReq.setExtData("challengePhrase", - chpwd ); - } - } catch (Exception pwex) { - } - - Hashtable fingerprints = (Hashtable)req.get(IRequest.FINGERPRINTS); - if (fingerprints.size() > 0) { - Hashtable encodedPrints = new Hashtable(fingerprints.size()); - Enumeration e = fingerprints.keys(); - while (e.hasMoreElements()) { - String key = (String)e.nextElement(); - byte[] value = (byte[])fingerprints.get(key); - encodedPrints.put(key, CMS.BtoA(value)); - } - pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); - } - - pkiReq.setSourceId(req.getTransactionID()); - - rq.processRequest(pkiReq); - - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.ENROLLMENTFORMAT, - new Object[] { - pkiReq.getRequestId(), - AuditFormat.FROMROUTER, - mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName, - "pending", - subject , - ""} - ); - - return pkiReq; - } - - - - public Hashtable makeFingerPrints(CRSPKIMessage req) { + pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints); + } + + pkiReq.setSourceId(req.getTransactionID()); + + rq.processRequest(pkiReq); + + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, + AuditFormat.ENROLLMENTFORMAT, + new Object[] { + pkiReq.getRequestId(), + AuditFormat.FROMROUTER, + mAuthManagerName == null ? AuditFormat.NOAUTH + : mAuthManagerName, "pending", subject, "" }); + + return pkiReq; + } + + public Hashtable makeFingerPrints(CRSPKIMessage req) { Hashtable fingerprints = new Hashtable(); MessageDigest md; - String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"}; - PKCS10 p10 = (PKCS10)req.getP10(); + String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", + "SHA512" }; + PKCS10 p10 = (PKCS10) req.getP10(); - for (int i=0;i<hashes.length;i++) { - try { - md = MessageDigest.getInstance(hashes[i]); - md.update(p10.getCertRequestInfo()); - fingerprints.put(hashes[i],md.digest()); - } - catch (NoSuchAlgorithmException nsa) {} + for (int i = 0; i < hashes.length; i++) { + try { + md = MessageDigest.getInstance(hashes[i]); + md.update(p10.getCertRequestInfo()); + fingerprints.put(hashes[i], md.digest()); + } catch (NoSuchAlgorithmException nsa) { + } } - if (fingerprints != null) { - req.put(IRequest.FINGERPRINTS,fingerprints); - } - return fingerprints; - } - - - // Take a look to see if the request was successful, and fill - // in the response message + if (fingerprints != null) { + req.put(IRequest.FINGERPRINTS, fingerprints); + } + return fingerprints; + } + // Take a look to see if the request was successful, and fill + // in the response message - private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp, - IRequest pkiReq) - { + private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, + CRSPKIMessage crsResp, IRequest pkiReq) { - X509CertImpl issuedCert=null; + X509CertImpl issuedCert = null; RequestStatus status = pkiReq.getRequestStatus(); String profileId = pkiReq.getExtDataInString("profileId"); if (profileId != null) { - CMS.debug("CRSEnrollment: Found profile request"); - X509CertImpl cert = - pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) { - CMS.debug("CRSEnrollment: No certificate has been found"); - } else { - CMS.debug("CRSEnrollment: Found certificate"); - } - crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - return cert; + CMS.debug("CRSEnrollment: Found profile request"); + X509CertImpl cert = pkiReq + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) { + CMS.debug("CRSEnrollment: No certificate has been found"); + } else { + CMS.debug("CRSEnrollment: Found certificate"); + } + crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); + return cert; } - - if ( status.equals(RequestStatus.COMPLETE)) { + if (status.equals(RequestStatus.COMPLETE)) { Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT); - if (success.equals(IRequest.RES_SUCCESS)) { // The cert was issued, lets send it back to the router - X509CertImpl[] issuedCertBuf = - pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl[] issuedCertBuf = pkiReq + .getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCertBuf == null || issuedCertBuf.length == 0) { - // writeError("Internal Error: Bad operation",httpReq,httpResp); - CMS.debug( "CRSEnrollment::makeResponseFromRequest() - " + - "Bad operation" ); + // writeError("Internal Error: Bad operation",httpReq,httpResp); + CMS.debug("CRSEnrollment::makeResponseFromRequest() - " + + "Bad operation"); return null; } issuedCert = issuedCertBuf[0]; crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS); - - } - else { // status is not 'success' - there must've been a problem - + + } else { // status is not 'success' - there must've been a problem + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg); } - } - else if (status.equals(RequestStatus.REJECTED_STRING) || - status.equals(RequestStatus.CANCELED_STRING)) { - crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); - crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); - } - else { // not complete + } else if (status.equals(RequestStatus.REJECTED_STRING) + || status.equals(RequestStatus.CANCELED_STRING)) { + crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE); + crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest); + } else { // not complete crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING); } return issuedCert; } + /** + * This needs to be re-written to log the messages to the system log, since + * there will be no visual webpage feedback for the user. (he's using a + * router) + */ + + private void writeError(String errMsg, HttpServletRequest httpReq, + HttpServletResponse httpResp) throws IOException { + } + + protected String hashPassword(String pwd) { + String salt = "lala123"; + byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes()); + String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); + return "{SHA}" + b64E; + } + /** + * Make the CRSPKIMESSAGE response + */ + private void processCertRep(CryptoContext cx, X509CertImpl issuedCert, + CRSPKIMessage crsResp, CRSPKIMessage crsReq) + throws CRSFailureException { + byte[] msgdigest = null; + byte[] encryptedDesKey = null; + try { + if (issuedCert != null) { + SymmetricKey sk; + SymmetricKey skinternal; - /** - * This needs to be re-written to log the messages to the system log, since there - * will be no visual webpage feedback for the user. (he's using a router) - */ + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; + if (mEncryptionAlgorithm != null + && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + ea = EncryptionAlgorithm.DES3_CBC; + } - private void writeError(String errMsg, HttpServletRequest httpReq, - HttpServletResponse httpResp) - throws IOException - { - } + // 1. Make the Degenerated PKCS7 with the recipient's + // certificate in it + byte toBeEncrypted[] = crsResp.makeSignedRep(1, // version + issuedCert.getEncoded()); - protected String hashPassword(String pwd) { - String salt = "lala123"; - byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes()); - String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest); - return "{SHA}"+b64E; - } + // 2. Encrypt the above byte array with a new random DES key + + sk = cx.getDESKeyGenerator().generate(); + + skinternal = cx.getInternalToken().getKeyGenerator(kga) + .clone(sk); + + byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); + + // This should be changed to generate proper DES IV. + + Cipher cipher = cx.getInternalToken().getCipherContext(ea); + IVParameterSpec desIV = new IVParameterSpec(new byte[] { + (byte) 0xff, (byte) 0x00, (byte) 0xff, (byte) 0x00, + (byte) 0xff, (byte) 0x00, (byte) 0xff, (byte) 0x00 }); + + cipher.initEncrypt(sk, desIV); + byte[] encryptedData = cipher.doFinal(padded); + + crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData, + mEncryptionAlgorithm); + + // 3. Extract the recipient's public key + + PublicKey rcpPK = crsReq.getSignerPublicKey(); + + // 4. Encrypt the DES key with the public key + + // we have to move the key onto the interal token. + // skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); + skinternal = cx.getInternalToken().cloneKey(sk); + + KeyWrapper kw = cx.getInternalKeyWrapper(); + kw.initWrap(rcpPK, null); + encryptedDesKey = kw.wrap(skinternal); + + crsResp.setRcpIssuerAndSerialNumber(crsReq + .getSgnIssuerAndSerialNumber()); + crsResp.makeRecipientInfo(0, encryptedDesKey); + + } + + byte[] ed = crsResp.makeEnvelopedData(0); + + // 7. Make Digest of SignedData Content + MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); + msgdigest = md.digest(ed); + + crsResp.setMsgDigest(msgdigest); + + } + + catch (Exception e) { + throw new CRSFailureException( + "Failed to create inner response to CEP message: " + + e.getMessage()); + } + + // 5. Make a RecipientInfo + + // The issuer name & serial number here, should be that of + // the EE's self-signed Certificate + // [I can get it from the req blob, but later, I should + // store the recipient's self-signed certificate with the request + // so I can get at it later. I need to do this to support + // 'PENDING'] + + try { + + // 8. Make Authenticated Attributes + // we can just pull the transaction ID out of the request. + // Later, we will have to put it out of the Request queue, + // so we can support PENDING + crsResp.setTransactionID(crsReq.getTransactionID()); + // recipientNonce and SenderNonce have already been set + + crsResp.makeAuthenticatedAttributes(); + // crsResp.makeAuthenticatedAttributes_old(); + + // now package up the rest of the SignerInfo + { + byte[] signingcertbytes = cx.getSigningCert().getEncoded(); + + Certificate.Template sgncert_t = new Certificate.Template(); + Certificate sgncert = (Certificate) sgncert_t + .decode(new ByteArrayInputStream(signingcertbytes)); + + IssuerAndSerialNumber sgniasn = new IssuerAndSerialNumber( + sgncert.getInfo().getIssuer(), sgncert.getInfo() + .getSerialNumber()); + crsResp.setSgnIssuerAndSerialNumber(sgniasn); + // 10. Make SignerInfo + crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); + // 11. Make SignedData + crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); - /** - * Make the CRSPKIMESSAGE response - */ - - - private void processCertRep(CryptoContext cx, - X509CertImpl issuedCert, - CRSPKIMessage crsResp, - CRSPKIMessage crsReq) - throws CRSFailureException { - byte[] msgdigest = null; - byte[] encryptedDesKey = null; - - try { - if (issuedCert != null) { - - SymmetricKey sk; - SymmetricKey skinternal; - - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - ea = EncryptionAlgorithm.DES3_CBC; - } - - // 1. Make the Degenerated PKCS7 with the recipient's certificate in it - - byte toBeEncrypted[] = - crsResp.makeSignedRep(1, // version - issuedCert.getEncoded() - ); - - // 2. Encrypt the above byte array with a new random DES key - - sk = cx.getDESKeyGenerator().generate(); - - skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk); - - byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize()); - - - // This should be changed to generate proper DES IV. - - Cipher cipher = cx.getInternalToken().getCipherContext(ea); - IVParameterSpec desIV = - new IVParameterSpec(new byte[]{ - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00, - (byte)0xff, (byte)0x00 } ); - - cipher.initEncrypt(sk,desIV); - byte[] encryptedData = cipher.doFinal(padded); - - crsResp.makeEncryptedContentInfo(desIV.getIV(),encryptedData, mEncryptionAlgorithm); - - // 3. Extract the recipient's public key - - PublicKey rcpPK = crsReq.getSignerPublicKey(); - - - // 4. Encrypt the DES key with the public key - - // we have to move the key onto the interal token. - //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk); - skinternal = cx.getInternalToken().cloneKey(sk); - - KeyWrapper kw = cx.getInternalKeyWrapper(); - kw.initWrap(rcpPK, null); - encryptedDesKey = kw.wrap(skinternal); - - crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber()); - crsResp.makeRecipientInfo(0, encryptedDesKey ); - - } - - - byte[] ed = crsResp.makeEnvelopedData(0); - - // 7. Make Digest of SignedData Content - MessageDigest md = MessageDigest.getInstance(mHashAlgorithm); - msgdigest = md.digest(ed); - - crsResp.setMsgDigest(msgdigest); - - } - - catch (Exception e) { - throw new CRSFailureException("Failed to create inner response to CEP message: "+e.getMessage()); - } - - - // 5. Make a RecipientInfo - - // The issuer name & serial number here, should be that of - // the EE's self-signed Certificate - // [I can get it from the req blob, but later, I should - // store the recipient's self-signed certificate with the request - // so I can get at it later. I need to do this to support - // 'PENDING'] - - - try { - - // 8. Make Authenticated Attributes - // we can just pull the transaction ID out of the request. - // Later, we will have to put it out of the Request queue, - // so we can support PENDING - crsResp.setTransactionID(crsReq.getTransactionID()); - // recipientNonce and SenderNonce have already been set - - crsResp.makeAuthenticatedAttributes(); - // crsResp.makeAuthenticatedAttributes_old(); - - - - // now package up the rest of the SignerInfo - { - byte[] signingcertbytes = cx.getSigningCert().getEncoded(); - - - Certificate.Template sgncert_t = new Certificate.Template(); - Certificate sgncert = - (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes)); - - IssuerAndSerialNumber sgniasn = - new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(), - sgncert.getInfo().getSerialNumber()); - - crsResp.setSgnIssuerAndSerialNumber(sgniasn); - - // 10. Make SignerInfo - crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm); - - // 11. Make SignedData - crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm); - - crsResp.debug(); - } - } - catch (Exception e) { - throw new CRSFailureException("Failed to create outer response to CEP request: "+e.getMessage()); - } - - - // if debugging, dump out the response into a file - - } - - - - class CryptoContext { - private CryptoManager cm; - private CryptoToken internalToken; - private CryptoToken keyStorageToken; - private CryptoToken internalKeyStorageToken; - private KeyGenerator DESkg; - private Enumeration externalTokens = null; - private org.mozilla.jss.crypto.X509Certificate signingCert; - private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; - private int signingCertKeySize = 0; - - - class CryptoContextException extends Exception { - /** + crsResp.debug(); + } + } catch (Exception e) { + throw new CRSFailureException( + "Failed to create outer response to CEP request: " + + e.getMessage()); + } + + // if debugging, dump out the response into a file + + } + + class CryptoContext { + private CryptoManager cm; + private CryptoToken internalToken; + private CryptoToken keyStorageToken; + private CryptoToken internalKeyStorageToken; + private KeyGenerator DESkg; + private Enumeration externalTokens = null; + private org.mozilla.jss.crypto.X509Certificate signingCert; + private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey; + private int signingCertKeySize = 0; + + class CryptoContextException extends Exception { + /** * */ - private static final long serialVersionUID = -1124116326126256475L; - public CryptoContextException() { super(); } - public CryptoContextException(String s) { super(s); } - } + private static final long serialVersionUID = -1124116326126256475L; - public CryptoContext() - throws CryptoContextException - { - try { - KeyGenAlgorithm kga = KeyGenAlgorithm.DES; - if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) { - kga = KeyGenAlgorithm.DES3; - } - cm = CryptoManager.getInstance(); - internalToken = cm.getInternalCryptoToken(); - DESkg = internalToken.getKeyGenerator(kga); - if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - mTokenName.equalsIgnoreCase("Internal Key Storage Token") || - mTokenName.length() == 0) { - keyStorageToken = cm.getInternalKeyStorageToken(); - internalKeyStorageToken = keyStorageToken; - CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"+mTokenName+"'"); - } else { - keyStorageToken = cm.getTokenByName(mTokenName); - internalKeyStorageToken = null; - } - if (!mUseCA && internalKeyStorageToken == null) { - PasswordCallback cb = CMS.getPasswordCallback(); - keyStorageToken.login(cb); // ONE_TIME by default. - } - signingCert = cm.findCertByNickname(mNickname); - signingCertPrivKey = cm.findPrivKeyByCert(signingCert); - byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); - SEQUENCE.Template outer = SEQUENCE.getTemplate(); - outer.addElement( ANY.getTemplate() ); // algid - outer.addElement( BIT_STRING.getTemplate() ); - SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo); - BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); - byte[] encPubKey = bs.getBits(); - if( bs.getPadCount() != 0) { - throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes."); - } - SEQUENCE.Template inner = new SEQUENCE.Template(); - inner.addElement( INTEGER.getTemplate()); - inner.addElement( INTEGER.getTemplate()); - SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey); - INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); - signingCertKeySize = modulus.bitLength(); - - try { - FileOutputStream fos = new FileOutputStream("pubkey.der"); - fos.write(signingCert.getPublicKey().getEncoded()); - fos.close(); - } catch (Exception e) {} - - } - catch (InvalidBERException e) { - throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); - } - catch (CryptoManager.NotInitializedException e) { - throw new CryptoContextException("Crypto Manager not initialized"); - } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException("Cannot create DES key generator"); - } - catch (ObjectNotFoundException e) { - throw new CryptoContextException("Certificate not found: "+ca.getNickname()); - } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); - } - catch (NoSuchTokenException e) { - throw new CryptoContextException("Crypto Token not found: "+e.getMessage()); - } - catch (IncorrectPasswordException e) { - throw new CryptoContextException("Incorrect Password."); - } - } - - - public KeyGenerator getDESKeyGenerator() { - return DESkg; - } + public CryptoContextException() { + super(); + } - public CryptoToken getInternalToken() { - return internalToken; - } + public CryptoContextException(String s) { + super(s); + } + } - public void setExternalTokens( Enumeration tokens ) { - externalTokens = tokens; - } + public CryptoContext() throws CryptoContextException { + try { + KeyGenAlgorithm kga = KeyGenAlgorithm.DES; + if (mEncryptionAlgorithm != null + && mEncryptionAlgorithm.equals("DES3")) { + kga = KeyGenAlgorithm.DES3; + } + cm = CryptoManager.getInstance(); + internalToken = cm.getInternalCryptoToken(); + DESkg = internalToken.getKeyGenerator(kga); + if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) + || mTokenName + .equalsIgnoreCase("Internal Key Storage Token") + || mTokenName.length() == 0) { + keyStorageToken = cm.getInternalKeyStorageToken(); + internalKeyStorageToken = keyStorageToken; + CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + + mTokenName + "'"); + } else { + keyStorageToken = cm.getTokenByName(mTokenName); + internalKeyStorageToken = null; + } + if (!mUseCA && internalKeyStorageToken == null) { + PasswordCallback cb = CMS.getPasswordCallback(); + keyStorageToken.login(cb); // ONE_TIME by default. + } + signingCert = cm.findCertByNickname(mNickname); + signingCertPrivKey = cm.findPrivKeyByCert(signingCert); + byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded(); + SEQUENCE.Template outer = SEQUENCE.getTemplate(); + outer.addElement(ANY.getTemplate()); // algid + outer.addElement(BIT_STRING.getTemplate()); + SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, + encPubKeyInfo); + BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1); + byte[] encPubKey = bs.getBits(); + if (bs.getPadCount() != 0) { + throw new CryptoContextException( + "Internal error: Invalid Public key. Not an integral number of bytes."); + } + SEQUENCE.Template inner = new SEQUENCE.Template(); + inner.addElement(INTEGER.getTemplate()); + inner.addElement(INTEGER.getTemplate()); + SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, + encPubKey); + INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0); + signingCertKeySize = modulus.bitLength(); - public Enumeration getExternalTokens() { - return externalTokens; - } + try { + FileOutputStream fos = new FileOutputStream("pubkey.der"); + fos.write(signingCert.getPublicKey().getEncoded()); + fos.close(); + } catch (Exception e) { + } - public CryptoToken getInternalKeyStorageToken() { - return internalKeyStorageToken; - } + } catch (InvalidBERException e) { + throw new CryptoContextException( + "Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate"); + } catch (CryptoManager.NotInitializedException e) { + throw new CryptoContextException( + "Crypto Manager not initialized"); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException( + "Cannot create DES key generator"); + } catch (ObjectNotFoundException e) { + throw new CryptoContextException("Certificate not found: " + + ca.getNickname()); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + + e.getMessage()); + } catch (NoSuchTokenException e) { + throw new CryptoContextException("Crypto Token not found: " + + e.getMessage()); + } catch (IncorrectPasswordException e) { + throw new CryptoContextException("Incorrect Password."); + } + } - public CryptoToken getKeyStorageToken() { - return keyStorageToken; - } + public KeyGenerator getDESKeyGenerator() { + return DESkg; + } - public CryptoManager getCryptoManager() { - return cm; - } + public CryptoToken getInternalToken() { + return internalToken; + } - public KeyWrapper getKeyWrapper() - throws CryptoContextException { - try { - return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + public void setExternalTokens(Enumeration tokens) { + externalTokens = tokens; } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); + + public Enumeration getExternalTokens() { + return externalTokens; } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); + + public CryptoToken getInternalKeyStorageToken() { + return internalKeyStorageToken; } - } - public KeyWrapper getInternalKeyWrapper() - throws CryptoContextException { - try { - return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + public CryptoToken getKeyStorageToken() { + return keyStorageToken; } - catch (TokenException e) { - throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage()); + + public CryptoManager getCryptoManager() { + return cm; } - catch (NoSuchAlgorithmException e) { - throw new CryptoContextException(e.getMessage()); + + public KeyWrapper getKeyWrapper() throws CryptoContextException { + try { + return signingCertPrivKey.getOwningToken().getKeyWrapper( + KeyWrapAlgorithm.RSA); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + + e.getMessage()); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); + } } - } - public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { - return signingCertPrivKey; - } + public KeyWrapper getInternalKeyWrapper() throws CryptoContextException { + try { + return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA); + } catch (TokenException e) { + throw new CryptoContextException("Problem with Crypto Token: " + + e.getMessage()); + } catch (NoSuchAlgorithmException e) { + throw new CryptoContextException(e.getMessage()); + } + } - public org.mozilla.jss.crypto.X509Certificate getSigningCert() { - return signingCert; - } - - } + public org.mozilla.jss.crypto.PrivateKey getPrivateKey() { + return signingCertPrivKey; + } + public org.mozilla.jss.crypto.X509Certificate getSigningCert() { + return signingCert; + } - /* General failure. The request/response cannot be processed. */ + } + /* General failure. The request/response cannot be processed. */ - class CRSFailureException extends Exception { - /** + class CRSFailureException extends Exception { + /** * */ - private static final long serialVersionUID = 1962741611501549051L; - public CRSFailureException() { super(); } - public CRSFailureException(String s) { super(s); } - } + private static final long serialVersionUID = 1962741611501549051L; - class CRSInvalidSignatureException extends Exception { - /** + public CRSFailureException() { + super(); + } + + public CRSFailureException(String s) { + super(s); + } + } + + class CRSInvalidSignatureException extends Exception { + /** * */ - private static final long serialVersionUID = 9096408193567657944L; - public CRSInvalidSignatureException() { super(); } - public CRSInvalidSignatureException(String s) { super(s); } - } + private static final long serialVersionUID = 9096408193567657944L; + + public CRSInvalidSignatureException() { + super(); + } - + public CRSInvalidSignatureException(String s) { + super(s); + } + } - class CRSPolicyException extends Exception { - /** + class CRSPolicyException extends Exception { + /** * */ - private static final long serialVersionUID = 5846593800658787396L; - public CRSPolicyException() { super(); } - public CRSPolicyException(String s) { super(s); } - } + private static final long serialVersionUID = 5846593800658787396L; -} + public CRSPolicyException() { + super(); + } + public CRSPolicyException(String s) { + super(s); + } + } + +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java index b449a8bd..0456071f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java @@ -29,115 +29,109 @@ import netscape.security.util.DerValue; import netscape.security.x509.CertAttrSet; /** - * Class for handling the decoding of a SCEP Challenge Password - * object. Currently this class cannot be used for encoding - * thus some fo the methods are unimplemented + * Class for handling the decoding of a SCEP Challenge Password object. + * Currently this class cannot be used for encoding thus some fo the methods are + * unimplemented */ public class ChallengePassword implements CertAttrSet { - public static final String NAME = "ChallengePassword"; - public static final String PASSWORD = "password"; - - private String cpw; - - - /** - * Get the password marshalled in this object - * @return the challenge password - */ - public String toString() { - return cpw; - } - - /** - * Create a ChallengePassword object - * @param stuff (must be of type byte[]) a DER-encoded by array following - * The ASN.1 template for ChallenegePassword specified in the SCEP - * documentation - * @throws IOException if the DER encoded byt array was malformed, or if it - * did not match the template - */ - - public ChallengePassword(Object stuff) - throws IOException { - - ByteArrayInputStream is = new ByteArrayInputStream((byte[])stuff); - try { - decode(is); - } catch (Exception e) { - throw new IOException(e.getMessage()); - } - - } - - /** - * Currently Unimplemented - */ - public void encode(OutputStream out) - throws CertificateException, IOException - { } - - public void decode(InputStream in) - throws CertificateException, IOException - { + public static final String NAME = "ChallengePassword"; + public static final String PASSWORD = "password"; + + private String cpw; + + /** + * Get the password marshalled in this object + * + * @return the challenge password + */ + public String toString() { + return cpw; + } + + /** + * Create a ChallengePassword object + * + * @param stuff (must be of type byte[]) a DER-encoded by array following + * The ASN.1 template for ChallenegePassword specified in the + * SCEP documentation + * @throws IOException if the DER encoded byt array was malformed, or if it + * did not match the template + */ + + public ChallengePassword(Object stuff) throws IOException { + + ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); + try { + decode(is); + } catch (Exception e) { + throw new IOException(e.getMessage()); + } + + } + + /** + * Currently Unimplemented + */ + public void encode(OutputStream out) throws CertificateException, + IOException { + } + + public void decode(InputStream in) throws CertificateException, IOException { DerValue derVal = new DerValue(in); construct(derVal); - + + } + + private void construct(DerValue derVal) throws IOException { + try { + cpw = derVal.getPrintableString(); + } catch (NullPointerException e) { + cpw = ""; + } + } + + /** + * Currently Unimplemented + */ + public void set(String name, Object obj) throws CertificateException, + IOException { } - private void construct(DerValue derVal) throws IOException { - try { - cpw = derVal.getPrintableString(); - } - catch (NullPointerException e) { - cpw = ""; - } - } - - - /** - * Currently Unimplemented - */ - public void set(String name, Object obj) - throws CertificateException, IOException - { } - - /** - * Get an attribute of this object. - * @param name the name of the attribute of this object to get. The only - * supported attribute is "password" - */ - public Object get(String name) - throws CertificateException, IOException - { + /** + * Get an attribute of this object. + * + * @param name the name of the attribute of this object to get. The only + * supported attribute is "password" + */ + public Object get(String name) throws CertificateException, IOException { if (name.equalsIgnoreCase(PASSWORD)) { return cpw; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet: ChallengePassword"); } - else { - throw new IOException("Attribute name not recognized by "+ - "CertAttrSet: ChallengePassword"); - } } - - /** - * Currently Unimplemented - */ - public void delete(String name) - throws CertificateException, IOException - { } - - /** - * @return an empty set of elements - */ - public Enumeration getElements() - { return (new Hashtable()).elements();} - - /** - * @return the String "ChallengePassword" - */ - public String getName() - { return NAME;} - - + + /** + * Currently Unimplemented + */ + public void delete(String name) throws CertificateException, IOException { + } + + /** + * @return an empty set of elements + */ + public Enumeration getElements() { + return (new Hashtable()).elements(); + } + + /** + * @return the String "ChallengePassword" + */ + public String getName() { + return NAME; + } + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java index a8757e74..e0c0c347 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java @@ -31,51 +31,44 @@ import netscape.security.util.DerValue; import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; - public class ExtensionsRequested implements CertAttrSet { + public static final String NAME = "EXTENSIONS_REQUESTED"; - public static final String NAME = "EXTENSIONS_REQUESTED"; - public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature"; - public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; + public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment"; private String kue_digital_signature = "false"; - private String kue_key_encipherment = "false"; - + private String kue_key_encipherment = "false"; + private Vector exts = new Vector(); public ExtensionsRequested(Object stuff) throws IOException { ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff); - + try { decode(is); - } - catch (Exception e) { + } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } } - - public void encode(OutputStream out) - throws CertificateException, IOException - { } - - public void decode(InputStream in) - throws CertificateException, IOException - { + + public void encode(OutputStream out) throws CertificateException, + IOException { + } + + public void decode(InputStream in) throws CertificateException, IOException { DerValue derVal = new DerValue(in); - + construct(derVal); } - - public void set(String name, Object obj) - throws CertificateException, IOException - { } - - public Object get(String name) - throws CertificateException, IOException - { + + public void set(String name, Object obj) throws CertificateException, + IOException { + } + + public Object get(String name) throws CertificateException, IOException { if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) { return kue_digital_signature; } @@ -85,107 +78,82 @@ public class ExtensionsRequested implements CertAttrSet { throw new IOException("Unsupported attribute queried"); } - - public void delete(String name) - throws CertificateException, IOException - { + + public void delete(String name) throws CertificateException, IOException { + } + + public Enumeration getElements() { + return (new Hashtable()).elements(); + } + + public String getName() { + return NAME; } - public Enumeration getElements() - { return (new Hashtable()).elements();} - - public String getName() - { return NAME;} - - - -/** - construct - expects this in the inputstream (from the router): - - 211 30 31: SEQUENCE { - 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8' - 225 31 17: SET { - 227 04 15: OCTET STRING, encapsulates { - 229 30 13: SEQUENCE { - 231 30 11: SEQUENCE { - 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) - 238 04 4: OCTET STRING - : 03 02 05 A0 - : } - : } - : } - - or this (from IRE client): - - 262 30 51: SEQUENCE { - 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14) - 275 31 38: SET { - 277 30 36: SEQUENCE { - 279 30 34: SEQUENCE { - 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) - 286 04 27: OCTET STRING - : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 - : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D - : } - : } - : } - : } - - - */ + /** + * construct - expects this in the inputstream (from the router): + * + * 211 30 31: SEQUENCE { 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 + * 8' 225 31 17: SET { 227 04 15: OCTET STRING, encapsulates { 229 30 13: + * SEQUENCE { 231 30 11: SEQUENCE { 233 06 3: OBJECT IDENTIFIER keyUsage (2 + * 5 29 15) 238 04 4: OCTET STRING : 03 02 05 A0 : } : } : } + * + * or this (from IRE client): + * + * 262 30 51: SEQUENCE { 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 + * 113549 1 9 14) 275 31 38: SET { 277 30 36: SEQUENCE { 279 30 34: SEQUENCE + * { 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 286 04 27: OCTET + * STRING : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 : 61 61 2E 6D 63 + * 6F 6D 2E 63 6F 6D : } : } : } : } + */ private void construct(DerValue dv) throws IOException { - DerInputStream stream = null; - DerValue[] dvs; + DerInputStream stream = null; + DerValue[] dvs; - try { // try decoding as sequence first + try { // try decoding as sequence first - stream = dv.toDerInputStream(); + stream = dv.toDerInputStream(); - DerValue stream_dv = stream.getDerValue(); - stream.reset(); - + DerValue stream_dv = stream.getDerValue(); + stream.reset(); - dvs = stream.getSequence(2); - } - catch (IOException ioe) { - // if it failed, the outer sequence may be - // encapsulated in an octet string, as in the first - // example above + dvs = stream.getSequence(2); + } catch (IOException ioe) { + // if it failed, the outer sequence may be + // encapsulated in an octet string, as in the first + // example above - byte[] octet_string = dv.getOctetString(); + byte[] octet_string = dv.getOctetString(); - // Make a new input stream from the byte array, - // and re-parse it as a sequence. + // Make a new input stream from the byte array, + // and re-parse it as a sequence. - dv = new DerValue(octet_string); + dv = new DerValue(octet_string); - stream = dv.toDerInputStream(); - dvs = stream.getSequence(2); - } + stream = dv.toDerInputStream(); + dvs = stream.getSequence(2); + } - // now, the stream will be in the correct format - stream.reset(); + // now, the stream will be in the correct format + stream.reset(); - while (true) { - DerValue ext_dv=null; - try { - ext_dv = stream.getDerValue(); - } - catch (IOException ex) { - break; - } + while (true) { + DerValue ext_dv = null; + try { + ext_dv = stream.getDerValue(); + } catch (IOException ex) { + break; + } - Extension ext = new Extension(ext_dv); - exts.addElement(ext); - } + Extension ext = new Extension(ext_dv); + exts.addElement(ext); + } } - public Vector getExtensions() { - return exts; - } + public Vector getExtensions() { + return exts; + } } - - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java index 759238d9..3d0f788e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Hashtable; @@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** * Authentication Credentials as input to the authMgr * <P> - * + * * @version $Revision$, $Date$ */ public class AuthCredentials implements IAuthCredentials { @@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials { */ private static final long serialVersionUID = -5995164231849154265L; private Hashtable authCreds = null; - // Inserted by bskim + // Inserted by bskim private IArgBlock argblk = null; + // Insert end - + public AuthCredentials() { authCreds = new Hashtable(); } /** * sets a credential with credential name and the credential + * * @param name credential name * @param cred credential * @exception com.netscape.certsrv.base.EBaseException NullPointerException */ - public void set(String name, Object cred)throws EBaseException { + public void set(String name, Object cred) throws EBaseException { if (cred == null) { throw new EBaseException("AuthCredentials.set()"); } @@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials { /** * returns the credential to which the specified name is mapped in this - * credential set + * credential set + * * @param name credential name * @return the named authentication credential */ @@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials { } /** - * removes the name and its corresponding credential from this - * credential set. This method does nothing if the named - * credential is not in the credential set. + * removes the name and its corresponding credential from this credential + * set. This method does nothing if the named credential is not in the + * credential set. + * * @param name credential name */ public void delete(String name) { @@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials { } /** - * returns an enumeration of the credentials in this credential - * set. Use the Enumeration methods on the returned object to - * fetch the elements sequentially. + * returns an enumeration of the credentials in this credential set. Use the + * Enumeration methods on the returned object to fetch the elements + * sequentially. + * * @return an enumeration of the values in this credential set * @see java.util.Enumeration */ public Enumeration getElements() { return (authCreds.elements()); } - + // Inserted by bskim public void setArgBlock(IArgBlock blk) { argblk = blk; return; - } + } // Insert end - + public IArgBlock getArgBlock() { return argblk; - } + } // Insert end } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java index 03cb83f6..1eabe780 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -94,33 +93,31 @@ import com.netscape.certsrv.request.RequestStatus; /** * Utility CMCOutputTemplate - * + * * @version $ $, $Date$ */ public class CMCOutputTemplate { public CMCOutputTemplate() { } - public void createFullResponseWithFailedStatus(HttpServletResponse resp, - SEQUENCE bpids, int code, UTF8String s) { + public void createFullResponseWithFailedStatus(HttpServletResponse resp, + SEQUENCE bpids, int code, UTF8String s) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); SEQUENCE otherMsgSeq = new SEQUENCE(); int bpid = 1; - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(code), null); - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), - bpids, s, otherInfo); - TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(code), + null); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(new INTEGER( + CMCStatusInfo.FAILED), bpids, s, otherInfo); + TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); try { - ResponseBody respBody = new ResponseBody(controlSeq, - cmsSeq, otherMsgSeq); + ResponseBody respBody = new ResponseBody(controlSeq, cmsSeq, + otherMsgSeq); SET certs = new SET(); ContentInfo contentInfo = getContentInfo(respBody, certs); @@ -137,13 +134,14 @@ public class CMCOutputTemplate { os.write(contentBytes); os.flush(); } catch (Exception e) { - CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " + + e.toString()); return; } } - public void createFullResponse(HttpServletResponse resp, IRequest []reqs, - String cert_request_type, int[] error_codes) { + public void createFullResponse(HttpServletResponse resp, IRequest[] reqs, + String cert_request_type, int[] error_codes) { SEQUENCE controlSeq = new SEQUENCE(); SEQUENCE cmsSeq = new SEQUENCE(); @@ -156,113 +154,106 @@ public class CMCOutputTemplate { SEQUENCE pending_bpids = null; SEQUENCE success_bpids = null; SEQUENCE failed_bpids = null; - if (cert_request_type.equals("crmf") || - cert_request_type.equals("pkcs10")) { + if (cert_request_type.equals("crmf") + || cert_request_type.equals("pkcs10")) { String reqId = reqs[0].getRequestId().toString(); OtherInfo otherInfo = null; if (error_codes[0] == 2) { PendInfo pendInfo = new PendInfo(reqId, new Date()); - otherInfo = new OtherInfo(OtherInfo.PEND, null, - pendInfo); + otherInfo = new OtherInfo(OtherInfo.PEND, null, pendInfo); } else { - otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER( + OtherInfo.BAD_REQUEST), null); } - + SEQUENCE bpids = new SEQUENCE(); bpids.addElement(new INTEGER(1)); - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - bpids, (String)null, otherInfo); - TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.PENDING, bpids, (String) null, otherInfo); + TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } else if (cert_request_type.equals("cmc")) { pending_bpids = new SEQUENCE(); success_bpids = new SEQUENCE(); failed_bpids = new SEQUENCE(); if (reqs != null) { - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { if (error_codes[i] == 0) { - success_bpids.addElement(new INTEGER( - reqs[i].getExtDataInBigInteger("bodyPartId"))); + success_bpids.addElement(new INTEGER(reqs[i] + .getExtDataInBigInteger("bodyPartId"))); } else if (error_codes[i] == 2) { - pending_bpids.addElement(new INTEGER( - reqs[i].getExtDataInBigInteger("bodyPartId"))); + pending_bpids.addElement(new INTEGER(reqs[i] + .getExtDataInBigInteger("bodyPartId"))); } else { - failed_bpids.addElement(new INTEGER( - reqs[i].getExtDataInBigInteger("bodyPartId"))); - } + failed_bpids.addElement(new INTEGER(reqs[i] + .getExtDataInBigInteger("bodyPartId"))); + } } } TaggedAttribute tagattr = null; CMCStatusInfo cmcStatusInfo = null; - SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof"); + SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof"); if (identityBpids != null && identityBpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_IDENTITY), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_IDENTITY), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - identityBpids, (String)null, otherInfo); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + identityBpids, (String) null, otherInfo); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } - SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness"); + SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context + .get("POPLinkWitness"); if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) { OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); + new INTEGER(OtherInfo.BAD_REQUEST), null); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - POPLinkWitnessBpids, (String)null, otherInfo); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + POPLinkWitnessBpids, (String) null, otherInfo); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(tagattr); } if (pending_bpids.size() > 0) { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String)null, null); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); - } + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, + pending_bpids, (String) null, null); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); + } if (success_bpids.size() > 0) { boolean confirmRequired = false; try { - confirmRequired = - CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", - false); - } catch (Exception e) { + confirmRequired = CMS.getConfigStore().getBoolean( + "cmc.cert.confirmRequired", false); + } catch (Exception e) { } if (confirmRequired) { CMS.debug("CMCOutputTemplate: confirmRequired in the request"); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, - success_bpids, (String)null, null); + cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.CONFIRM_REQUIRED, success_bpids, + (String) null, null); } else { - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, + success_bpids, (String) null, null); } - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_REQUEST), null); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - failed_bpids, (String)null, otherInfo); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(tagattr); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String) null, otherInfo); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + controlSeq.addElement(tagattr); } } @@ -270,80 +261,80 @@ public class CMCOutputTemplate { try { // deal with controls - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr = (TaggedAttribute) (context + .get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr != null) { try { processGetCertControl(attr, certs); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: "+ee.toString()); + CMS.debug("CMCOutputTemplate: " + ee.toString()); OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); + new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE bpids1 = new SEQUENCE(); bpids1.addElement(attr.getBodyPartID()); CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo( - new INTEGER(CMCStatusInfo.FAILED), - bpids1, null, otherInfo1); + new INTEGER(CMCStatusInfo.FAILED), bpids1, + null, otherInfo1); TaggedAttribute tagattr1 = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo1); controlSeq.addElement(tagattr1); } } - attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); + attr = (TaggedAttribute) (context + .get(OBJECT_IDENTIFIER.id_cmc_dataReturn)); if (attr != null) bpid = processDataReturnControl(attr, controlSeq, bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); + attr = (TaggedAttribute) context + .get(OBJECT_IDENTIFIER.id_cmc_transactionId); if (attr != null) bpid = processTransactionControl(attr, controlSeq, bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); + attr = (TaggedAttribute) context + .get(OBJECT_IDENTIFIER.id_cmc_senderNonce); if (attr != null) bpid = processSenderNonceControl(attr, controlSeq, bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); + attr = (TaggedAttribute) context + .get(OBJECT_IDENTIFIER.id_cmc_QueryPending); if (attr != null) - bpid = processQueryPendingControl(attr, controlSeq, bpid); + bpid = processQueryPendingControl(attr, controlSeq, bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); + attr = (TaggedAttribute) context + .get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance); - if (attr != null) - bpid = processConfirmCertAcceptanceControl(attr, controlSeq, - bpid); + if (attr != null) + bpid = processConfirmCertAcceptanceControl(attr, + controlSeq, bpid); - attr = - (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); + attr = (TaggedAttribute) context + .get(OBJECT_IDENTIFIER.id_cmc_revokeRequest); - if (attr != null) - bpid = processRevokeRequestControl(attr, controlSeq, - bpid); + if (attr != null) + bpid = processRevokeRequestControl(attr, controlSeq, bpid); } if (success_bpids != null && success_bpids.size() > 0) { - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { if (error_codes[i] == 0) { - X509CertImpl impl = - (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + X509CertImpl impl = (reqs[i] + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(bin)); + Certificate cert = (Certificate) certTemplate + .decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } } } - ResponseBody respBody = new ResponseBody(controlSeq, - cmsSeq, otherMsgSeq); + ResponseBody respBody = new ResponseBody(controlSeq, cmsSeq, + otherMsgSeq); ContentInfo contentInfo = getContentInfo(respBody, certs); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -354,16 +345,16 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (Exception e) { - CMS.debug("Exception: "+e.toString()); + CMS.debug("Exception: " + e.toString()); } } @@ -371,48 +362,46 @@ public class CMCOutputTemplate { try { ICertificateAuthority ca = null; // add CA cert chain - ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); java.security.cert.X509Certificate[] chains = certchains.getChain(); - for (int i=0; i<chains.length; i++) { + for (int i = 0; i < chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate) certTemplate + .decode(new ByteArrayInputStream(chains[i].getEncoded())); certs.addElement(cert); } - + EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); + OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody); org.mozilla.jss.crypto.X509Certificate x509CAcert = null; x509CAcert = ca.getCaX509Cert(); X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded()); - X500Name issuerName = (X500Name)caimpl.getIssuerDN(); + X500Name issuerName = (X500Name) caimpl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); Name issuer = (Name) Name.getTemplate().decode(istream); - IssuerAndSerialNumber ias = new IssuerAndSerialNumber( - issuer, new INTEGER(x509CAcert.getSerialNumber().toString())); + IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, + new INTEGER(x509CAcert.getSerialNumber().toString())); SignerIdentifier si = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // use CA instance's default signature and digest algorithm SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm(); - org.mozilla.jss.crypto.PrivateKey privKey = - CryptoManager.getInstance().findPrivKeyByCert(x509CAcert); -/* - org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) { - signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { - signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; - } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { - signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; - } else { - CMS.debug( "CMCOutputTemplate::getContentInfo() - " - + "signAlg is unsupported!" ); - return null; - } -*/ + org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager + .getInstance().findPrivKeyByCert(x509CAcert); + /* + * org.mozilla.jss.crypto.PrivateKey.Type keyType = + * privKey.getType(); if( keyType.equals( + * org.mozilla.jss.crypto.PrivateKey.RSA ) ) { signAlg = + * SignatureAlgorithm.RSASignatureWithSHA1Digest; } else if( + * keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + * signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else + * if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) { + * signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; } else { + * CMS.debug( "CMCOutputTemplate::getContentInfo() - " + + * "signAlg is unsupported!" ); return null; } + */ DigestAlgorithm digestAlg = signAlg.getDigestAlg(); MessageDigest msgDigest = null; byte[] digest = null; @@ -424,10 +413,9 @@ public class CMCOutputTemplate { respBody.encode((OutputStream) ostream); digest = msgDigest.digest(ostream.toByteArray()); - SignerInfo signInfo = new - SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, privKey); + SignerInfo signInfo = new SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, digest, signAlg, + privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); @@ -435,31 +423,32 @@ public class CMCOutputTemplate { SET digestAlgs = new SET(); if (digestAlg != null) { - AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), null); - + AlgorithmIdentifier ai = new AlgorithmIdentifier( + digestAlg.toOID(), null); + digestAlgs.addElement(ai); } - SignedData signedData = new SignedData(digestAlgs, - enContentInfo, certs, null, signInfos); + SignedData signedData = new SignedData(digestAlgs, enContentInfo, + certs, null, signInfos); ContentInfo contentInfo = new ContentInfo(signedData); CMS.debug("CMCOutputTemplate::getContentInfo() - done"); return contentInfo; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " + + e.toString()); } - return null; + return null; } - public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) { + public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) { SET certs = new SET(); SessionContext context = SessionContext.getContext(); try { - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr = (TaggedAttribute) (context + .get(OBJECT_IDENTIFIER.id_cmc_getCert)); processGetCertControl(attr, certs); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("CMCOutputTemplate: No certificate is found."); } @@ -468,38 +457,42 @@ public class CMCOutputTemplate { // oid for id-data OBJECT_IDENTIFIER oid = new OBJECT_IDENTIFIER("1.2.840.113549.1.7.1"); - EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(oid, null); + EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo( + oid, null); try { if (reqs != null) { - for (int i=0; i<reqs.length; i++) { - X509CertImpl impl = - (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); + for (int i = 0; i < reqs.length; i++) { + X509CertImpl impl = (reqs[i] + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT)); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = - (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); + Certificate cert = (Certificate) certTemplate + .decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } // Get CA certs - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); CertificateChain certchains = ca.getCACertChain(); - java.security.cert.X509Certificate[] chains = certchains.getChain(); + java.security.cert.X509Certificate[] chains = certchains + .getChain(); - for (int i=0; i<chains.length; i++) { + for (int i = 0; i < chains.length; i++) { Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = (Certificate)certTemplate.decode( - new ByteArrayInputStream(chains[i].getEncoded())); + Certificate cert = (Certificate) certTemplate + .decode(new ByteArrayInputStream(chains[i] + .getEncoded())); certs.addElement(cert); } } - + if (certs.size() == 0) return; SignedData signedData = new SignedData(digestAlgorithms, - enContentInfo, certs, null, signedInfos); + enContentInfo, certs, null, signedInfos); ContentInfo contentInfo = new ContentInfo(signedData); ByteArrayOutputStream fos = new ByteArrayOutputStream(); @@ -510,48 +503,47 @@ public class CMCOutputTemplate { resp.setContentType("application/pkcs7-mime"); resp.setContentLength(contentBytes.length); OutputStream os = resp.getOutputStream(); - os.write(contentBytes); + os.write(contentBytes); os.flush(); } catch (java.security.cert.CertificateEncodingException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (InvalidBERException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } catch (IOException e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } } - private int processConfirmCertAcceptanceControl( - TaggedAttribute attr, SEQUENCE controlSeq, int bpid) { + private int processConfirmCertAcceptanceControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) { if (attr != null) { INTEGER bodyId = attr.getBodyPartID(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(bodyId); + seq.addElement(bodyId); SET values = attr.getValues(); if (values != null && values.size() > 0) { try { - CMCCertId cmcCertId = - (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(), - ASN1Util.encode(values.elementAt(0)))); - BigInteger serialno = (BigInteger)(cmcCertId.getSerial()); - SEQUENCE issuers = cmcCertId.getIssuer(); - //ANY issuer = (ANY)issuers.elementAt(0); - ANY issuer = - (ANY)(ASN1Util.decode(ANY.getTemplate(), - ASN1Util.encode(issuers.elementAt(0)))); + CMCCertId cmcCertId = (CMCCertId) (ASN1Util.decode( + CMCCertId.getTemplate(), + ASN1Util.encode(values.elementAt(0)))); + BigInteger serialno = (BigInteger) (cmcCertId.getSerial()); + SEQUENCE issuers = cmcCertId.getIssuer(); + // ANY issuer = (ANY)issuers.elementAt(0); + ANY issuer = (ANY) (ASN1Util.decode(ANY.getTemplate(), + ASN1Util.encode(issuers.elementAt(0)))); byte[] b = issuer.getEncoded(); X500Name n = new X500Name(b); ICertificateAuthority ca = null; - ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ca = (ICertificateAuthority) CMS.getSubsystem("ca"); X500Name caName = ca.getX500Name(); boolean confirmAccepted = false; if (n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal"); - ICertificateRepository repository = - (ICertificateRepository)ca.getCertificateRepository(); + ICertificateRepository repository = (ICertificateRepository) ca + .getCertificateRepository(); X509CertImpl impl = null; try { - repository.getX509Certificate(serialno); + repository.getX509Certificate(serialno); } catch (EBaseException ee) { CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found"); } @@ -559,81 +551,85 @@ public class CMCOutputTemplate { CMCStatusInfo cmcStatusInfo = null; if (confirmAccepted) { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository."); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq, - (String)null, null); + cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.SUCCESS, seq, (String) null, null); } else { CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, - new INTEGER(OtherInfo.BAD_CERT_ID), null); - cmcStatusInfo = - new CMCStatusInfo(CMCStatusInfo.FAILED, seq, - (String)null, otherInfo); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_CERT_ID), null); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + seq, (String) null, otherInfo); } TaggedAttribute statustagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); - controlSeq.addElement(statustagattr); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); + controlSeq.addElement(statustagattr); } catch (Exception e) { - CMS.debug("CMCOutputTemplate exception: "+e.toString()); + CMS.debug("CMCOutputTemplate exception: " + e.toString()); } - } + } } return bpid; } private void processGetCertControl(TaggedAttribute attr, SET certs) - throws InvalidBERException, java.security.cert.CertificateEncodingException, - IOException, EBaseException { + throws InvalidBERException, + java.security.cert.CertificateEncodingException, IOException, + EBaseException { if (attr != null) { SET vals = attr.getValues(); if (vals.size() == 1) { - GetCert getCert = - (GetCert)(ASN1Util.decode(GetCert.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - BigInteger serialno = (BigInteger)(getCert.getSerialNumber()); - ANY issuer = (ANY)getCert.getIssuer(); + GetCert getCert = (GetCert) (ASN1Util.decode( + GetCert.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); + BigInteger serialno = (BigInteger) (getCert.getSerialNumber()); + ANY issuer = (ANY) getCert.getIssuer(); byte b[] = issuer.getEncoded(); X500Name n = new X500Name(b); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); X500Name caName = ca.getX500Name(); if (!n.toString().equalsIgnoreCase(caName.toString())) { CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control"); throw new EBaseException("Certificate is not found"); } - ICertificateRepository repository = - (ICertificateRepository)ca.getCertificateRepository(); + ICertificateRepository repository = (ICertificateRepository) ca + .getCertificateRepository(); X509CertImpl impl = repository.getX509Certificate(serialno); byte[] bin = impl.getEncoded(); Certificate.Template certTemplate = new Certificate.Template(); - Certificate cert = - (Certificate)certTemplate.decode(new ByteArrayInputStream(bin)); + Certificate cert = (Certificate) certTemplate + .decode(new ByteArrayInputStream(bin)); certs.addElement(cert); } } } - + private int processQueryPendingControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET values = attr.getValues(); - if (values != null && values.size() > 0) { + if (values != null && values.size() > 0) { SEQUENCE pending_bpids = new SEQUENCE(); SEQUENCE success_bpids = new SEQUENCE(); SEQUENCE failed_bpids = new SEQUENCE(); - for (int i=0; i<values.size(); i++) { + for (int i = 0; i < values.size(); i++) { try { - INTEGER reqId = (INTEGER) - ASN1Util.decode(INTEGER.getTemplate(), - ASN1Util.encode(values.elementAt(i))); + INTEGER reqId = (INTEGER) ASN1Util.decode( + INTEGER.getTemplate(), + ASN1Util.encode(values.elementAt(i))); String requestId = new String(reqId.toByteArray()); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); IRequestQueue queue = ca.getRequestQueue(); - IRequest r = queue.findRequest(new RequestId(requestId)); + IRequest r = queue + .findRequest(new RequestId(requestId)); if (r != null) { - Integer result = r.getExtDataInInteger(IRequest.RESULT); + Integer result = r + .getExtDataInInteger(IRequest.RESULT); RequestStatus status = r.getRequestStatus(); if (status.equals(RequestStatus.PENDING)) { pending_bpids.addElement(reqId); @@ -648,44 +644,47 @@ public class CMCOutputTemplate { } if (pending_bpids.size() > 0) { - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, - pending_bpids, (String)null, null); - TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.PENDING, pending_bpids, + (String) null, null); + TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( + bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); } if (success_bpids.size() > 0) { - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - pending_bpids, (String)null, null); - TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.SUCCESS, pending_bpids, + (String) null, null); + TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( + bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); } if (failed_bpids.size() > 0) { - CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, - pending_bpids, (String)null, null); - TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.FAILED, pending_bpids, (String) null, + null); + TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( + bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); } - } + } } return bpid; } - private int processTransactionControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + private int processTransactionControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET transIds = attr.getValues(); if (transIds != null) { - TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, - transIds); + TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( + bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, + transIds); controlSeq.addElement(tagattr); } } @@ -694,28 +693,29 @@ public class CMCOutputTemplate { } private int processSenderNonceControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) { + SEQUENCE controlSeq, int bpid) { if (attr != null) { SET sNonce = attr.getValues(); if (sNonce != null) { - TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, - sNonce); + TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( + bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce, + sNonce); controlSeq.addElement(tagattr); Date date = new Date(); - String salt = "lala123"+date.toString(); + String salt = "lala123" + date.toString(); byte[] dig; try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + MessageDigest SHA1Digest = MessageDigest + .getInstance("SHA1"); dig = SHA1Digest.digest(salt.getBytes()); } catch (NoSuchAlgorithmException ex) { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, - new OCTET_STRING(b64E.getBytes())); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING( + b64E.getBytes())); controlSeq.addElement(tagattr); } } @@ -723,29 +723,28 @@ public class CMCOutputTemplate { return bpid; } - private int processDataReturnControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException { + private int processDataReturnControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException { if (attr != null) { SET vals = attr.getValues(); - + if (vals.size() > 0) { - OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); - TaggedAttribute tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_dataReturn, str); - controlSeq.addElement(tagattr); + OCTET_STRING str = (OCTET_STRING) (ASN1Util.decode( + OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); + TaggedAttribute tagattr = new TaggedAttribute(new INTEGER( + bpid++), OBJECT_IDENTIFIER.id_cmc_dataReturn, str); + controlSeq.addElement(tagattr); } - } + } return bpid; } - private int processRevokeRequestControl(TaggedAttribute attr, - SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException, - IOException { + private int processRevokeRequestControl(TaggedAttribute attr, + SEQUENCE controlSeq, int bpid) throws InvalidBERException, + EBaseException, IOException { boolean revoke = false; SessionContext context = SessionContext.getContext(); if (attr != null) { @@ -753,39 +752,49 @@ public class CMCOutputTemplate { CMCStatusInfo cmcStatusInfo = null; SET vals = attr.getValues(); if (vals.size() > 0) { - RevRequest revRequest = - (RevRequest)(ASN1Util.decode(new RevRequest.Template(), - ASN1Util.encode(vals.elementAt(0)))); + RevRequest revRequest = (RevRequest) (ASN1Util.decode( + new RevRequest.Template(), + ASN1Util.encode(vals.elementAt(0)))); OCTET_STRING str = revRequest.getSharedSecret(); - INTEGER pid = attr.getBodyPartID(); + INTEGER pid = attr.getBodyPartID(); TaggedAttribute tagattr = null; INTEGER revokeCertSerial = revRequest.getSerialNumber(); - BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray()); + BigInteger revokeSerial = new BigInteger( + revokeCertSerial.toByteArray()); if (str == null) { boolean needVerify = true; try { - needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true); + needVerify = CMS.getConfigStore().getBoolean( + "cmc.revokeCert.verify", true); } catch (Exception e) { } - + if (needVerify) { - Integer num1 = (Integer)context.get("numOfOtherMsgs"); + Integer num1 = (Integer) context.get("numOfOtherMsgs"); int num = num1.intValue(); - for (int i=0; i<num; i++) { - OtherMsg data = (OtherMsg)context.get("otherMsg"+i); - INTEGER dpid = data.getBodyPartID(); + for (int i = 0; i < num; i++) { + OtherMsg data = (OtherMsg) context.get("otherMsg" + + i); + INTEGER dpid = data.getBodyPartID(); if (pid.longValue() == dpid.longValue()) { - ANY msgValue = data.getOtherMsgValue(); - SignedData msgData = - (SignedData)msgValue.decodeWith(SignedData.getTemplate()); + ANY msgValue = data.getOtherMsgValue(); + SignedData msgData = (SignedData) msgValue + .decodeWith(SignedData.getTemplate()); if (!verifyRevRequestSignature(msgData)) { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo( + OtherInfo.FAIL, + new INTEGER( + OtherInfo.BAD_MESSAGE_CHECK), + null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); + cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.FAILED, failed_bpids, + (String) null, otherInfo); tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -794,13 +803,14 @@ public class CMCOutputTemplate { } revoke = true; - // check shared secret + // check shared secret } else { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; try { - name = CMS.getConfigStore().getString("cmc.revokeCert.sharedSecret.class"); + name = CMS.getConfigStore().getString( + "cmc.revokeCert.sharedSecret.class"); } catch (EPropertyNotFound e) { CMS.debug("EnrollProfile: Failed to find the token class in the configuration file."); sharedSecretFound = false; @@ -810,27 +820,32 @@ public class CMCOutputTemplate { } try { - tokenClass = (ISharedToken)Class.forName(name).newInstance(); + tokenClass = (ISharedToken) Class.forName(name) + .newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: "+name); + CMS.debug("EnrollProfile: Failed to find class name: " + + name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: "+name); + CMS.debug("EnrollProfile: Failed to instantiate class: " + + name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: "+name); + CMS.debug("EnrollProfile: Illegal access: " + name); sharedSecretFound = false; } if (!sharedSecretFound) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String) null, otherInfo); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -843,13 +858,15 @@ public class CMCOutputTemplate { if (sharedSecret == null) { CMS.debug("CMCOutputTemplate: class for shared secret was not found."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String) null, otherInfo); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -861,37 +878,44 @@ public class CMCOutputTemplate { revoke = true; } else { CMS.debug("CMCOutputTemplate: Both client and server shared secret are not the same, cant revoke certificate."); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String) null, otherInfo); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } - } + } if (revoke) { - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); - ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository(); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); + ICertificateRepository repository = (ICertificateRepository) ca + .getCertificateRepository(); ICertRecord record = null; try { record = repository.readCertificateRecord(revokeSerial); } catch (EBaseException ee) { - CMS.debug("CMCOutputTemplate: Exception: "+ee.toString()); + CMS.debug("CMCOutputTemplate: Exception: " + + ee.toString()); } if (record == null) { CMS.debug("CMCOutputTemplate: The certificate is not found"); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_CERT_ID), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String) null, otherInfo); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -900,11 +924,12 @@ public class CMCOutputTemplate { CMS.debug("CMCOutputTemplate: The certificate is already revoked."); SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.SUCCESS, success_bpids, + (String) null, null); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -913,45 +938,58 @@ public class CMCOutputTemplate { impls[0] = impl; ENUMERATED n = revRequest.getReason(); RevocationReason reason = toRevocationReason(n); - CRLReasonExtension crlReasonExtn = new CRLReasonExtension(reason); + CRLReasonExtension crlReasonExtn = new CRLReasonExtension( + reason); CRLExtensions entryExtn = new CRLExtensions(); GeneralizedTime t = revRequest.getInvalidityDate(); InvalidityDateExtension invalidityDateExtn = null; if (t != null) { - invalidityDateExtn = new InvalidityDateExtension(t.toDate()); - entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn); + invalidityDateExtn = new InvalidityDateExtension( + t.toDate()); + entryExtn.set(invalidityDateExtn.getName(), + invalidityDateExtn); } if (crlReasonExtn != null) { entryExtn.set(crlReasonExtn.getName(), crlReasonExtn); } - RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn); + RevokedCertImpl revCertImpl = new RevokedCertImpl( + impl.getSerialNumber(), CMS.getCurrentDate(), + entryExtn); RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1]; revCertImpls[0] = revCertImpl; - IRequestQueue queue = ca.getRequestQueue(); - IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST); + IRequestQueue queue = ca.getRequestQueue(); + IRequest revReq = queue + .newRequest(IRequest.REVOCATION_REQUEST); revReq.setExtData(IRequest.CERT_INFO, revCertImpls); revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason.toInt())); UTF8String utfstr = revRequest.getComment(); if (utfstr != null) - revReq.setExtData(IRequest.REQUESTOR_COMMENTS, utfstr.toString()); - revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT); + revReq.setExtData(IRequest.REQUESTOR_COMMENTS, + utfstr.toString()); + revReq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_AGENT); queue.processRequest(revReq); RequestStatus stat = revReq.getRequestStatus(); if (stat == RequestStatus.COMPLETE) { - Integer result = revReq.getExtDataInInteger(IRequest.RESULT); - CMS.debug("CMCOutputTemplate: revReq result = "+result); + Integer result = revReq + .getExtDataInInteger(IRequest.RESULT); + CMS.debug("CMCOutputTemplate: revReq result = " + + result); if (result.equals(IRequest.RES_ERROR)) { - CMS.debug("CMCOutputTemplate: revReq exception: " + - revReq.getExtDataInString(IRequest.ERROR)); - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null); + CMS.debug("CMCOutputTemplate: revReq exception: " + + revReq.getExtDataInString(IRequest.ERROR)); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_REQUEST), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.FAILED, failed_bpids, + (String) null, otherInfo); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } @@ -959,37 +997,42 @@ public class CMCOutputTemplate { ILogger logger = CMS.getLogger(); String initiative = AuditFormat.FROMUSER; - logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, new Object[] { - revReq.getRequestId(), initiative, "completed", - impl.getSubjectDN(), - impl.getSerialNumber().toString(16), - reason.toString()}); + logger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { revReq.getRequestId(), initiative, + "completed", impl.getSubjectDN(), + impl.getSerialNumber().toString(16), + reason.toString() }); CMS.debug("CMCOutputTemplate: Certificate get revoked."); SEQUENCE success_bpids = new SEQUENCE(); success_bpids.addElement(attrbpid); cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, - success_bpids, (String)null, null); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + success_bpids, (String) null, null); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } else { - OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); + OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, + new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null); SEQUENCE failed_bpids = new SEQUENCE(); failed_bpids.addElement(attrbpid); - cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo); - tagattr = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); + cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, + failed_bpids, (String) null, otherInfo); + tagattr = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, + cmcStatusInfo); controlSeq.addElement(tagattr); return bpid; } } } - return bpid; + return bpid; } private RevocationReason toRevocationReason(ENUMERATED n) { @@ -998,7 +1041,7 @@ public class CMCOutputTemplate { return RevocationReason.UNSPECIFIED; else if (code == RevRequest.affiliationChanged.getValue()) return RevocationReason.AFFILIATION_CHANGED; - else if (code == RevRequest.cACompromise.getValue()) + else if (code == RevRequest.cACompromise.getValue()) return RevocationReason.CA_COMPROMISE; else if (code == RevRequest.certificateHold.getValue()) return RevocationReason.CERTIFICATE_HOLD; @@ -1021,34 +1064,34 @@ public class CMCOutputTemplate { try { EncapsulatedContentInfo ci = msgData.getContentInfo(); OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); - TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s); + ByteArrayInputStream s = new ByteArrayInputStream( + content.toByteArray()); + TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()) + .decode(s); SET values = tattr.getValues(); RevRequest revRequest = null; if (values != null && values.size() > 0) - revRequest = - (RevRequest)(ASN1Util.decode(new RevRequest.Template(), - ASN1Util.encode(values.elementAt(0)))); + revRequest = (RevRequest) (ASN1Util.decode( + new RevRequest.Template(), + ASN1Util.encode(values.elementAt(0)))); SET dias = msgData.getDigestAlgorithmIdentifiers(); int numDig = dias.size(); Hashtable digs = new Hashtable(); - for (int i=0; i<numDig; i++) { - AlgorithmIdentifier dai = - (AlgorithmIdentifier) dias.elementAt(i); - String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); - MessageDigest md = - MessageDigest.getInstance(name); + for (int i = 0; i < numDig; i++) { + AlgorithmIdentifier dai = (AlgorithmIdentifier) dias + .elementAt(i); + String name = DigestAlgorithm.fromOID(dai.getOID()).toString(); + MessageDigest md = MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); digs.put(name, digest); } SET sis = msgData.getSignerInfos(); - int numSis = sis.size(); - for (int i=0; i<numSis; i++) { - org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i); + int numSis = sis.size(); + for (int i = 0; i < numSis; i++) { + org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis + .elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); if (digest == null) { @@ -1058,23 +1101,30 @@ public class CMCOutputTemplate { digest = md.digest(ostream.toByteArray()); } SignerIdentifier sid = si.getSignerIdentifier(); - if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { - org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = - sid.getIssuerAndSerialNumber(); + if (sid.getType().equals( + SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = sid + .getIssuerAndSerialNumber(); java.security.cert.X509Certificate cert = null; if (msgData.hasCertificates()) { SET certs = msgData.getCertificates(); int numCerts = certs.size(); - for (int j=0; j<numCerts; j++) { - org.mozilla.jss.pkix.cert.Certificate certJss = - (Certificate) certs.elementAt(j); - org.mozilla.jss.pkix.cert.CertificateInfo certI = - certJss.getInfo(); + for (int j = 0; j < numCerts; j++) { + org.mozilla.jss.pkix.cert.Certificate certJss = (Certificate) certs + .elementAt(j); + org.mozilla.jss.pkix.cert.CertificateInfo certI = certJss + .getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) && - sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { + if (new String(issuerB) + .equalsIgnoreCase(new String(ASN1Util + .encode(issuerAndSerialNumber + .getIssuer()))) + && sn.toString().equals( + issuerAndSerialNumber + .getSerialNumber() + .toString())) { ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -1082,23 +1132,25 @@ public class CMCOutputTemplate { } } } - + if (cert != null) { PublicKey pbKey = cert.getPublicKey(); - String type = ((X509Key)pbKey).getAlgorithm(); + String type = ((X509Key) pbKey).getAlgorithm(); PrivateKey.Type kType = PrivateKey.RSA; if (type.equals("DSA")) kType = PrivateKey.DSA; - PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey()); + PK11PubKey pubK = PK11PubKey.fromRaw(kType, + ((X509Key) pbKey).getKey()); si.verify(digest, ci.getContentType(), pubK); return true; } - } - } - + } + } + return false; } catch (Exception e) { - CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString()); + CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " + + e.toString()); return false; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java index 7f89297c..746a7c32 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -27,10 +26,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.logging.ILogger; - /** * CMSFile represents a file from the filesystem cached in memory - * + * * @version $Revision$, $Date$ */ public class CMSFile { @@ -87,7 +85,8 @@ public class CMSFile { } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, level, ILogger.S_OTHER, "CMSgateway:" + msg); + mLogger.log(ILogger.EV_SYSTEM, level, ILogger.S_OTHER, "CMSgateway:" + + msg); } public String toString() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java index bf4c3cf6..0d3fea99 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.IOException; import java.util.Enumeration; @@ -26,10 +25,9 @@ import java.util.Hashtable; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** * CMSFileLoader - file cache. - * + * * @version $Revision$, $Date$ */ @@ -45,14 +43,14 @@ public class CMSFileLoader { // property to cache templates only public final String PROP_CACHE_TEMPLATES_ONLY = "cacheTemplatesOnly"; - // hash of files to their content. + // hash of files to their content. private Hashtable mLoadedFiles = new Hashtable(); - // max number of files + // max number of files private int mMaxSize = MAX_SIZE; // number of files to clear when max is reached. - private int mClearSize = CLEAR_SIZE; + private int mClearSize = CLEAR_SIZE; // whether to cache templates and forms only. private boolean mCacheTemplatesOnly = true; @@ -63,16 +61,17 @@ public class CMSFileLoader { public void init(IConfigStore config) throws EBaseException { mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE); mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE); - mCacheTemplatesOnly = - config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true); + mCacheTemplatesOnly = config + .getBoolean(PROP_CACHE_TEMPLATES_ONLY, true); } // Changed by bskim - //public byte[] get(String absPath) throws EBaseException, IOException { - // File file = new File(absPath); - // return get(file); - //} - public byte[] get(String absPath, String enc) throws EBaseException, IOException { + // public byte[] get(String absPath) throws EBaseException, IOException { + // File file = new File(absPath); + // return get(file); + // } + public byte[] get(String absPath, String enc) throws EBaseException, + IOException { File file = new File(absPath); return get(file, enc); @@ -81,19 +80,20 @@ public class CMSFileLoader { // Change end // Changed by bskim - //public byte[] get(File file) throws EBaseException, IOException { - // CMSFile cmsFile = getCMSFile(file); + // public byte[] get(File file) throws EBaseException, IOException { + // CMSFile cmsFile = getCMSFile(file); public byte[] get(File file, String enc) throws EBaseException, IOException { CMSFile cmsFile = getCMSFile(file, enc); - // Change end + // Change end return cmsFile.getContent(); } // Changed by bskim - //public CMSFile getCMSFile(File file) throws EBaseException, IOException { - public CMSFile getCMSFile(File file, String enc) throws EBaseException, IOException { - // Change end + // public CMSFile getCMSFile(File file) throws EBaseException, IOException { + public CMSFile getCMSFile(File file, String enc) throws EBaseException, + IOException { + // Change end String absPath = file.getAbsolutePath(); long modified = file.lastModified(); CMSFile cmsFile = (CMSFile) mLoadedFiles.get(absPath); @@ -102,8 +102,8 @@ public class CMSFileLoader { // new file. if (cmsFile == null || modified != lastModified) { // Changed by bskim - //cmsFile = updateFile(absPath, file); - cmsFile = updateFile(absPath, file, enc); + // cmsFile = updateFile(absPath, file); + cmsFile = updateFile(absPath, file, enc); // Change end } cmsFile.setLastAccess(System.currentTimeMillis()); @@ -111,10 +111,10 @@ public class CMSFileLoader { } // Changed by bskim - //private CMSFile updateFile(String absPath, File file) - private CMSFile updateFile(String absPath, File file, String enc) - // Change end - throws EBaseException, IOException { + // private CMSFile updateFile(String absPath, File file) + private CMSFile updateFile(String absPath, File file, String enc) + // Change end + throws EBaseException, IOException { // clear if cache size exceeded. if (mLoadedFiles.size() >= mMaxSize) { clearSomeFiles(); @@ -125,24 +125,24 @@ public class CMSFileLoader { // check if file is a js template or plain template by its first String if (absPath.endsWith(CMSTemplate.SUFFIX)) { // Changed by bskim - //cmsFile = new CMSTemplate(file); + // cmsFile = new CMSTemplate(file); cmsFile = new CMSTemplate(file, enc); // End of Change } else { cmsFile = new CMSFile(file); } - mLoadedFiles.put(absPath, cmsFile); // replace old one if any. + mLoadedFiles.put(absPath, cmsFile); // replace old one if any. return cmsFile; } private synchronized void clearSomeFiles() { // recheck this in case some other thread has cleared it. - if (mLoadedFiles.size() < mMaxSize) + if (mLoadedFiles.size() < mMaxSize) return; - // remove the LRU files. - // XXX could be optimized more. + // remove the LRU files. + // XXX could be optimized more. Enumeration elements = mLoadedFiles.elements(); for (int i = mClearSize; i > 0; i--) { @@ -160,4 +160,3 @@ public class CMSFileLoader { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java index a76b1c75..c3854935 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for cms gateway. * <P> - * + * * @version $Revision$, $Date$ * @see java.util.ListResourceBundle */ @@ -38,8 +36,7 @@ public class CMSGWResources extends ListResourceBundle { } /* - * Constants. The suffix represents the number of - * possible parameters. + * Constants. The suffix represents the number of possible parameters. */ static final Object[][] contents = {}; diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java index b5c6e3c7..48e53c10 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.File; import java.io.IOException; import java.security.cert.X509Certificate; @@ -41,10 +40,9 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.logging.ILogger; - /** * This class is to hold some general method for servlets. - * + * * @version $Revision$, $Date$ */ public class CMSGateway { @@ -52,8 +50,7 @@ public class CMSGateway { private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll"; private final static String PROP_SERVER_XML = "server.xml"; - public static final String CERT_ATTR = - "javax.servlet.request.X509Certificate"; + public static final String CERT_ATTR = "javax.servlet.request.X509Certificate"; protected static CMSFileLoader mFileLoader = new CMSFileLoader(); @@ -68,11 +65,11 @@ public class CMSGateway { mEnableFileServing = true; mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY); try { - mEnableAdminEnroll = - mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false); + mEnableAdminEnroll = mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, + false); } catch (EBaseException e) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM")); } } @@ -88,7 +85,7 @@ public class CMSGateway { httpReqHash.put(name, req.getParameter(name)); } - + String ip = req.getRemoteAddr(); if (ip != null) httpReqHash.put("clientHost", ip); @@ -99,11 +96,11 @@ public class CMSGateway { return mEnableAdminEnroll; } - public static void setEnableAdminEnroll(boolean enableAdminEnroll) - throws EBaseException { + public static void setEnableAdminEnroll(boolean enableAdminEnroll) + throws EBaseException { IConfigStore mainConfig = CMS.getConfigStore(); - //!!! Is it thread safe? xxxx + // !!! Is it thread safe? xxxx mEnableAdminEnroll = enableAdminEnroll; mConfig.putBoolean(PROP_ENABLE_ADMIN_ENROLL, enableAdminEnroll); mainConfig.commit(true); @@ -112,9 +109,9 @@ public class CMSGateway { public static void disableAdminEnroll() throws EBaseException { setEnableAdminEnroll(false); - /* need to do this in web.xml and restart ws - removeServlet("/ca/adminEnroll", "AdminEnroll"); - initGateway(); + /* + * need to do this in web.xml and restart ws + * removeServlet("/ca/adminEnroll", "AdminEnroll"); initGateway(); */ } @@ -122,18 +119,19 @@ public class CMSGateway { * construct a authentication credentials to pass into authentication * manager. */ - public static AuthCredentials getAuthCreds( - IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) - throws EBaseException { + public static AuthCredentials getAuthCreds(IAuthManager authMgr, + IArgBlock argBlock, X509Certificate clientCert) + throws EBaseException { // get credentials from http parameters. if (authMgr == null) - return null; + return null; String[] reqCreds = authMgr.getRequiredCreds(); AuthCredentials creds = new AuthCredentials(); - + if (clientCert instanceof java.security.cert.X509Certificate) { try { - clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded()); + clientCert = new netscape.security.x509.X509CertImpl( + clientCert.getEncoded()); } catch (Exception e) { CMS.debug("CMSGateway: getAuthCreds " + e.toString()); } @@ -144,8 +142,7 @@ public class CMSGateway { if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) { // cert could be null; - creds.set(reqCred, new X509Certificate[] { clientCert} - ); + creds.set(reqCred, new X509Certificate[] { clientCert }); } else { String value = argBlock.getValueAsString(reqCred); @@ -162,62 +159,57 @@ public class CMSGateway { protected final static String AUTHMGR_PARAM = "authenticator"; - public static AuthToken checkAuthManager( - HttpServletRequest httpReq, IArgBlock httpParams, - X509Certificate cert, String authMgrName) - throws EBaseException { + public static AuthToken checkAuthManager(HttpServletRequest httpReq, + IArgBlock httpParams, X509Certificate cert, String authMgrName) + throws EBaseException { IArgBlock httpArgs = httpParams; if (httpArgs == null) httpArgs = CMS.createArgBlock(toHashtable(httpReq)); - IAuthSubsystem authSub = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IAuthSubsystem authSub = (IAuthSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_AUTH); - String authMgr_http = httpArgs.getValueAsString( - AUTHMGR_PARAM, null); + String authMgr_http = httpArgs.getValueAsString(AUTHMGR_PARAM, null); if (authMgr_http != null) { authMgrName = authMgr_http; } if (authMgrName == null || authMgrName.length() == 0) { - throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", - CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED"))); + throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", + CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED"))); } - - IAuthManager authMgr = - authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); + + IAuthManager authMgr = authSub + .getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); authMgr = authSub.getAuthManager(authMgrName); if (authMgr == null) return null; - IAuthCredentials creds = - getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert); + IAuthCredentials creds = getAuthCreds(authMgr, + CMS.createArgBlock(toHashtable(httpReq)), cert); AuthToken authToken = null; try { - authToken = (AuthToken) authMgr.authenticate(creds); + authToken = (AuthToken) authMgr.authenticate(creds); } catch (EBaseException e) { throw e; } catch (Exception e) { CMS.debug("CMSGateway: " + e); // catch all errors from authentication manager. - throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", - e.toString(), e.getMessage())); + throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", + e.toString(), e.getMessage())); } return authToken; } - public static void renderTemplate( - String templateName, - HttpServletRequest req, - HttpServletResponse resp, - ServletConfig servletConfig, - CMSFileLoader fileLoader) - throws EBaseException, IOException { - CMSTemplate template = - getTemplate(templateName, req, - servletConfig, fileLoader, new Locale[1]); + public static void renderTemplate(String templateName, + HttpServletRequest req, HttpServletResponse resp, + ServletConfig servletConfig, CMSFileLoader fileLoader) + throws EBaseException, IOException { + CMSTemplate template = getTemplate(templateName, req, servletConfig, + fileLoader, new Locale[1]); ServletOutputStream out = resp.getOutputStream(); template.renderOutput(out, new CMSTemplateParams(null, null)); @@ -239,9 +231,8 @@ public class CMSGateway { * @param realpathFile the file to get. * @param locale array of at least one to be filled with locale found. */ - public static File getLangFile( - HttpServletRequest req, File realpathFile, Locale[] locale) - throws IOException { + public static File getLangFile(HttpServletRequest req, File realpathFile, + Locale[] locale) throws IOException { File file = null; String acceptLang = req.getHeader("accept-language"); @@ -258,7 +249,7 @@ public class CMSGateway { } String name = realpathFile.getName(); - if (name == null) { // filename should never be null. + if (name == null) { // filename should never be null. throw new IOException("file has no name"); } int i; @@ -286,9 +277,8 @@ public class CMSGateway { break; } - String langfilepath = - parent + File.separatorChar + - lang + File.separatorChar + name; + String langfilepath = parent + File.separatorChar + lang + + File.separatorChar + name; file = new File(langfilepath); if (file.exists()) { @@ -311,54 +301,52 @@ public class CMSGateway { } /** - * get a template + * get a template */ - protected static CMSTemplate getTemplate( - String templateName, - HttpServletRequest httpReq, - ServletConfig servletConfig, - CMSFileLoader fileLoader, - Locale[] locale) - throws EBaseException, IOException { + protected static CMSTemplate getTemplate(String templateName, + HttpServletRequest httpReq, ServletConfig servletConfig, + CMSFileLoader fileLoader, Locale[] locale) throws EBaseException, + IOException { // this converts to system dependent file seperator char. if (servletConfig == null) { - CMS.debug( "CMSGateway:getTemplate() - servletConfig is null!" ); + CMS.debug("CMSGateway:getTemplate() - servletConfig is null!"); return null; } if (servletConfig.getServletContext() == null) { } if (templateName == null) { } - String realpath = - servletConfig.getServletContext().getRealPath("/" + templateName); + String realpath = servletConfig.getServletContext().getRealPath( + "/" + templateName); File realpathFile = new File(realpath); - File templateFile = - getLangFile(httpReq, realpathFile, locale); - CMSTemplate template = - //(CMSTemplate)fileLoader.getCMSFile(templateFile); - (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding()); + File templateFile = getLangFile(httpReq, realpathFile, locale); + CMSTemplate template = + // (CMSTemplate)fileLoader.getCMSFile(templateFile); + (CMSTemplate) fileLoader.getCMSFile(templateFile, + httpReq.getCharacterEncoding()); return template; } /** - * Get the If-Modified-Since header and compare it to the millisecond - * epoch value passed in. If there is no header, or there is a problem - * parsing the value, or if the file has been modified this will return - * true, indicating the file has changed. - * + * Get the If-Modified-Since header and compare it to the millisecond epoch + * value passed in. If there is no header, or there is a problem parsing the + * value, or if the file has been modified this will return true, indicating + * the file has changed. + * * @param lastModified The time value in milliseconds past the epoch to - * compare the If-Modified-Since header to. + * compare the If-Modified-Since header to. */ - public static boolean modifiedSince(HttpServletRequest req, long lastModified) { + public static boolean modifiedSince(HttpServletRequest req, + long lastModified) { long ifModSinceStr; try { ifModSinceStr = req.getDateHeader("If-Modified-Since"); - }catch (IllegalArgumentException e) { + } catch (IllegalArgumentException e) { return true; } - + if (ifModSinceStr < 0) { return true; } @@ -371,4 +359,3 @@ public class CMSGateway { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java index ca5abf03..b409bc63 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java @@ -17,12 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - - - /** - * handy class containing cms templates to load & fill. - * + * handy class containing cms templates to load & fill. + * * @version $Revision$, $Date$ */ public class CMSLoadTemplate { @@ -34,10 +31,9 @@ public class CMSLoadTemplate { public CMSLoadTemplate() { } - public CMSLoadTemplate( - String propName, String fillerPropName, - String templateName, ICMSTemplateFiller filler) { - + public CMSLoadTemplate(String propName, String fillerPropName, + String templateName, ICMSTemplateFiller filler) { + mPropName = propName; mFillerPropName = fillerPropName; mTemplateName = templateName; diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java index 27f1d3a5..6968ccc5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Hashtable; import java.util.Vector; @@ -35,7 +34,7 @@ import com.netscape.certsrv.request.RequestStatus; /** * This represents a user request. - * + * * @version $Revision$, $Date$ */ public class CMSRequest { @@ -46,7 +45,8 @@ public class CMSRequest { public static final Integer SVC_PENDING = Integer.valueOf(4); public static final Integer REJECTED = Integer.valueOf(5); public static final Integer ERROR = Integer.valueOf(6); - public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected error. + public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected + // error. private static final String RESULT = "cmsRequestResult"; @@ -59,7 +59,7 @@ public class CMSRequest { // http headers & other info. private HttpServletRequest mHttpReq = null; - // http response. + // http response. private HttpServletResponse mHttpResp = null; // http servlet config. @@ -68,11 +68,11 @@ public class CMSRequest { // http servlet context. private ServletContext mServletContext = null; - // permanent request in request queue. + // permanent request in request queue. private IRequest mRequest = null; // whether request processed successfully - private Integer mStatus = SUCCESS; + private Integer mStatus = SUCCESS; // exception message containing error that occured. // note exception could also be thrown seperately. @@ -85,13 +85,13 @@ public class CMSRequest { Object mResult = null; Hashtable mResults = new Hashtable(); - /** + /** * Constructor */ public CMSRequest() { } - // set methods use by servlets. + // set methods use by servlets. /** * set the HTTP parameters @@ -115,47 +115,45 @@ public class CMSRequest { } /** - * set the HTTP Response object which is used to create the - * HTTP response which is sent back to the user + * set the HTTP Response object which is used to create the HTTP response + * which is sent back to the user */ public void setHttpResp(HttpServletResponse httpResp) { mHttpResp = httpResp; } /** - * set the servlet configuration. The servlet configuration is - * read from the WEB-APPS/web.xml file under the <servlet> - * XML definition. The parameters are delimited by init-param - * param-name/param-value options as described in the servlet - * documentation. + * set the servlet configuration. The servlet configuration is read from the + * WEB-APPS/web.xml file under the <servlet> XML definition. The + * parameters are delimited by init-param param-name/param-value options as + * described in the servlet documentation. */ public void setServletConfig(ServletConfig servletConfig) { mServletConfig = servletConfig; } - /* - * set the servlet context. the servletcontext has detail - * about the currently running request + /* + * set the servlet context. the servletcontext has detail about the + * currently running request */ public void setServletContext(ServletContext servletContext) { mServletContext = servletContext; } - /** - * Set request status. - * @param status request status. Allowed values are - * UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING + /** + * Set request status. + * + * @param status request status. Allowed values are UNAUTHORIZED, SUCCESS, + * REJECTED, PENDING, ERROR, SVC_PENDING * @throws IllegalArgumentException if status is not one of the above values */ public void setStatus(Integer status) { - if ( !status.equals( UNAUTHORIZED ) && - !status.equals( SUCCESS ) && - !status.equals( REJECTED ) && - !status.equals( PENDING ) && - !status.equals( ERROR ) && - !status.equals( SVC_PENDING ) && - !status.equals( EXCEPTION ) ) { - throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS")); + if (!status.equals(UNAUTHORIZED) && !status.equals(SUCCESS) + && !status.equals(REJECTED) && !status.equals(PENDING) + && !status.equals(ERROR) && !status.equals(SVC_PENDING) + && !status.equals(EXCEPTION)) { + throw new IllegalArgumentException( + CMS.getLogMessage("CMSGW_BAD_REQ_STATUS")); } mStatus = status; } @@ -169,9 +167,9 @@ public class CMSRequest { } public void setErrorDescription(String descr) { - if (mErrorDescr == null) + if (mErrorDescr == null) mErrorDescr = new Vector(); - mErrorDescr.addElement(descr); + mErrorDescr.addElement(descr); } public void setResult(Object result) { @@ -235,7 +233,7 @@ public class CMSRequest { return reason; } - // handy routines for IRequest. + // handy routines for IRequest. public void setExtData(String type, String value) { if (mRequest != null) { @@ -251,7 +249,7 @@ public class CMSRequest { } } - // policy errors; set on rejection or possibly deferral. + // policy errors; set on rejection or possibly deferral. public Vector getPolicyMessages() { if (mRequest != null) { return mRequest.getExtDataInStringVector(IRequest.ERRORS); @@ -259,13 +257,13 @@ public class CMSRequest { return null; } - /** - * set default CMS status according to IRequest status. + /** + * set default CMS status according to IRequest status. */ public void setIRequestStatus() throws EBaseException { if (mRequest == null) { - EBaseException e = - new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST")); + EBaseException e = new ECMSGWException( + CMS.getLogMessage("CMSGW_MISSING_REQUEST")); throw e; } @@ -277,11 +275,11 @@ public class CMSRequest { mStatus = CMSRequest.SUCCESS; return; } - // unexpected resulting request status. + // unexpected resulting request status. if (status == RequestStatus.REJECTED) { mStatus = CMSRequest.REJECTED; return; - } // pending or service pending. + } // pending or service pending. else if (status == RequestStatus.PENDING) { mStatus = CMSRequest.PENDING; return; @@ -291,9 +289,9 @@ public class CMSRequest { } else { RequestId reqId = mRequest.getRequestId(); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", - status.toString(), reqId.toString())); + throw new ECMSGWException(CMS.getLogMessage( + "CMSGW_UNEXPECTED_REQUEST_STATUS_2", status.toString(), + reqId.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java index 4528ea7e..c6af2fe6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -39,23 +38,21 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.logging.ILogger; - /** - * File templates. This implementation will take - * an HTML file with a special customer tag - * <CMS_TEMPLATE> and replace the tag with - * a series of javascript variable definitions - * (depending on the servlet) - * + * File templates. This implementation will take an HTML file with a special + * customer tag <CMS_TEMPLATE> and replace the tag with a series of + * javascript variable definitions (depending on the servlet) + * * @version $Revision$, $Date$ */ public class CMSTemplate extends CMSFile { public static final String SUFFIX = ".template"; - /*========================================================== - * variables - *==========================================================*/ + /* + * ========================================================== variables + * ========================================================== + */ /* private variables */ private String mTemplateFileName = ""; @@ -68,29 +65,33 @@ public class CMSTemplate extends CMSFile { public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>"; /* Character set for i18n */ - + /* Will be set by CMSServlet.getTemplate() */ private String mCharset = null; - /*========================================================== - * constructors - *==========================================================*/ + /* + * ========================================================== constructors + * ========================================================== + */ /** * Constructor + * * @param file template file to load * @param charset character set - * @throws IOException if the there was an error opening the file + * @throws IOException if the there was an error opening the file */ - public CMSTemplate(File file, String charset) throws IOException, EBaseException { + public CMSTemplate(File file, String charset) throws IOException, + EBaseException { mCharset = charset; mAbsPath = file.getAbsolutePath(); mLastModified = file.lastModified(); try { init(file); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, + e.toString())); throw new ECMSGWException( CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE")); } @@ -99,16 +100,17 @@ public class CMSTemplate extends CMSFile { mContent = content.getBytes(mCharset); } - /*========================================================== - * public methods - *==========================================================*/ + /* + * ========================================================== public methods + * ========================================================== + */ /* * - * Load the form from the file and setup the - * pre/post output buffer if it is a template - * file. Otherwise, only post output buffer is - * filled. + * Load the form from the file and setup the pre/post output buffer if it is + * a template file. Otherwise, only post output buffer is filled. + * * @param template the template file to load + * * @return true if successful */ public boolean init(File template) throws EBaseException, IOException { @@ -118,9 +120,10 @@ public class CMSTemplate extends CMSFile { String content = loadFile(template); if (content == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMPLATE_EMPTY", mAbsPath)); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_TEMPLATE_NO_CONTENT_1", mAbsPath)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_TEMPLATE_EMPTY", mAbsPath)); + throw new ECMSGWException(CMS.getLogMessage( + "CMSGW_TEMPLATE_NO_CONTENT_1", mAbsPath)); } /* time stamp */ @@ -128,17 +131,17 @@ public class CMSTemplate extends CMSFile { mTimeStamp = now.getTime(); - /* if template file, find template tag substring and set - * pre/post output string + /* + * if template file, find template tag substring and set pre/post output + * string */ int location = content.indexOf(TEMPLATE_TAG); if (location == -1) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG)); - throw new ECMSGWException( - CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", - TEMPLATE_TAG, mAbsPath)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMPLATE_MISSING", + mAbsPath, TEMPLATE_TAG)); + throw new ECMSGWException(CMS.getLogMessage( + "CMSGW_MISSING_TEMPLATE_TAG_2", TEMPLATE_TAG, mAbsPath)); } mPreOutput = content.substring(0, location); mPostOutput = content.substring(TEMPLATE_TAG.length() + location); @@ -146,14 +149,15 @@ public class CMSTemplate extends CMSFile { return true; } - /** - * Write a javascript representation of 'input' - * surrounded by SCRIPT tags to the outputstream + /** + * Write a javascript representation of 'input' surrounded by SCRIPT tags to + * the outputstream + * * @param rout the outputstream to write to * @param input the parameters to write */ public void renderOutput(OutputStream rout, CMSTemplateParams input) - throws IOException { + throws IOException { Enumeration e = null, q = null; IArgBlock r = null; boolean headerBlock = false, fixedBlock = false, queryBlock = false; @@ -164,7 +168,7 @@ public class CMSTemplate extends CMSFile { http_out = new HTTPOutputStreamWriter(rout); else http_out = new HTTPOutputStreamWriter(rout, mCharset); - + try { templateLine out = new templateLine(); @@ -178,7 +182,7 @@ public class CMSTemplate extends CMSFile { out.println("var recordSet = new Array;"); out.println("var result = new Object();"); - // hack + // hack out.println("var httpParamsCount = 0;"); out.println("var httpHeadersCount = 0;"); out.println("var authTokenCount = 0;"); @@ -240,11 +244,11 @@ public class CMSTemplate extends CMSFile { out.println("record.recordSet = recordSet;"); } - //if (headerBlock) + // if (headerBlock) out.println("result.header = header;"); - //if (fixedBlock) + // if (fixedBlock) out.println("result.fixed = fixed;"); - //if (queryBlock) + // if (queryBlock) out.println("result.recordSet = recordSet;"); out.println("</SCRIPT>"); out.println(mPostOutput); @@ -256,15 +260,14 @@ public class CMSTemplate extends CMSFile { } /** - * Ouput the pre-amble HTML Header including - * the pre-output buffer. - * + * Ouput the pre-amble HTML Header including the pre-output buffer. + * * @param out output stream specified * @return success or error */ public boolean outputProlog(PrintWriter out) { - //Debug.trace("FormCache:outputProlog"); + // Debug.trace("FormCache:outputProlog"); /* output pre-output buffer */ out.print(mPreOutput); @@ -278,9 +281,8 @@ public class CMSTemplate extends CMSFile { } /** - * Output the post HTML tags and post-output - * buffer. - * + * Output the post HTML tags and post-output buffer. + * * @param out output stream specified * @return success or error */ @@ -299,11 +301,12 @@ public class CMSTemplate extends CMSFile { return mAbsPath; } - // inherit getabspath, getContent, get last access and set last access + // inherit getabspath, getContent, get last access and set last access - /*========================================================== - * private methods - *==========================================================*/ + /* + * ========================================================== private + * methods========================================================== + */ /* load file into string */ private String loadFile(File template) throws IOException { @@ -312,7 +315,8 @@ public class CMSTemplate extends CMSFile { /* create input stream, can throw IOException */ FileInputStream inStream = new FileInputStream(template); - InputStreamReader inReader = new InputStreamReader(inStream, mCharset);; + InputStreamReader inReader = new InputStreamReader(inStream, mCharset); + ; BufferedReader in = new BufferedReader(inReader); StringBuffer buf = new StringBuffer(); String line; @@ -325,8 +329,9 @@ public class CMSTemplate extends CMSFile { in.close(); inStream.close(); } catch (IOException e) { - log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage())); + log(ILogger.LL_WARN, + CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, + e.getMessage())); } return buf.toString(); } @@ -353,8 +358,8 @@ public class CMSTemplate extends CMSFile { } } else if (v instanceof BigInteger) { s = ((BigInteger) v).toString(10); - } else if (v instanceof Character && - ((Character) v).equals(Character.valueOf((char) 0))) { + } else if (v instanceof Character + && ((Character) v).equals(Character.valueOf((char) 0))) { s = "null"; } else { s = "\"" + v.toString() + "\""; @@ -364,10 +369,10 @@ public class CMSTemplate extends CMSFile { } /** - * Escape the contents of src string in preparation to be enclosed in - * double quotes as a JavaScript String Literal within an <script> - * portion of an HTML document. - * stevep - performance improvements - about 4 times faster than before. + * Escape the contents of src string in preparation to be enclosed in double + * quotes as a JavaScript String Literal within an <script> portion of an + * HTML document. stevep - performance improvements - about 4 times faster + * than before. */ public static String escapeJavaScriptString(String v) { int l = v.length(); @@ -380,25 +385,27 @@ public class CMSTemplate extends CMSFile { for (int i = 0; i < l; i++) { char c = in[i]; - if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { + if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { out[j++] = c; continue; } - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) + && ((i + 1) < l) + && (in[i + 1] == 'n' || in[i + 1] == 'r' + || in[i + 1] == 'f' || in[i + 1] == 't' + || in[i + 1] == '<' || in[i + 1] == '>' + || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' + && (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -456,9 +463,9 @@ public class CMSTemplate extends CMSFile { return new String(out, 0, j); } - /** - * Like escapeJavaScriptString(String s) but also escape '[' for - * HTML processing. + /** + * Like escapeJavaScriptString(String s) but also escape '[' for HTML + * processing. */ public static String escapeJavaScriptStringHTML(String v) { int l = v.length(); @@ -476,20 +483,22 @@ public class CMSTemplate extends CMSFile { continue; } - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) + && ((i + 1) < l) + && (in[i + 1] == 'n' || in[i + 1] == 'r' + || in[i + 1] == 'f' || in[i + 1] == 't' + || in[i + 1] == '<' || in[i + 1] == '>' + || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' + && (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -549,32 +558,30 @@ public class CMSTemplate extends CMSFile { /** * for debugging, return contents that would've been outputed. */ - public String getOutput(CMSTemplateParams input) - throws IOException { + public String getOutput(CMSTemplateParams input) throws IOException { debugOutputStream out = new debugOutputStream(); renderOutput(out, input); return out.toString(); } - private - class HTTPOutputStreamWriter extends OutputStreamWriter { + private class HTTPOutputStreamWriter extends OutputStreamWriter { public HTTPOutputStreamWriter(OutputStream out) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out); } - + public HTTPOutputStreamWriter(OutputStream out, String enc) - throws UnsupportedEncodingException { + throws UnsupportedEncodingException { super(out, enc); } - + public void print(String s) throws IOException { write(s, 0, s.length()); flush(); return; } - + public void println(String s) throws IOException { print(s); write('\n'); @@ -583,9 +590,9 @@ public class CMSTemplate extends CMSFile { } } - private class templateLine { private StringBuffer s = new StringBuffer(); + void templateLine() { } @@ -604,7 +611,6 @@ public class CMSTemplate extends CMSFile { } - private static class debugOutputStream extends ServletOutputStream { private StringWriter mStringWriter = new StringWriter(); @@ -613,7 +619,7 @@ public class CMSTemplate extends CMSFile { } public void write(int b) throws IOException { - mStringWriter.write(b); + mStringWriter.write(b); } public String toString() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java index ced37b93..e14546bb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Vector; import com.netscape.certsrv.base.IArgBlock; - /** * Holds template parameters - * + * * @version $Revision$, $Date$ */ public class CMSTemplateParams { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java index 0cd1102d..f15aadc7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import com.netscape.certsrv.base.EBaseException; - /** * A class represents a CMS gateway exception. * <P> - * + * * @version $Revision$, $Date$ */ public class ECMSGWException extends EBaseException { @@ -36,7 +34,8 @@ public class ECMSGWException extends EBaseException { /** * CA resource class name. */ - private static final String CMSGW_RESOURCES = CMSGWResources.class.getName(); + private static final String CMSGW_RESOURCES = CMSGWResources.class + .getName(); /** * Constructs a CMS Gateway exception. diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java index 6debd2c7..fda80023 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Locale; @@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** - * Default error template filler - * + * Default error template filler + * * @version $Revision$, $Date$ */ public class GenErrorTemplateFiller implements ICMSTemplateFiller { @@ -38,14 +36,15 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq the CMS Request. * @param authority the authority * @param locale the locale of template. * @param e unexpected error. ignored. */ - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -53,31 +52,33 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug( "GenErrorTemplateFiller::getTemplateParams() - " + - "cmsReq is null!" ); + CMS.debug("GenErrorTemplateFiller::getTemplateParams() - " + + "cmsReq is null!"); return null; } - - // error + + // error String ex = cmsReq.getError(); // Changed by beomsuk - /*if (ex == null) - ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); - fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale)); + /* + * if (ex == null) ex = new + * EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); + * fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale)); */ if ((ex == null) && (cmsReq.getReason() == null)) - ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")).toString(); + ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")) + .toString(); else if (ex != null) fixed.set(ICMSTemplateFiller.ERROR, ex); else if (cmsReq.getReason() != null) fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason()); - // Change end - - // error description if any. + // Change end + + // error description if any. Vector descr = cmsReq.getErrorDescr(); if (descr != null) { @@ -85,20 +86,17 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller { while (num.hasMoreElements()) { String elem = (String) num.nextElement(); - //System.out.println("Setting description "+elem.toString()); + // System.out.println("Setting description "+elem.toString()); IArgBlock argBlock = CMS.createArgBlock(); - argBlock.set(ICMSTemplateFiller.ERROR_DESCR, - elem); + argBlock.set(ICMSTemplateFiller.ERROR_DESCR, elem); params.addRepeatRecord(argBlock); } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java index 15456865..ced36b94 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.OutputStream; @@ -59,10 +58,9 @@ import com.netscape.certsrv.ra.IRegistrationAuthority; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestId; - /** - * default Pending template filler - * + * default Pending template filler + * * @version $Revision$, $Date$ */ public class GenPendingTemplateFiller implements ICMSTemplateFiller { @@ -72,28 +70,29 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - if( cmsReq == null ) { + if (cmsReq == null) { return null; } // request status if any. Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); - // request id + // request id IRequest req = cmsReq.getIRequest(); if (req != null) { @@ -106,52 +105,46 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { if (doFullResponse(httpParams)) { SEQUENCE controlSeq = new SEQUENCE(); int bpid = 1; - PendInfo pendInfo = new PendInfo(reqId.toString(), new - Date()); - OtherInfo otherInfo = new - OtherInfo(OtherInfo.PEND, null, pendInfo); + PendInfo pendInfo = new PendInfo(reqId.toString(), new Date()); + OtherInfo otherInfo = new OtherInfo(OtherInfo.PEND, null, + pendInfo); SEQUENCE bpids = new SEQUENCE(); - String[] reqIdArray = - req.getExtDataInStringArray(IRequest.CMC_REQIDS); + String[] reqIdArray = req + .getExtDataInStringArray(IRequest.CMC_REQIDS); for (int i = 0; i < reqIdArray.length; i++) { bpids.addElement(new INTEGER(reqIdArray[i])); } - CMCStatusInfo cmcStatusInfo = new - CMCStatusInfo(CMCStatusInfo.PENDING, bpids, - (String) null, otherInfo); - TaggedAttribute ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, - cmcStatusInfo); + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.PENDING, bpids, (String) null, otherInfo); + TaggedAttribute ta = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(ta); // copy transactionID, senderNonce, // create recipientNonce // create responseInfo if regInfo exist - String[] transIds = - req.getExtDataInStringArray(IRequest.CMC_TRANSID); + String[] transIds = req + .getExtDataInStringArray(IRequest.CMC_TRANSID); SET ids = new SET(); for (int i = 0; i < transIds.length; i++) { ids.addElement(new INTEGER(transIds[i])); } - ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_transactionId, - ids); + ta = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_transactionId, ids); controlSeq.addElement(ta); - String[] senderNonce = req.getExtDataInStringArray(IRequest.CMC_SENDERNONCE); + String[] senderNonce = req + .getExtDataInStringArray(IRequest.CMC_SENDERNONCE); SET nonces = new SET(); for (int i = 0; i < senderNonce.length; i++) { - nonces.addElement(new OCTET_STRING(senderNonce[i].getBytes())); + nonces.addElement(new OCTET_STRING(senderNonce[i] + .getBytes())); } - ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_recipientNonce, - nonces); + ta = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_recipientNonce, nonces); controlSeq.addElement(ta); req.setExtData(IRequest.CMC_RECIPIENTNONCE, senderNonce); @@ -160,61 +153,65 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { byte[] dig; try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + MessageDigest SHA1Digest = MessageDigest + .getInstance("SHA1"); dig = SHA1Digest.digest(salt.getBytes()); } catch (NoSuchAlgorithmException ex) { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = {b64E}; + String[] newNonce = { b64E }; - ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_senderNonce, - new OCTET_STRING(newNonce[0].getBytes())); + ta = new TaggedAttribute(new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING( + newNonce[0].getBytes())); controlSeq.addElement(ta); req.setExtData(IRequest.CMC_SENDERNONCE, newNonce); - ResponseBody rb = new ResponseBody(controlSeq, new - SEQUENCE(), new - SEQUENCE()); - EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, - rb); + ResponseBody rb = new ResponseBody(controlSeq, new SEQUENCE(), + new SEQUENCE()); + EncapsulatedContentInfo ci = new EncapsulatedContentInfo( + OBJECT_IDENTIFIER.id_cct_PKIResponse, rb); org.mozilla.jss.crypto.X509Certificate x509cert = null; if (authority instanceof ICertificateAuthority) { - x509cert = ((ICertificateAuthority) authority).getCaX509Cert(); - }else if (authority instanceof IRegistrationAuthority) { + x509cert = ((ICertificateAuthority) authority) + .getCaX509Cert(); + } else if (authority instanceof IRegistrationAuthority) { x509cert = ((IRegistrationAuthority) authority).getRACert(); } if (x509cert == null) return params; try { X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); - ByteArrayInputStream issuer1 = new - ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); + ByteArrayInputStream issuer1 = new ByteArrayInputStream( + ((X500Name) cert.getIssuerDN()).getEncoded()); Name issuer = (Name) Name.getTemplate().decode(issuer1); - IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); - SignerIdentifier si = new - SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + IssuerAndSerialNumber ias = new IssuerAndSerialNumber( + issuer, new INTEGER(cert.getSerialNumber() + .toString())); + SignerIdentifier si = new SignerIdentifier( + SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; - org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); - org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); + org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager + .getInstance().findPrivKeyByCert(x509cert); + org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey + .getType(); - if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA ) ) { + if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) { signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - } else if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA ) ) { + } else if (keyType + .equals(org.mozilla.jss.crypto.PrivateKey.DSA)) { signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else { - CMS.debug( "GenPendingTemplateFiller::getTemplateParams() - " - + "keyType " + keyType.toString() - + " is unsupported!" ); + CMS.debug("GenPendingTemplateFiller::getTemplateParams() - " + + "keyType " + + keyType.toString() + + " is unsupported!"); return null; } @@ -224,41 +221,36 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); rb.encode((OutputStream) ostream); digest = SHADigest.digest(ostream.toByteArray()); } catch (NoSuchAlgorithmException ex) { - //log("digest fail"); + // log("digest fail"); } - SignerInfo signInfo = new - SignerInfo(si, null, null, - OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, - privKey); + SignerInfo signInfo = new SignerInfo(si, null, null, + OBJECT_IDENTIFIER.id_cct_PKIResponse, digest, + signAlg, privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { - AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), - null); + AlgorithmIdentifier ai = new AlgorithmIdentifier( + digestAlg.toOID(), null); digestAlgs.addElement(ai); } - - SignedData fResponse = new - SignedData(digestAlgs, ci, - null, null, signInfos); - ContentInfo fullResponse = new - ContentInfo(ContentInfo.SIGNED_DATA, fResponse); - ByteArrayOutputStream ostream = new - ByteArrayOutputStream(); + + SignedData fResponse = new SignedData(digestAlgs, ci, null, + null, signInfos); + ContentInfo fullResponse = new ContentInfo( + ContentInfo.SIGNED_DATA, fResponse); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); fullResponse.encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); @@ -270,9 +262,8 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { } } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); return params; } @@ -286,4 +277,3 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller { return false; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java index 798b7f0d..dbeae0f2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Enumeration; import java.util.Locale; @@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; - /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { @@ -45,8 +43,8 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -54,15 +52,15 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } else { - CMS.debug( "GenRejectedTemplateFiller::getTemplateParams() - " + - "cmsReq is null!" ); + CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - " + + "cmsReq is null!"); return null; } - // request id + // request id IRequest req = cmsReq.getIRequest(); if (req != null) { @@ -76,7 +74,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { while (msgs.hasMoreElements()) { String ex = (String) msgs.nextElement(); - IArgBlock messageArgBlock = CMS.createArgBlock(); + IArgBlock messageArgBlock = CMS.createArgBlock(); messageArgBlock.set(POLICY_MESSAGE, ex); params.addRepeatRecord(messageArgBlock); @@ -86,10 +84,8 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller { // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java index ff3d4f8c..6702e30d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; - /** - * default Success template filler - * + * default Success template filler + * * @version $Revision$, $Date$ */ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { @@ -36,14 +34,15 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -51,15 +50,13 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } - // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + // this authority + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java index d08b83a8..aec29028 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; - /** - * default Service Pending template filler - * + * default Service Pending template filler + * * @version $Revision$, $Date$ */ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { @@ -38,14 +36,15 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -63,8 +62,8 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { fixed.set(ICMSTemplateFiller.REQUEST_ID, req.getRequestId()); // remote authority we're waiting for - String remoteAuthority = - req.getExtDataInString(IRequest.REMOTE_SERVICE_AUTHORITY); + String remoteAuthority = req + .getExtDataInString(IRequest.REMOTE_SERVICE_AUTHORITY); if (remoteAuthority != null) fixed.set(REMOTE_AUTHORITY, remoteAuthority); @@ -72,10 +71,8 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller { } // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java index befacf83..65bca22e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.IArgBlock; - /** - * default Unauthorized template filler - * + * default Unauthorized template filler + * * @version $Revision$, $Date$ */ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { @@ -36,14 +34,15 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); @@ -51,19 +50,17 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller { if (cmsReq != null) { Integer sts = cmsReq.getStatus(); - if (sts != null) + if (sts != null) fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); } // set unauthorized error - fixed.set(ICMSTemplateFiller.ERROR, - new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); + fixed.set(ICMSTemplateFiller.ERROR, + new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"))); - // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + // this authority + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java index 1ae6ee45..1ce7f0f9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java @@ -16,7 +16,6 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; @@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; - /** - * default unexpected error template filler - * + * default unexpected error template filler + * * @version $Revision$, $Date$ */ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { @@ -37,41 +35,41 @@ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller { } /** - * fill error details and description if any. + * fill error details and description if any. + * * @param cmsReq CMS Request * @param authority this authority * @param locale locale of template. * @param e unexpected exception e. ignored. */ - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) { IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(null, fixed); - + // When an exception occurs the exit is non-local which probably // will leave the requestStatus value set to something other - // than CMSRequest.EXCEPTION, so force the requestStatus to - // EXCEPTION since it must be that if we're here. + // than CMSRequest.EXCEPTION, so force the requestStatus to + // EXCEPTION since it must be that if we're here. Integer sts = CMSRequest.EXCEPTION; - if (cmsReq != null) cmsReq.setStatus(sts); + if (cmsReq != null) + cmsReq.setStatus(sts); fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString()); // the unexpected error (exception) - if (e == null) + if (e == null) e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")); String errMsg = null; - if (e instanceof EBaseException) + if (e instanceof EBaseException) errMsg = ((EBaseException) e).toString(locale); - else + else errMsg = e.toString(); fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg); // this authority - if (authority != null) - fixed.set(ICMSTemplateFiller.AUTHORITY, - authority.getOfficialName()); + if (authority != null) + fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName()); return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java index ddd6f0a1..6633eb97 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java @@ -17,35 +17,32 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; import com.netscape.certsrv.authority.IAuthority; - /** * This interface represents a template filler. - * + * * @version $Revision$, $Date$ */ public interface ICMSTemplateFiller { - // common template variables. + // common template variables. public final static String ERROR = "errorDetails"; public final static String ERROR_DESCR = "errorDescription"; public final static String EXCEPTION = "unexpectedError"; - public static final String HOST = "host"; - public static final String PORT = "port"; - public static final String SCHEME = "scheme"; + public static final String HOST = "host"; + public static final String PORT = "port"; + public static final String SCHEME = "scheme"; - public static final String AUTHORITY = "authorityName"; + public static final String AUTHORITY = "authorityName"; - public static final String REQUEST_STATUS = "requestStatus"; + public static final String REQUEST_STATUS = "requestStatus"; - public static final String KEYREC_ID = "keyrecId"; - public static final String REQUEST_ID = "requestId"; + public static final String KEYREC_ID = "keyrecId"; + public static final String REQUEST_ID = "requestId"; - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) - throws Exception; + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority mAuthority, Locale locale, Exception e) throws Exception; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java index 27ea5ec1..827f24f1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java @@ -17,10 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public interface IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java index ce1a5082..ac6fee86 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -26,15 +25,13 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.base.ISubsystem; - /** - * A class represents a certificate server kernel. This - * kernel contains a list of resident subsystems such - * as logging, security, remote administration. Additional - * subsystems can be loaded into this kernel by specifying - * parameters in the configuration store. + * A class represents a certificate server kernel. This kernel contains a list + * of resident subsystems such as logging, security, remote administration. + * Additional subsystems can be loaded into this kernel by specifying parameters + * in the configuration store. * <P> - * + * * @version $Revision$, $Date$ */ public class IndexTemplateFiller implements ICMSTemplateFiller { @@ -52,8 +49,8 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { public IndexTemplateFiller() { } - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority mAuthority, Locale locale, Exception e) { IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams params = new CMSTemplateParams(header, ctx); @@ -103,11 +100,11 @@ public class IndexTemplateFiller implements ICMSTemplateFiller { count++; } // information about what is selected is provided - // from the caller. This parameter (selected) is used + // from the caller. This parameter (selected) is used // by header servlet try { - header.addStringValue("selected", - cmsReq.getHttpParams().getValueAsString("selected")); + header.addStringValue("selected", cmsReq.getHttpParams() + .getValueAsString("selected")); } catch (EBaseException ex) { } header.addIntegerValue(OUT_TOTAL_COUNT, count); diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java index fb31fec1..f936e075 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java @@ -17,10 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - /** * This represents raw JS parameters. - * + * * @version $Revision$, $Date$ */ public class RawJS implements IRawJS { diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java index 580909cb..f9951f05 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.common; - import java.util.StringTokenizer; import javax.servlet.ServletConfig; @@ -28,10 +27,9 @@ import com.netscape.certsrv.authorization.IAuthzSubsystem; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; - /** * Utility class - * + * * @version $Revision$, $Date$ */ public class Utils { @@ -45,13 +43,13 @@ public class Utils { public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz"; public final static String AUTHZ_MGR_LDAP = "DirAclAuthz"; - public static String initializeAuthz(ServletConfig sc, - IAuthzSubsystem authz, String id) throws ServletException { + public static String initializeAuthz(ServletConfig sc, + IAuthzSubsystem authz, String id) throws ServletException { String srcType = AUTHZ_SRC_LDAP; try { - IConfigStore authzConfig = - CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE); + IConfigStore authzConfig = CMS.getConfigStore().getSubStore( + AUTHZ_CONFIG_STORE); srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP); } catch (EBaseException e) { @@ -63,8 +61,8 @@ public class Utils { if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) { CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", "")); aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR); - if (aclMethod != null && - aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { + if (aclMethod != null + && aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) { String aclInfo = sc.getInitParameter(PROP_ACL); if (aclInfo != null) { @@ -75,8 +73,8 @@ public class Utils { "failed to init authz info from xml config file"); } - CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", - id)); + CMS.debug(CMS.getLogMessage( + "ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", id)); } else { CMS.debug(CMS.getLogMessage( "ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, id, @@ -95,7 +93,7 @@ public class Utils { } public static void addACLInfo(IAuthzSubsystem authz, String aclMethod, - String aclInfo) throws EBaseException { + String aclInfo) throws EBaseException { StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java index b3809579..7f8b0953 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.connector; - import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -58,12 +57,10 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * Clone servlet - part of the Clone Authority (CLA) - * processes Revoked certs from its dependant clone CAs - * service request and return status. - * + * Clone servlet - part of the Clone Authority (CLA) processes Revoked certs + * from its dependant clone CAs service request and return status. + * * @version $Revision$, $Date$ */ public class CloneServlet extends CMSServlet { @@ -88,19 +85,17 @@ public class CloneServlet extends CMSServlet { String authority = sc.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) - CMS.getSubsystem(authority); + mAuthority = (IAuthority) CMS.getSubsystem(authority); mReqEncoder = CMS.getHttpRequestEncoder(); mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { + public void service(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException( - "CMS server is not ready to serve."); + throw new IOException("CMS server is not ready to serve."); ServletContext servletContext = mConfig.getServletContext(); @@ -130,14 +125,14 @@ public class CloneServlet extends CMSServlet { IRequest r = null; IRequest reply = null; - // NOTE must read all bufer before redoing handshake for + // NOTE must read all bufer before redoing handshake for // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = req.getContentLength(); + len = req.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -159,16 +154,16 @@ public class CloneServlet extends CMSServlet { // force client auth handshake, validate clone CA (CCA) // and get CCA's Id. - // NOTE must do this after all contents are read for ssl - // redohandshake to work + // NOTE must do this after all contents are read for ssl + // redohandshake to work X509Certificate peerCert; try { peerCert = getPeerCert(req); - }catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + } catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -190,7 +185,7 @@ public class CloneServlet extends CMSServlet { CMS.debug("CloneServlet: about to authenticate"); token = authenticate(peerCert); // cfu maybe don't need CCA_Id, because the above check - // was good enough + // was good enough CCAUserId = token.getInString("userid"); CCA_Id = (String) peerCert.getSubjectDN().toString(); } catch (EInvalidCredentials e) { @@ -203,15 +198,17 @@ public class CloneServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, - "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN()); + mAuthority.log( + ILogger.LL_INFO, + "Clone Certificate Authority authenticated: " + + peerCert.getSubjectDN()); // authorize, any authenticated user are authorized AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, - mAuthzResourceName, "submit"); + authzToken = authorize(mAclMethod, token, mAuthzResourceName, + "submit"); } catch (Exception e) { // do nothing for now } @@ -232,29 +229,34 @@ public class CloneServlet extends CMSServlet { } // now process CCA request - should just be posting revoked - // certs for now + // certs for now try { // decode request. - CMS.debug("Cloneservlet: before decoding request, encodedreq= " + encodedreq); + CMS.debug("Cloneservlet: before decoding request, encodedreq= " + + encodedreq); msg = (IPKIMessage) mReqEncoder.decode(encodedreq); - // process request + // process request CMS.debug("Cloneservlet: decoded request"); replymsg = processRequest(CCA_Id, CCAUserId, msg, token); } catch (IOException e) { e.printStackTrace(); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log( + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log( + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } - // encode reply + // encode reply String encodedrep = mReqEncoder.encode(replymsg); resp.setStatus(HttpServletResponse.SC_OK); @@ -271,46 +273,47 @@ public class CloneServlet extends CMSServlet { out.flush(); } - //cfu ++change this to just check the subject and signer - protected IAuthToken authenticate( - X509Certificate peerCert) - throws EBaseException { + // cfu ++change this to just check the subject and signer + protected IAuthToken authenticate(X509Certificate peerCert) + throws EBaseException { try { - // XXX using agent authentication now since we're only - // verifying that the cert belongs to a user in the db. - // XXX change this to ACL in the future. + // XXX using agent authentication now since we're only + // verifying that the cert belongs to a user in the db. + // XXX change this to ACL in the future. // build JAVA X509Certificate from peerCert. X509CertImpl cert = new X509CertImpl(peerCert.getEncoded()); AuthCredentials creds = new AuthCredentials(); - creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, - new X509Certificate[] {cert} - ); + creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, + new X509Certificate[] { cert }); - IAuthToken token = mAuthSubsystem.authenticate(creds, + IAuthToken token = mAuthSubsystem.authenticate(creds, IAuthSubsystem.CERTUSERDB_AUTHMGR_ID); return token; } catch (CertificateException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + mAuthority.log(ILogger.LL_SECURITY, CMS.getLogMessage( + "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert + .getSubjectDN().toString())); + throw new EBaseException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (EInvalidCredentials e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_SECURITY, CMS.getLogMessage( + "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert + .getSubjectDN().toString())); throw e; } catch (EBaseException e) { - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString())); + mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert + .getSubjectDN().toString())); throw e; } } - protected IPKIMessage processRequest( - String source, String sourceUserId, IPKIMessage msg, IAuthToken token) - throws EBaseException { + protected IPKIMessage processRequest(String source, String sourceUserId, + IPKIMessage msg, IAuthToken token) throws EBaseException { IPKIMessage replymsg = null; IRequest r = null; IRequestQueue queue = mAuthority.getRequestQueue(); @@ -326,13 +329,14 @@ public class CloneServlet extends CMSServlet { thisreq = queue.findRequest(thisreqid); if (thisreq == null) { // strange case. - String errormsg = "Cannot find request in request queue " + thisreqid; + String errormsg = "Cannot find request in request queue " + + thisreqid; mAuthority.log(ILogger.LL_FAILURE, errormsg); throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, - "Found request " + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, "Found request " + thisreqid + + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); return replymsg; @@ -347,8 +351,7 @@ public class CloneServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. - thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_RA); mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid); // Set this so that request's updateBy is recorded @@ -362,55 +365,47 @@ public class CloneServlet extends CMSServlet { replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); - //for audit log + // for audit log String agentID = sourceUserId; - String initiative = AuditFormat.FROMRA + " trustedManagerID: " + - agentID + " remote reqID " + msg.getReqId(); + String initiative = AuditFormat.FROMRA + " trustedManagerID: " + + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = - token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } - + // Get the certificate info from the request - X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certInfo[] = thisreq + .getExtDataInCertInfoArray(IRequest.CERT_INFO); try { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, AuditFormat.FORMAT, + new Object[] { thisreq.getRequestType(), + thisreq.getRequestId(), initiative, + authMgr, thisreq.getRequestStatus(), + certInfo[i].get(X509CertInfo.SUBJECT), + "" }); } } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { thisreq.getRequestType(), + thisreq.getRequestId(), initiative, + authMgr, thisreq.getRequestStatus() }); } } else { - if - (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) { - Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); + if (thisreq.getRequestType().equals( + IRequest.CLA_CERT4CRL_REQUEST)) { + Integer result = thisreq + .getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { CMS.debug("CloneServlet: error in CLA_CERT4CRL_REQUEST"); @@ -420,155 +415,83 @@ public class CloneServlet extends CMSServlet { } } - /* cfu --- - if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) { - // XXX make the repeat record. - // Get the certificate(s) from the request - X509CertImpl issuedCerts[] = - (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. - if (issuedCerts != null) { - for (int i = 0; i < issuedCerts.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed", - issuedCerts[i].getSubjectDN() , - "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16)} - ); - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed"} - ); - } - } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { - X509CertImpl[] certs = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); - X509CertImpl old_cert = certs[0]; - certs = (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); - X509CertImpl renewed_cert = certs[0]; - if (old_cert != null && renewed_cert != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative , - authMgr , - "completed", - old_cert.getSubjectDN() , - old_cert.getSerialNumber().toString(16) , - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16)} - ); - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed with error"} - ); - } - } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) { - X509CertImpl[] oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); - RevokedCertImpl crlentries[] = - (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS); - CRLExtensions crlExts = crlentries[0].getExtensions(); - int reason = 0; - if (crlExts != null) { - Enumeration enum = crlExts.getElements(); - while(enum.hasMoreElements()){ - Extension ext = (Extension) enum.nextElement(); - if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension)ext).getReason().toInt - (); - break; - } - } - } - - int count = oldCerts.length; - Integer result = (Integer)thisreq.get(IRequest.RESULT); - if (result.equals(IRequest.RES_ERROR)) { - EBaseException ex = (EBaseException)thisreq.get(IRequest.ERROR); - EBaseException[] svcErrors = - (EBaseException[])thisreq.get(IRequest.SVCERRORS); - if (svcErrors != null && svcErrors.length > 0) { - for (int i = 0; i < svcErrors.length; i++) { - EBaseException err = svcErrors[i]; - if (err != null) { - for (int j = 0; j < count; j++) { - if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative , - "completed with error: " + - err.toString() , - oldCerts[j].getSubjectDN() , - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); - } - } - } - } - } - } else { - // the success. - for (int j = 0; j < count; j++) { - if (oldCerts[j] != null) { - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative , - "completed" , - oldCerts[j].getSubjectDN() , - oldCerts[j].getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); - } - } - } - } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId() , - initiative , - authMgr , - "completed"} - ); - } - cfu */ + /* + * cfu --- if + * (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST + * )) { // XXX make the repeat record. // Get the certificate(s) + * from the request X509CertImpl issuedCerts[] = + * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); // return + * potentially more than one certificates. if (issuedCerts != + * null) { for (int i = 0; i < issuedCerts.length; i++) { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.FORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed", issuedCerts[i].getSubjectDN() , + * "cert issued serial number: 0x" + + * issuedCerts[i].getSerialNumber().toString(16)} ); } } else { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed"} ); } } else if + * (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { + * X509CertImpl[] certs = + * (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); X509CertImpl + * old_cert = certs[0]; certs = + * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); + * X509CertImpl renewed_cert = certs[0]; if (old_cert != null && + * renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT, + * ILogger.S_OTHER, AuditFormat.LEVEL, + * AuditFormat.RENEWALFORMAT, new Object[] { + * thisreq.getRequestId(), initiative , authMgr , "completed", + * old_cert.getSubjectDN() , + * old_cert.getSerialNumber().toString(16) , + * "new serial number: 0x" + + * renewed_cert.getSerialNumber().toString(16)} ); } else { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed with error"} ); } } else if + * (thisreq.getRequestType + * ().equals(IRequest.REVOCATION_REQUEST)) { X509CertImpl[] + * oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); + * RevokedCertImpl crlentries[] = + * (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS); + * CRLExtensions crlExts = crlentries[0].getExtensions(); int + * reason = 0; if (crlExts != null) { Enumeration enum = + * crlExts.getElements(); while(enum.hasMoreElements()){ + * Extension ext = (Extension) enum.nextElement(); if (ext + * instanceof CRLReasonExtension) { reason = + * ((CRLReasonExtension)ext).getReason().toInt (); break; } } } + * + * int count = oldCerts.length; Integer result = + * (Integer)thisreq.get(IRequest.RESULT); if + * (result.equals(IRequest.RES_ERROR)) { EBaseException ex = + * (EBaseException)thisreq.get(IRequest.ERROR); EBaseException[] + * svcErrors = + * (EBaseException[])thisreq.get(IRequest.SVCERRORS); if + * (svcErrors != null && svcErrors.length > 0) { for (int i = 0; + * i < svcErrors.length; i++) { EBaseException err = + * svcErrors[i]; if (err != null) { for (int j = 0; j < count; + * j++) { if (oldCerts[j] != null) { + * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.DOREVOKEFORMAT, new Object[] { + * thisreq.getRequestId(), initiative , "completed with error: " + * + err.toString() , oldCerts[j].getSubjectDN() , + * oldCerts[j].getSerialNumber().toString(16), + * RevocationReason.fromInt(reason).toString()} ); } } } } } } + * else { // the success. for (int j = 0; j < count; j++) { if + * (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT, + * ILogger.S_OTHER, AuditFormat.LEVEL, + * AuditFormat.DOREVOKEFORMAT, new Object[] { + * thisreq.getRequestId(), initiative , "completed" , + * oldCerts[j].getSubjectDN() , + * oldCerts[j].getSerialNumber().toString(16), + * RevocationReason.fromInt(reason).toString()} ); } } } } else + * { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] { + * thisreq.getRequestType(), thisreq.getRequestId() , initiative + * , authMgr , "completed"} ); } cfu + */ } } catch (IOException e) { } catch (CertificateException e) { @@ -577,8 +500,8 @@ public class CloneServlet extends CMSServlet { return replymsg; } - protected X509Certificate - getPeerCert(HttpServletRequest req) throws EBaseException { + protected X509Certificate getPeerCert(HttpServletRequest req) + throws EBaseException { return getSSLClientCertificate(req); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java index ad48d18d..0681baca 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java @@ -72,12 +72,10 @@ import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * Connector servlet - * process requests from remote authority - - * service request or return status. - * + * Connector servlet process requests from remote authority - service request or + * return status. + * * @version $Revision$, $Date$ */ public class ConnectorServlet extends CMSServlet { @@ -95,14 +93,10 @@ public class ConnectorServlet extends CMSServlet { protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl"; - private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN = - "unknown"; - private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS = - "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; - private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN = "unknown"; + private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS = "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5"; + private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; @@ -115,22 +109,19 @@ public class ConnectorServlet extends CMSServlet { String authority = sc.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) - CMS.getSubsystem(authority); + mAuthority = (IAuthority) CMS.getSubsystem(authority); mReqEncoder = CMS.getHttpRequestEncoder(); - + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } - public void service(HttpServletRequest request, - HttpServletResponse response) - throws ServletException, IOException { + public void service(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { boolean running_state = CMS.isInRunningState(); if (!running_state) - throw new IOException( - "CMS server is not ready to serve."); + throw new IOException("CMS server is not ready to serve."); HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; @@ -163,14 +154,14 @@ public class ConnectorServlet extends CMSServlet { IRequest r = null; IRequest reply = null; - // NOTE must read all bufer before redoing handshake for + // NOTE must read all bufer before redoing handshake for // ssl client auth for client auth to work. // get request method - method = req.getMethod(); + method = req.getMethod(); // get content length - len = request.getContentLength(); + len = request.getContentLength(); // get content, a base 64 encoded serialized request. if (len > 0) { @@ -191,16 +182,16 @@ public class ConnectorServlet extends CMSServlet { } // force client auth handshake, validate RA and get RA's Id. - // NOTE must do this after all contents are read for ssl - // redohandshake to work + // NOTE must do this after all contents are read for ssl + // redohandshake to work X509Certificate peerCert; try { peerCert = getPeerCert(req); - }catch (EBaseException e) { - mAuthority.log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); + } catch (EBaseException e) { + mAuthority.log(ILogger.LL_SECURITY, + CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT")); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -211,7 +202,7 @@ public class ConnectorServlet extends CMSServlet { return; } - // authenticate RA + // authenticate RA String RA_Id = null; String raUserId = null; @@ -231,15 +222,15 @@ public class ConnectorServlet extends CMSServlet { return; } - mAuthority.log(ILogger.LL_INFO, - "Remote Authority authenticated: " + peerCert.getSubjectDN()); + mAuthority.log(ILogger.LL_INFO, "Remote Authority authenticated: " + + peerCert.getSubjectDN()); // authorize AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, token, - mAuthzResourceName, "submit"); + authzToken = authorize(mAclMethod, token, mAuthzResourceName, + "submit"); } catch (Exception e) { // do nothing for now } @@ -265,20 +256,24 @@ public class ConnectorServlet extends CMSServlet { try { // decode request. msg = (IPKIMessage) mReqEncoder.decode(encodedreq); - // process request + // process request replymsg = processRequest(RA_Id, raUserId, msg, token); } catch (IOException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log( + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); resp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } catch (EBaseException e) { CMS.debug("ConnectorServlet: service " + e.toString()); CMS.debug(e); - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + mAuthority.log( + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } catch (Exception e) { @@ -288,7 +283,7 @@ public class ConnectorServlet extends CMSServlet { CMS.debug("ConnectorServlet: done processRequest"); - // encode reply + // encode reply try { String encodedrep = mReqEncoder.encode(replymsg); @@ -326,10 +321,12 @@ public class ConnectorServlet extends CMSServlet { ByteArrayOutputStream byteStream; try { - info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + info = request + .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); - // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); - CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY); + // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0")); + CertificateX509Key certKey = (CertificateX509Key) info + .get(X509CertInfo.KEY); if (certKey != null) { byteStream = new ByteArrayOutputStream(); certKey.encode(byteStream); @@ -337,15 +334,15 @@ public class ConnectorServlet extends CMSServlet { byteStream.toByteArray()); } - CertificateSubjectName certSubject = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + CertificateSubjectName certSubject = (CertificateSubjectName) info + .get(X509CertInfo.SUBJECT); if (certSubject != null) { request.setExtData(IEnrollProfile.REQUEST_SUBJECT_NAME, certSubject); } - CertificateValidity certValidity = (CertificateValidity) - info.get(X509CertInfo.VALIDITY); + CertificateValidity certValidity = (CertificateValidity) info + .get(X509CertInfo.VALIDITY); if (certValidity != null) { byteStream = new ByteArrayOutputStream(); certValidity.encode(byteStream); @@ -353,15 +350,15 @@ public class ConnectorServlet extends CMSServlet { byteStream.toByteArray()); } - CertificateExtensions extensions = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = (CertificateExtensions) info + .get(X509CertInfo.EXTENSIONS); if (extensions != null) { request.setExtData(IEnrollProfile.REQUEST_EXTENSIONS, extensions); } - CertificateAlgorithmId certAlg = (CertificateAlgorithmId) - info.get(X509CertInfo.ALGORITHM_ID); + CertificateAlgorithmId certAlg = (CertificateAlgorithmId) info + .get(X509CertInfo.ALGORITHM_ID); if (certAlg != null) { ByteArrayOutputStream certAlgOut = new ByteArrayOutputStream(); certAlg.encode(certAlgOut); @@ -369,16 +366,14 @@ public class ConnectorServlet extends CMSServlet { certAlgOut.toByteArray()); } } catch (Exception e) { - CMS.debug("ConnectorServlet: profile normalization " + - e.toString()); + CMS.debug("ConnectorServlet: profile normalization " + e.toString()); } String profileId = request.getExtDataInString("profileId"); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem("profile"); + IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem("profile"); IEnrollProfile profile = null; - // profile subsystem may not be available. In case of KRA for + // profile subsystem may not be available. In case of KRA for // example if (ps == null) { CMS.debug("ConnectorServlet: Profile Subsystem not found "); @@ -388,7 +383,8 @@ public class ConnectorServlet extends CMSServlet { profile = (IEnrollProfile) (ps.getProfile(profileId)); profile.setDefaultCertInfo(request); } catch (EProfileException e) { - CMS.debug("ConnectorServlet: normalizeProfileRequest Exception: " + e.toString()); + CMS.debug("ConnectorServlet: normalizeProfileRequest Exception: " + + e.toString()); } if (profile == null) { CMS.debug("ConnectorServlet: Profile not found " + profileId); @@ -399,15 +395,15 @@ public class ConnectorServlet extends CMSServlet { /** * Process request * <P> - * + * * (Certificate Request - all "agent" profile cert requests made through a - * connector) + * connector) * <P> - * - * (Certificate Request Processed - all automated "agent" profile based - * cert acceptance made through a connector) + * + * (Certificate Request Processed - all automated "agent" profile based cert + * acceptance made through a connector) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a * profile cert request is made (before approval process) @@ -417,6 +413,7 @@ public class ConnectorServlet extends CMSServlet { * inter-CIMC_Boundary data transfer is successful (this is used when data * does not need to be captured) * </ul> + * * @param source string containing source * @param sourceUserId string containing source user ID * @param msg PKI message @@ -424,9 +421,8 @@ public class ConnectorServlet extends CMSServlet { * @exception EBaseException an error has occurred * @return PKI message */ - protected IPKIMessage processRequest( - String source, String sourceUserId, IPKIMessage msg, IAuthToken token) - throws EBaseException { + protected IPKIMessage processRequest(String source, String sourceUserId, + IPKIMessage msg, IAuthToken token) throws EBaseException { String auditMessage = null; String auditSubjectID = sourceUserId; String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL; @@ -476,50 +472,45 @@ public class ConnectorServlet extends CMSServlet { thisreq = queue.findRequest(thisreqid); if (thisreq == null) { // strange case. - String errormsg = "Cannot find request in request queue " + - thisreqid; + String errormsg = "Cannot find request in request queue " + + thisreqid; - mAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage( + mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage( "CMSGW_REQUEST_ID_NOT_FOUND_1", thisreqid.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, - ILogger.FAILURE, - auditProtectionMethod, - auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, ILogger.FAILURE, + auditProtectionMethod, auditRequestType, + auditRequesterID); audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // does not yet matter at this point! throw new EBaseException(errormsg); } else { - mAuthority.log(ILogger.LL_INFO, - "Found request " + thisreqid + " for " + srcid); + mAuthority.log(ILogger.LL_INFO, "Found request " + + thisreqid + " for " + srcid); replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - auditProtectionMethod, - auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, ILogger.SUCCESS, + auditProtectionMethod, auditRequestType, + auditRequesterID); audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // does not yet matter at this point! return replymsg; } @@ -527,77 +518,67 @@ public class ConnectorServlet extends CMSServlet { // if not found process request. thisreq = queue.newRequest(msg.getReqType()); - CMS.debug("ConnectorServlet: created requestId=" + - thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: created requestId=" + + thisreq.getRequestId().toString()); thisreq.setSourceId(srcid); - // NOTE: For the following signed audit message, since we only - // care about the "msg.toRequest( thisreq );" command, and - // since this command does not throw an EBaseException - // (which is the only exception designated by this method), - // then this code does NOT need to be contained within its - // own special try/catch block. - msg.toRequest( thisreq ); + // NOTE: For the following signed audit message, since we only + // care about the "msg.toRequest( thisreq );" command, and + // since this command does not throw an EBaseException + // (which is the only exception designated by this method), + // then this code does NOT need to be contained within its + // own special try/catch block. + msg.toRequest(thisreq); - if( isProfileRequest( thisreq ) ) { - X509CertInfo info = - thisreq.getExtDataInCertInfo( - IEnrollProfile.REQUEST_CERTINFO ); + if (isProfileRequest(thisreq)) { + X509CertInfo info = thisreq + .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); try { - CertificateSubjectName sn = ( CertificateSubjectName ) - info.get( X509CertInfo.SUBJECT ); + CertificateSubjectName sn = (CertificateSubjectName) info + .get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" // it - if( sn != null ) { + if (sn != null) { subject = sn.toString(); - if( subject != null ) { - // NOTE: This is ok even if the cert subject - // name is "" (empty)! + if (subject != null) { + // NOTE: This is ok even if the cert subject + // name is "" (empty)! auditCertificateSubjectName = subject.trim(); } } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); - - audit( auditMessage ); - } catch( CertificateException e ) { - CMS.debug( "ConnectorServlet: processRequest " - + e.toString() ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditProfileID(), auditCertificateSubjectName); + + audit(auditMessage); + } catch (CertificateException e) { + CMS.debug("ConnectorServlet: processRequest " + + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); - - audit( auditMessage ); - } catch( IOException e ) { - CMS.debug( "ConnectorServlet: processRequest " - + e.toString() ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditProfileID(), auditCertificateSubjectName); + + audit(auditMessage); + } catch (IOException e) { + CMS.debug("ConnectorServlet: processRequest " + + e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditProfileID(), - auditCertificateSubjectName ); - - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditProfileID(), auditCertificateSubjectName); + + audit(auditMessage); } } @@ -605,10 +586,9 @@ public class ConnectorServlet extends CMSServlet { // setting requestor type must come after copy contents. because // requestor is a regular attribute. - thisreq.setExtData(IRequest.REQUESTOR_TYPE, - IRequest.REQUESTOR_RA); - mAuthority.log(ILogger.LL_INFO, "Processing remote request " + - srcid); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_RA); + mAuthority.log(ILogger.LL_INFO, "Processing remote request " + + srcid); // Set this so that request's updateBy is recorded SessionContext s = SessionContext.getContext(); @@ -621,53 +601,53 @@ public class ConnectorServlet extends CMSServlet { s.put(SessionContext.REQUESTER_ID, msg.getReqId()); } - CMS.debug("ConnectorServlet: calling processRequest instance=" + - thisreq); + CMS.debug("ConnectorServlet: calling processRequest instance=" + + thisreq); if (isProfileRequest(thisreq)) { normalizeProfileRequest(thisreq); } try { - queue.processRequest( thisreq ); + queue.processRequest(thisreq); - if( isProfileRequest( thisreq ) ) { + if (isProfileRequest(thisreq)) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue( thisreq ); + auditInfoCertValue = auditInfoCertValue(thisreq); - if( auditInfoCertValue != null ) { - if( !( auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { + if (auditInfoCertValue != null) { + if (!(auditInfoCertValue + .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue ); - - audit( auditMessage ); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); + + audit(auditMessage); } } } - } catch( EBaseException eAudit1 ) { - if( isProfileRequest( thisreq ) ) { + } catch (EBaseException eAudit1) { + if (isProfileRequest(thisreq)) { // reset the "auditInfoCertValue" - auditInfoCertValue = auditInfoCertValue( thisreq ); + auditInfoCertValue = auditInfoCertValue(thisreq); - if( auditInfoCertValue != null ) { - if( !( auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) { + if (auditInfoCertValue != null) { + if (!(auditInfoCertValue + .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue ); - - audit( auditMessage ); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); + + audit(auditMessage); } } } @@ -680,158 +660,146 @@ public class ConnectorServlet extends CMSServlet { replymsg = CMS.getHttpPKIMessage(); replymsg.fromRequest(thisreq); - CMS.debug("ConnectorServlet: replymsg.reqStatus=" + - replymsg.getReqStatus()); + CMS.debug("ConnectorServlet: replymsg.reqStatus=" + + replymsg.getReqStatus()); - //for audit log + // for audit log String agentID = sourceUserId; - String initiative = AuditFormat.FROMRA + " trustedManagerID: " + - agentID + " remote reqID " + msg.getReqId(); + String initiative = AuditFormat.FROMRA + " trustedManagerID: " + + agentID + " remote reqID " + msg.getReqId(); String authMgr = AuditFormat.NOAUTH; if (token != null) { - authMgr = - token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } if (isProfileRequest(thisreq)) { // XXX audit log - CMS.debug("ConnectorServlet: done requestId=" + - thisreq.getRequestId().toString()); + CMS.debug("ConnectorServlet: done requestId=" + + thisreq.getRequestId().toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - auditProtectionMethod, - auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, ILogger.SUCCESS, auditProtectionMethod, + auditRequestType, auditRequesterID); audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has already been logged at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has already been logged at this point! return replymsg; } // Get the certificate info from the request - X509CertInfo x509Info[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo x509Info[] = thisreq + .getExtDataInCertInfoArray(IRequest.CERT_INFO); try { if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) { if (x509Info != null) { for (int i = 0; i < x509Info.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus(), - x509Info[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + thisreq.getRequestStatus(), + x509Info[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - thisreq.getRequestStatus()} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, AuditFormat.NODNFORMAT, + new Object[] { thisreq.getRequestType(), + thisreq.getRequestId(), initiative, + authMgr, thisreq.getRequestStatus() }); } } else { - if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) { + if (thisreq.getRequestType().equals( + IRequest.ENROLLMENT_REQUEST)) { // XXX make the repeat record. // Get the certificate(s) from the request X509CertImpl x509Certs[] = null; if (x509Info != null) - x509Certs = - thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); + x509Certs = thisreq + .getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (x509Certs != null) { for (int i = 0; i < x509Certs.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - x509Certs[i].getSubjectDN(), - "cert issued serial number: 0x" + - x509Certs[i].getSerialNumber().toString(16)} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + thisreq.getRequestType(), + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + x509Certs[i].getSubjectDN(), + "cert issued serial number: 0x" + + x509Certs[i] + .getSerialNumber() + .toString(16) }); } } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, AuditFormat.NODNFORMAT, + new Object[] { thisreq.getRequestType(), + thisreq.getRequestId(), initiative, + authMgr, "completed" }); } - } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) { - X509CertImpl[] certs = - thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); + } else if (thisreq.getRequestType().equals( + IRequest.RENEWAL_REQUEST)) { + X509CertImpl[] certs = thisreq + .getExtDataInCertArray(IRequest.OLD_CERTS); X509CertImpl old_cert = certs[0]; - certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS); + certs = thisreq + .getExtDataInCertArray(IRequest.ISSUED_CERTS); X509CertImpl renewed_cert = certs[0]; if (old_cert != null && renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.RENEWALFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - authMgr, - "completed", - old_cert.getSubjectDN(), - old_cert.getSerialNumber().toString(16), - "new serial number: 0x" + - renewed_cert.getSerialNumber().toString(16)} - ); + AuditFormat.LEVEL, + AuditFormat.RENEWALFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + authMgr, + "completed", + old_cert.getSubjectDN(), + old_cert.getSerialNumber() + .toString(16), + "new serial number: 0x" + + renewed_cert + .getSerialNumber() + .toString(16) }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed with error"} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, AuditFormat.NODNFORMAT, + new Object[] { thisreq.getRequestType(), + thisreq.getRequestId(), initiative, + authMgr, "completed with error" }); } - } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) { - Certificate[] oldCerts = - thisreq.getExtDataInCertArray(IRequest.OLD_CERTS); - RevokedCertImpl crlentries[] = - thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + } else if (thisreq.getRequestType().equals( + IRequest.REVOCATION_REQUEST)) { + Certificate[] oldCerts = thisreq + .getExtDataInCertArray(IRequest.OLD_CERTS); + RevokedCertImpl crlentries[] = thisreq + .getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); CRLExtensions crlExts = crlentries[0].getExtensions(); int reason = 0; @@ -842,18 +810,20 @@ public class ConnectorServlet extends CMSServlet { Extension ext = (Extension) enum1.nextElement(); if (ext instanceof CRLReasonExtension) { - reason = ((CRLReasonExtension) ext).getReason().toInt(); + reason = ((CRLReasonExtension) ext) + .getReason().toInt(); break; } } } int count = oldCerts.length; - Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); + Integer result = thisreq + .getExtDataInInteger(IRequest.RESULT); if (result.equals(IRequest.RES_ERROR)) { - String[] svcErrors = - thisreq.getExtDataInStringArray(IRequest.SVCERRORS); + String[] svcErrors = thisreq + .getExtDataInStringArray(IRequest.SVCERRORS); if (svcErrors != null && svcErrors.length > 0) { for (int i = 0; i < svcErrors.length; i++) { @@ -865,19 +835,24 @@ public class ConnectorServlet extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed with error: " + - err, - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed with error: " + + err, + cert.getSubjectDN(), + cert.getSerialNumber() + .toString( + 16), + RevocationReason + .fromInt( + reason) + .toString() }); } } } @@ -891,44 +866,39 @@ public class ConnectorServlet extends CMSServlet { if (oldCerts[j] instanceof X509CertImpl) { X509CertImpl cert = (X509CertImpl) oldCerts[j]; - mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.DOREVOKEFORMAT, - new Object[] { - thisreq.getRequestId(), - initiative, - "completed", - cert.getSubjectDN(), - cert.getSerialNumber().toString(16), - RevocationReason.fromInt(reason).toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.DOREVOKEFORMAT, + new Object[] { + thisreq.getRequestId(), + initiative, + "completed", + cert.getSubjectDN(), + cert.getSerialNumber() + .toString(16), + RevocationReason + .fromInt(reason) + .toString() }); } } } } } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - thisreq.getRequestType(), - thisreq.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, + AuditFormat.LEVEL, AuditFormat.NODNFORMAT, + new Object[] { thisreq.getRequestType(), + thisreq.getRequestId(), initiative, + authMgr, "completed" }); } } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - auditProtectionMethod, - auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, ILogger.SUCCESS, auditProtectionMethod, + auditRequestType, auditRequesterID); audit(auditMessage); } catch (IOException e) { @@ -936,12 +906,9 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, - ILogger.FAILURE, - auditProtectionMethod, - auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, ILogger.FAILURE, auditProtectionMethod, + auditRequestType, auditRequesterID); audit(auditMessage); } catch (CertificateException e) { @@ -949,12 +916,9 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, - ILogger.FAILURE, - auditProtectionMethod, - auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, ILogger.FAILURE, auditProtectionMethod, + auditRequestType, auditRequesterID); audit(auditMessage); } catch (Exception e) { @@ -962,46 +926,40 @@ public class ConnectorServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, - ILogger.FAILURE, - auditProtectionMethod, - auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, ILogger.FAILURE, auditProtectionMethod, + auditRequestType, auditRequesterID); audit(auditMessage); } finally { SessionContext.releaseContext(); } - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has already been logged at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has already been logged at this point! return replymsg; } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, - auditSubjectID, - ILogger.FAILURE, - auditProtectionMethod, - auditRequestType, - auditRequesterID); + LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS, + auditSubjectID, ILogger.FAILURE, auditProtectionMethod, + auditRequestType, auditRequesterID); audit(auditMessage); - // NOTE: The signed audit event - // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST - // has either already been logged, or - // does not yet matter at this point! + // NOTE: The signed audit event + // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST + // has either already been logged, or + // does not yet matter at this point! return replymsg; } } - protected X509Certificate - getPeerCert(HttpServletRequest req) throws EBaseException { + protected X509Certificate getPeerCert(HttpServletRequest req) + throws EBaseException { return getSSLClientCertificate(req); } @@ -1011,11 +969,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1026,21 +984,17 @@ public class ConnectorServlet extends CMSServlet { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Profile ID - * - * This method is inherited by all extended "EnrollProfile"s, - * and is called to obtain the "ProfileID" for - * a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, and is called + * to obtain the "ProfileID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1062,11 +1016,11 @@ public class ConnectorServlet extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request a Request containing an X509CertImpl * @return cert string containing the certificate */ @@ -1076,8 +1030,8 @@ public class ConnectorServlet extends CMSServlet { return null; } - X509CertImpl x509cert = request.getExtDataInCert( - IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl x509cert = request + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); if (x509cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1122,4 +1076,3 @@ public class ConnectorServlet extends CMSServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index 2a024c3a..27b5200b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -40,17 +40,14 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - - /** - * GenerateKeyPairServlet - * handles "server-side key pair generation" requests from the - * netkey RA. - * + * GenerateKeyPairServlet handles "server-side key pair generation" requests + * from the netkey RA. + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -//XXX add auditing later +// XXX add auditing later public class GenerateKeyPairServlet extends CMSServlet { /** @@ -68,7 +65,7 @@ public class GenerateKeyPairServlet extends CMSServlet { /** * Constructs GenerateKeyPair servlet. - * + * */ public GenerateKeyPairServlet() { super(); @@ -80,37 +77,30 @@ public class GenerateKeyPairServlet extends CMSServlet { String authority = config.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) - CMS.getSubsystem(authority); - + mAuthority = (IAuthority) CMS.getSubsystem(authority); + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /* - * processServerSideKeyGen - - * handles netkey DRM serverside keygen. - * netkey operations: - * 1. generate keypair (archive user priv key) - * 2. unwrap des key with transport key, then url decode it - * 3. wrap user priv key with des key - * 4. send the following to RA: - * * des key wrapped(user priv key) - * * user public key - * (note: RA should have kek-wrapped des key from TKS) - * * recovery blob (used for recovery) + * processServerSideKeyGen - handles netkey DRM serverside keygen. netkey + * operations: 1. generate keypair (archive user priv key) 2. unwrap des key + * with transport key, then url decode it 3. wrap user priv key with des key + * 4. send the following to RA: * des key wrapped(user priv key) * user + * public key (note: RA should have kek-wrapped des key from TKS) * recovery + * blob (used for recovery) */ private void processServerSideKeyGen(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; @@ -123,8 +113,8 @@ public class GenerateKeyPairServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rArchive = req.getParameter("archive"); - String rKeysize = req.getParameter("keysize"); + String rArchive = req.getParameter("archive"); + String rKeysize = req.getParameter("keysize"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID"); @@ -136,19 +126,18 @@ public class GenerateKeyPairServlet extends CMSServlet { missingParam = true; } - if ((rKeysize == null) || (rKeysize.equals(""))) { - rKeysize = "1024"; // default to 1024 - } + if ((rKeysize == null) || (rKeysize.equals(""))) { + rKeysize = "1024"; // default to 1024 + } - if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + if ((rdesKeyString == null) || (rdesKeyString.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key"); missingParam = true; } if ((rArchive == null) || (rArchive.equals(""))) { CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true"); - rArchive = "true"; + rArchive = "true"; } String selectedToken = null; @@ -156,21 +145,23 @@ public class GenerateKeyPairServlet extends CMSServlet { if (!missingParam) { thisreq = queue.newRequest(IRequest.NETKEY_KEYGEN_REQUEST); - thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_NETKEY_RA); thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); - thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); - thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); - thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); + thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, + rdesKeyString); + thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive); + thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize); - queue.processRequest( thisreq ); + queue.processRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and DRM thinks 1 is good - if (result.intValue() == 1) - status = "0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and DRM thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -184,40 +175,40 @@ public class GenerateKeyPairServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; - if( thisreq == null ) { - CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + if (thisreq == null) { + CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate"); - String ivString = thisreq.getExtDataInString("iv_s"); + String ivString = thisreq.getExtDataInString("iv_s"); /* - if (selectedToken == null) - status = "4"; - */ - if (!status.equals("0")) - value = "status="+status; + * if (selectedToken == null) status = "4"; + */ + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); - sb.append("wrapped_priv_key="); - sb.append(wrappedPrivKeyString); - sb.append("&iv_param="); - sb.append(ivString); + sb.append("wrapped_priv_key="); + sb.append(wrappedPrivKeyString); + sb.append("&iv_param="); + sb.append(ivString); sb.append("&public_key="); - sb.append(publicKeyString); + sb.append(publicKeyString); value = sb.toString(); } - CMS.debug("processServerSideKeyGen:outputString.encode " +value); + CMS.debug("processServerSideKeyGen:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length()); + CMS.debug("GenerateKeyPairServlet:outputString.length " + + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -227,20 +218,14 @@ public class GenerateKeyPairServlet extends CMSServlet { } } - - /* - - * For GenerateKeyPair: - * - * input: - * CUID=value0 - * trans-wrapped-desKey=value1 - * - * output: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 - * proofOfArchival=value3 + /* + * + * For GenerateKeyPair: + * + * input: CUID=value0 trans-wrapped-desKey=value1 + * + * output: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -251,14 +236,14 @@ public class GenerateKeyPairServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "execute"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "execute"); } catch (Exception e) { } if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("GenerateKeyPairServlet: Unauthorized"); @@ -268,7 +253,7 @@ public class GenerateKeyPairServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("GenerateKeyPairServlet: " + e.toString()); } @@ -277,28 +262,28 @@ public class GenerateKeyPairServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); - processServerSideKeyGen(req, resp); - return; + CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called"); + processServerSideKeyGen(req, resp); + return; // end Netkey functions } - /** XXX remember tocheck peer SSL cert and get RA id later - * + /** + * XXX remember tocheck peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java index fa454bd6..0c67eaf1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java @@ -39,16 +39,14 @@ import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; - /** - * TokenKeyRecoveryServlet - * handles "key recovery service" requests from the + * TokenKeyRecoveryServlet handles "key recovery service" requests from the * netkey TPS - * + * * @author Christina Fu (cfu) * @version $Revision$, $Date$ */ -//XXX add auditing later +// XXX add auditing later public class TokenKeyRecoveryServlet extends CMSServlet { /** @@ -65,7 +63,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { /** * Constructs TokenKeyRecovery servlet. - * + * */ public TokenKeyRecoveryServlet() { super(); @@ -77,27 +75,26 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String authority = config.getInitParameter(PROP_AUTHORITY); if (authority != null) - mAuthority = (IAuthority) - CMS.getSubsystem(authority); - + mAuthority = (IAuthority) CMS.getSubsystem(authority); + mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); } /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** + /** * Process the HTTP request. - * + * * @param s The URL to decode */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -117,39 +114,30 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } // end for return out.toString(); - } + } /* - * processTokenKeyRecovery - * handles netkey key recovery requests - * input params are: - * CUID - the CUID of the old token where the keys/certs were initially for - * userid - the userid that belongs to both the old token and the new token - * drm_trans_desKey - the des key generated for the NEW token - * wrapped with DRM transport key - * cert - the user cert corresponding to the key to be recovered - * - * operations: - * 1. unwrap des key with transport key, then url decode it - * 2. retrieve user private key - * 3. wrap user priv key with des key - * 4. send the following to RA: - * * des key wrapped(user priv key) - * (note: RA should have kek-wrapped des key from TKS) - * * recovery blob (used for recovery) - * - * output params are: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 + * processTokenKeyRecovery handles netkey key recovery requests input params + * are: CUID - the CUID of the old token where the keys/certs were initially + * for userid - the userid that belongs to both the old token and the new + * token drm_trans_desKey - the des key generated for the NEW token wrapped + * with DRM transport key cert - the user cert corresponding to the key to + * be recovered + * + * operations: 1. unwrap des key with transport key, then url decode it 2. + * retrieve user private key 3. wrap user priv key with des key 4. send the + * following to RA: * des key wrapped(user priv key) (note: RA should have + * kek-wrapped des key from TKS) * recovery blob (used for recovery) + * + * output params are: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 */ private void processTokenKeyRecovery(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { + HttpServletResponse resp) throws EBaseException { IRequestQueue queue = mAuthority.getRequestQueue(); IRequest thisreq = null; - - // IConfigStore sconfig = CMS.getConfigStore(); + + // IConfigStore sconfig = CMS.getConfigStore(); boolean missingParam = false; String status = "0"; @@ -158,7 +146,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String rCUID = req.getParameter("CUID"); String rUserid = req.getParameter("userid"); String rdesKeyString = req.getParameter("drm_trans_desKey"); - String rCert = req.getParameter("cert"); + String rCert = req.getParameter("cert"); if ((rCUID == null) || (rCUID.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID"); @@ -170,8 +158,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { missingParam = true; } - if ((rdesKeyString == null) || - (rdesKeyString.equals(""))) { + if ((rdesKeyString == null) || (rdesKeyString.equals(""))) { CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key"); missingParam = true; } @@ -186,24 +173,26 @@ public class TokenKeyRecoveryServlet extends CMSServlet { if (!missingParam) { thisreq = queue.newRequest(IRequest.NETKEY_KEYRECOVERY_REQUEST); - thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA); + thisreq.setExtData(IRequest.REQUESTOR_TYPE, + IRequest.REQUESTOR_NETKEY_RA); thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID); thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid); - thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString); + thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, + rdesKeyString); thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert); - //XXX auto process for netkey - queue.processRequest( thisreq ); - // IService svc = (IService) new TokenKeyRecoveryService(kra); - // svc.serviceRequest(thisreq); + // XXX auto process for netkey + queue.processRequest(thisreq); + // IService svc = (IService) new TokenKeyRecoveryService(kra); + // svc.serviceRequest(thisreq); Integer result = thisreq.getExtDataInInteger(IRequest.RESULT); if (result != null) { - // sighs! tps thinks 0 is good, and drm thinks 1 is good - if (result.intValue() == 1) - status ="0"; - else - status = result.toString(); + // sighs! tps thinks 0 is good, and drm thinks 1 is good + if (result.intValue() == 1) + status = "0"; + else + status = result.toString(); } else status = "7"; @@ -218,25 +207,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String wrappedPrivKeyString = ""; String publicKeyString = ""; String ivString = ""; - /* if is RECOVERY_PROTOTYPE - String recoveryBlobString = ""; - - IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); - byte publicKey_b[] = kr.getPublicKeyData(); - - BigInteger serialNo = kr.getSerialNumber(); - - String serialNumberString = - com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray()); - - recoveryBlobString = (String) - thisreq.get("recoveryBlob"); - */ - - if( thisreq == null ) { - CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - " - + "thisreq is null!" ); - throw new EBaseException( "thisreq is null" ); + /* + * if is RECOVERY_PROTOTYPE String recoveryBlobString = ""; + * + * IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); byte + * publicKey_b[] = kr.getPublicKeyData(); + * + * BigInteger serialNo = kr.getSerialNumber(); + * + * String serialNumberString = + * com.netscape.cmsutil.util.Utils.SpecialEncode + * (serialNo.toByteArray()); + * + * recoveryBlobString = (String) thisreq.get("recoveryBlob"); + */ + + if (thisreq == null) { + CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - " + + "thisreq is null!"); + throw new EBaseException("thisreq is null"); } publicKeyString = thisreq.getExtDataInString("public_key"); @@ -244,11 +233,10 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ivString = thisreq.getExtDataInString("iv_s"); /* - if (selectedToken == null) - status = "4"; - */ - if (!status.equals("0")) - value = "status="+status; + * if (selectedToken == null) status = "4"; + */ + if (!status.equals("0")) + value = "status=" + status; else { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -259,13 +247,14 @@ public class TokenKeyRecoveryServlet extends CMSServlet { sb.append("&iv_param="); sb.append(ivString); value = sb.toString(); - + } - CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value); + CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length()); + CMS.debug("TokenKeyRecoveryServlet:outputString.length " + + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -275,19 +264,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } } - - /* - * For TokenKeyRecovery - * - * input: - * CUID=value0 - * trans-wrapped-desKey=value1 - * - * output: - * status=value0 - * publicKey=value1 - * desKey-wrapped-userPrivateKey=value2 - * proofOfArchival=value3 + /* + * For TokenKeyRecovery + * + * input: CUID=value0 trans-wrapped-desKey=value1 + * + * output: status=value0 publicKey=value1 + * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3 */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -298,14 +281,14 @@ public class TokenKeyRecoveryServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "submit"); } catch (Exception e) { } if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenKeyRecoveryServlet: Unauthorized"); @@ -315,7 +298,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("TokenKeyRecoveryServlet: " + e.toString()); } @@ -324,28 +307,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet { } // begin Netkey serverSideKeyGen and archival - CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); - processTokenKeyRecovery(req, resp); - return; + CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called"); + processTokenKeyRecovery(req, resp); + return; // end Netkey functions } - /** XXX remember to check peer SSL cert and get RA id later - * + /** + * XXX remember to check peer SSL cert and get RA id later + * * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); - super.service(req, resp); + super.service(req, resp); - } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java index a2509287..4bb96f14 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.StringTokenizer; @@ -41,19 +40,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AdminAuthenticatePanel extends WizardPanelBase { - public AdminAuthenticatePanel() {} + public AdminAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Admin Authentication"); setId(id); @@ -62,24 +61,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("AdminAuthenticatePanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("new")) { return true; } } catch (EBaseException e) { } - + return false; } @@ -103,15 +102,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -119,18 +119,17 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Admin Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.master.admin.uid", ""); String type = config.getString("preop.subsystem.select", ""); if (type.equals("clone")) - context.put("uid", s); + context.put("uid", s); else context.put("uid", ""); } catch (Exception e) { @@ -149,16 +148,14 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String subsystemtype = ""; String cstype = ""; @@ -170,7 +167,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); + CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); String uid = HttpInput.getUID(request, "uid"); if (uid == null) { context.put("errorString", "Uid is empty"); @@ -185,7 +182,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.master.hostname"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname for master"); throw new IOException("Missing hostname"); } @@ -193,7 +190,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase { try { httpsport = config.getInteger("preop.master.httpsadminport"); } catch (Exception e) { - CMS.debug("AdminAuthenticatePanel update: "+e.toString()); + CMS.debug("AdminAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port for master"); throw new IOException("Missing port"); } @@ -235,10 +232,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append("cloning."); c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + + if (s1.length() != 0) s1.append(","); - + s1.append(cstype); s1.append("."); s1.append(t1); @@ -248,11 +245,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type"); } - String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString(); + String content = "uid=" + + uid + + "&pwd=" + + pwd + + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + + c1.toString() + "&substores=" + s1.toString(); - boolean success = updateConfigEntries(host, httpsport, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, - response); + boolean success = updateConfigEntries(host, httpsport, true, "/" + + cstype + "/admin/" + cstype + "/getConfigEntries", + content, config, response); try { config.commit(false); @@ -260,13 +262,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase { } if (!success) { - context.put("errorString", "Failed to get configuration entries from the master"); - throw new IOException("Failed to get configuration entries from the master"); + context.put("errorString", + "Failed to get configuration entries from the master"); + throw new IOException( + "Failed to get configuration entries from the master"); } else { boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("AdminAuthenticatePanel update: clone does not have all the certificates."); - context.put("errorString", "Make sure you have copied the certificate database over to the clone"); + context.put("errorString", + "Make sure you have copied the certificate database over to the clone"); throw new IOException("Clone is not ready"); } } @@ -285,16 +290,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("title", "Admin Authentication"); context.put("password", ""); context.put("panel", "admin/console/config/adminauthenticatepanel.vm"); } - private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + private boolean isCertdbCloned(HttpServletRequest request, Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -306,13 +308,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); - if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + if (!tokenname.equals("Internal Key Storage Token") + && !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname); + CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java index 78bb9485..1265fb87 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -70,18 +69,19 @@ public class AdminPanel extends WizardPanelBase { private static final String ADMIN_UID = "admin"; private final static String CERT_TAG = "admin"; - public AdminPanel() {} + public AdminPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Administrator"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) { setPanelNo(panelno); setName("Administrator"); setId(id); @@ -101,29 +101,39 @@ public class AdminPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "Email address for an administrator"); + + Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "Email address for an administrator"); set.add("admin_email", emailDesc); - Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "Administrator's password"); + Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "Administrator's password"); set.add("pwd", pwdDesc); - Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "Administrator's password again"); + Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "Administrator's password again"); set.add("admin_password_again", pwdAgainDesc); return set; @@ -133,8 +143,7 @@ public class AdminPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("AdminPanel: display"); IConfigStore cs = CMS.getConfigStore(); @@ -152,7 +161,8 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (isPanelDone()) { try { @@ -161,11 +171,14 @@ public class AdminPanel extends WizardPanelBase { context.put("admin_pwd", ""); context.put("admin_pwd_again", ""); context.put("admin_uid", cs.getString("preop.admin.uid")); - } catch (Exception e) {} + } catch (Exception e) { + } } else { String def_admin_name = ""; try { - def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId"); + def_admin_name = cs.getString("cs.type") + + " Administrator of Instance " + + cs.getString("instanceId"); } catch (EBaseException e) { } context.put("admin_name", def_admin_name); @@ -176,7 +189,7 @@ public class AdminPanel extends WizardPanelBase { } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -186,24 +199,24 @@ public class AdminPanel extends WizardPanelBase { String domainname = ""; try { domainname = cs.getString("securitydomain.name", ""); - } catch (EBaseException e1) {} + } catch (EBaseException e1) { + } context.put("securityDomain", domainname); context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); context.put("errorString", ""); context.put("info", info); - + } /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException - { + HttpServletResponse response, Context context) throws IOException { String pwd = HttpInput.getPassword(request, "__pwd"); - String pwd_again = HttpInput.getPassword(request, "__admin_password_again"); + String pwd_again = HttpInput.getPassword(request, + "__admin_password_again"); String email = HttpInput.getEmail(request, "email"); String name = HttpInput.getName(request, "name"); String uid = HttpInput.getUID(request, "uid"); @@ -230,7 +243,8 @@ public class AdminPanel extends WizardPanelBase { if (!pwd.equals(pwd_again)) { context.put("updateStatus", "validate-failure"); - throw new IOException("Password and password again are not the same."); + throw new IOException( + "Password and password again are not the same."); } if (email == null || email.length() == 0) { @@ -243,8 +257,7 @@ public class AdminPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); context.put("info", ""); context.put("import", "true"); @@ -256,13 +269,15 @@ public class AdminPanel extends WizardPanelBase { try { type = config.getString(PRE_CA_TYPE, ""); subsystemtype = config.getString("cs.type", ""); - security_domain_type = config.getString("securitydomain.select",""); + security_domain_type = config + .getString("securitydomain.select", ""); selected_hierarchy = config.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -286,14 +301,12 @@ public class AdminPanel extends WizardPanelBase { throw e; } - // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "AdminPanel update: " - + "Root CA subsystem"); + // REMINDER: This panel is NOT used by "clones" + if (ca != null) { + if (selected_hierarchy.equals("root")) { + CMS.debug("AdminPanel update: " + "Root CA subsystem"); } else { - CMS.debug( "AdminPanel update: " - + "Subordinate CA subsystem"); + CMS.debug("AdminPanel update: " + "Subordinate CA subsystem"); } try { @@ -309,10 +322,8 @@ public class AdminPanel extends WizardPanelBase { String ca_hostname = null; int ca_port = -1; - // REMINDER: This panel is NOT used by "clones" - CMS.debug( "AdminPanel update: " - + subsystemtype - + " subsystem" ); + // REMINDER: This panel is NOT used by "clones" + CMS.debug("AdminPanel update: " + subsystemtype + " subsystem"); if (type.equals("sdca")) { try { @@ -339,10 +350,11 @@ public class AdminPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("updateStatus", "success"); - + } private void createAdmin(HttpServletRequest request) throws IOException { @@ -402,7 +414,8 @@ public class AdminPanel extends WizardPanelBase { String select = config.getString("securitydomain.select", ""); if (select.equals("new")) { - group = system.getGroupFromName("Security Domain Administrators"); + group = system + .getGroupFromName("Security Domain Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -414,7 +427,8 @@ public class AdminPanel extends WizardPanelBase { system.modifyGroup(group); } - group = system.getGroupFromName("Enterprise KRA Administrators"); + group = system + .getGroupFromName("Enterprise KRA Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -426,19 +440,22 @@ public class AdminPanel extends WizardPanelBase { system.modifyGroup(group); } - group = system.getGroupFromName("Enterprise TKS Administrators"); + group = system + .getGroupFromName("Enterprise TKS Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); } - group = system.getGroupFromName("Enterprise OCSP Administrators"); + group = system + .getGroupFromName("Enterprise OCSP Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); } - group = system.getGroupFromName("Enterprise TPS Administrators"); + group = system + .getGroupFromName("Enterprise TPS Administrators"); if (!group.isMember(uid)) { group.addMemberName(uid); system.modifyGroup(group); @@ -450,8 +467,9 @@ public class AdminPanel extends WizardPanelBase { } } - private void submitRequest(String ca_hostname, int ca_port, HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + private void submitRequest(String ca_hostname, int ca_port, + HttpServletRequest request, HttpServletResponse response, + Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String sd_hostname = null; int sd_port = -1; @@ -459,22 +477,29 @@ public class AdminPanel extends WizardPanelBase { try { sd_hostname = config.getString("securitydomain.host", ""); sd_port = config.getInteger("securitydomain.httpseeport"); - } catch (Exception e) {} + } catch (Exception e) { + } String profileId = HttpInput.getID(request, "profileId"); if (profileId == null) { try { - profileId = config.getString("preop.admincert.profile", "caAdminCert"); - } catch (Exception e) {} + profileId = config.getString("preop.admincert.profile", + "caAdminCert"); + } catch (Exception e) { + } } - String cert_request_type = HttpInput.getID(request, "cert_request_type"); + String cert_request_type = HttpInput + .getID(request, "cert_request_type"); String cert_request = HttpInput.getCertRequest(request, "cert_request"); cert_request = URLEncoder.encode(cert_request, "UTF-8"); String session_id = CMS.getConfigSDSessionId(); String subjectDN = HttpInput.getString(request, "subject"); - String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN; + String content = "profileId=" + profileId + "&cert_request_type=" + + cert_request_type + "&cert_request=" + cert_request + + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + + subjectDN; HttpClient httpclient = new HttpClient(); String c = null; @@ -497,7 +522,7 @@ public class AdminPanel extends WizardPanelBase { c = httpresponse.getContent(); CMS.debug("AdminPanel submitRequest: content=" + c); - + // retrieve the request Id ad admin certificate if (c != null) { try { @@ -508,15 +533,15 @@ public class AdminPanel extends WizardPanelBase { try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "AdminPanel::submitRequest() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("AdminPanel::submitRequest() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); CMS.debug("AdminPanel update: status=" + status); if (status.equals("2")) { - //relogin to the security domain + // relogin to the security domain reloginSecurityDomain(response); return; } else if (!status.equals("0")) { @@ -525,7 +550,7 @@ public class AdminPanel extends WizardPanelBase { context.put("errorString", error); throw new IOException(error); } - + IConfigStore cs = CMS.getConfigStore(); String id = parser.getValue("Id"); @@ -539,7 +564,7 @@ public class AdminPanel extends WizardPanelBase { + File.separator + "admin.b64"; cs.putString("preop.admincert.b64", dir); - PrintStream ps = new PrintStream(new FileOutputStream(dir)); + PrintStream ps = new PrintStream(new FileOutputStream(dir)); ps.println(b64); ps.flush(); @@ -561,12 +586,13 @@ public class AdminPanel extends WizardPanelBase { HttpServletResponse response, Context context) throws IOException { String cert_request = HttpInput.getCertRequest(request, "cert_request"); - String cert_request_type = HttpInput.getID(request, "cert_request_type"); + String cert_request_type = HttpInput + .getID(request, "cert_request_type"); IConfigStore cs = CMS.getConfigStore(); - if( cs == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" ); - throw new IOException( "cs is null" ); + if (cs == null) { + CMS.debug("AdminPanel::createAdminCertificate() - cs is null!"); + throw new IOException("cs is null"); } String subject = ""; @@ -578,14 +604,13 @@ public class AdminPanel extends WizardPanelBase { subject = CryptoUtil.getSubjectName(crmfMsgs); x509key = CryptoUtil.getX509KeyFromCRMFMsgs(crmfMsgs); } catch (Exception e) { - CMS.debug( - "AdminPanel createAdminCertificate: Exception=" - + e.toString()); + CMS.debug("AdminPanel createAdminCertificate: Exception=" + + e.toString()); } - // this request is from IE. The VBScript has problem of generating - // certificate request if the subject name has E and UID components. - // For now, we always hardcoded the subject DN to be cn=NAME in - // the IE browser. + // this request is from IE. The VBScript has problem of generating + // certificate request if the subject name has E and UID components. + // For now, we always hardcoded the subject DN to be cn=NAME in + // the IE browser. } else if (cert_request_type.equals("pkcs10")) { try { byte[] b = CMS.AtoB(cert_request); @@ -594,33 +619,35 @@ public class AdminPanel extends WizardPanelBase { x509key = pkcs10.getSubjectPublicKeyInfo(); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } - if( x509key == null ) { - CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" ); - throw new IOException( "x509key is null" ); + if (x509key == null) { + CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!"); + throw new IOException("x509key is null"); } try { cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject); - String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local"); + String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", + "local"); X509CertImpl impl = CertUtil.createLocalCert(cs, x509key, - PCERT_PREFIX, CERT_TAG, caType, context); + PCERT_PREFIX, CERT_TAG, caType, context); // update the locally created request for renewal - CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject); + CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, + cert_request_type, subject); ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); if (ca != null) { createPKCS7(impl); } - cs.putString("preop.admincert.serialno.0", - impl.getSerialNumber().toString(16)); + cs.putString("preop.admincert.serialno.0", impl.getSerialNumber() + .toString(16)); } catch (Exception e) { CMS.debug("AdminPanel createAdminCertificate: Exception=" - + e.toString()); + + e.toString()); } } @@ -628,8 +655,7 @@ public class AdminPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Administrator"); context.put("panel", "admin/console/config/adminpanel.vm"); @@ -640,8 +666,9 @@ public class AdminPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); - } catch (Exception e) {} - if (ca == null && type.equals("otherca")) { + } catch (Exception e) { + } + if (ca == null && type.equals("otherca")) { info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically."; } context.put("info", info); @@ -655,7 +682,7 @@ public class AdminPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -665,11 +692,11 @@ public class AdminPanel extends WizardPanelBase { return false; } - private void createPKCS7(X509CertImpl cert) { try { IConfigStore cs = CMS.getConfigStore(); - ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca"); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); CertificateChain cachain = ca.getCACertChain(); X509Certificate[] cacerts = cachain.getChain(); X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; @@ -680,16 +707,18 @@ public class AdminPanel extends WizardPanelBase { } userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new ContentInfo(new byte[0]), userChain, new SignerInfo[0]); + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( + new byte[0]), userChain, new SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); p7.encodeSignedData(bos); byte[] p7Bytes = bos.toByteArray(); String p7Str = CMS.BtoA(p7Bytes); - cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str)); + cs.putString("preop.admincert.pkcs7", + CryptoUtil.normalizeCertStr(p7Str)); } catch (Exception e) { - CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString()); + CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java index a62b22b7..b5f74fd0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AgentAuthenticatePanel extends WizardPanelBase { - public AgentAuthenticatePanel() {} + public AgentAuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Agent Authentication"); setId(id); @@ -57,18 +56,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase { public boolean isSubPanel() { return true; } - + /** * Should we skip this panel for the configuration. */ public boolean shouldSkip() { CMS.debug("DisplayCertChainPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("securitydomain.select",""); + String select = cs.getString("securitydomain.select", ""); if (select.equals("new")) { return true; } @@ -78,7 +77,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { return true; } catch (EBaseException e) { } - + return false; } @@ -96,15 +95,16 @@ public class AgentAuthenticatePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -112,20 +112,19 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Agent Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -142,17 +141,14 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException - { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); context.put("title", "Agent Authentication"); @@ -182,34 +178,34 @@ public class AgentAuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AgentAuthenticatePanel update: "+e.toString()); + CMS.debug("AgentAuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } -/* - // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from - // web.xml as part of CC interface review - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); - - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } -*/ + /* + * // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed + * from // web.xml as part of CC interface review boolean + * authenticated = authenticate(host, httpsport, true, + * "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd); + * + * if (!authenticated) { context.put("errorString", + * "Wrong user id or password"); throw new + * IOException("Wrong user id or password"); } + */ try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -217,9 +213,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("password", ""); context.put("title", "Agent Authentication"); context.put("panel", "admin/console/config/agentauthenticatepanel.vm"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java index ceab1d8d..b4f29a43 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class AuthenticatePanel extends WizardPanelBase { - public AuthenticatePanel() {} + public AuthenticatePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Authentication"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Authentication"); setId(id); @@ -62,21 +61,22 @@ public class AuthenticatePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - String s = cs.getString("preop.ca.agent.uid",""); + String s = cs.getString("preop.ca.agent.uid", ""); if (s == null || s.equals("")) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -84,20 +84,19 @@ public class AuthenticatePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Authentication"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.ca.agent.uid", ""); String type = config.getString("preop.hierarchy.select", ""); if (type.equals("root")) context.put("uid", ""); else - context.put("uid", s); + context.put("uid", s); } catch (Exception e) { CMS.debug(e.toString()); } @@ -114,16 +113,14 @@ public class AuthenticatePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String type = ""; String catype = ""; @@ -151,30 +148,31 @@ public class AuthenticatePanel extends WizardPanelBase { try { host = config.getString("preop.ca.hostname"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing hostname"); throw new IOException("Missing hostname"); } - + try { httpsport = config.getInteger("preop.ca.httpsport"); } catch (Exception e) { - CMS.debug("AuthenticatePanel update: "+e.toString()); + CMS.debug("AuthenticatePanel update: " + e.toString()); context.put("errorString", "Missing port"); throw new IOException("Missing port"); } - boolean authenticated = authenticate(host, httpsport, true, - "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd); + boolean authenticated = authenticate(host, httpsport, true, + "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd); - if (!authenticated) { - context.put("errorString", "Wrong user id or password"); - throw new IOException("Wrong user id or password"); - } + if (!authenticated) { + context.put("errorString", "Wrong user id or password"); + throw new IOException("Wrong user id or password"); + } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } @@ -182,9 +180,7 @@ public class AuthenticatePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("password", ""); context.put("panel", "admin/console/config/authenticatepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java index 77977808..38bbbc64 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.io.IOException; @@ -71,19 +70,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class BackupKeyCertPanel extends WizardPanelBase { - public BackupKeyCertPanel() {} + public BackupKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Export Keys and Certificates"); setId(id); @@ -105,11 +104,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { String s = cs.getString("preop.module.token", ""); - if (s.equals("Internal Key Storage Token")) + if (s.equals("Internal Key Storage Token")) return false; } catch (Exception e) { } - + return true; } @@ -122,15 +121,16 @@ public class BackupKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -138,8 +138,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Export Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); @@ -170,12 +169,13 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String select = HttpInput.getID(request, "choice"); if (select.equals("backupkey")) { String pwd = request.getParameter("__pwd"); String pwdAgain = request.getParameter("__pwdagain"); - if (pwd == null || pwdAgain == null || pwd.equals("") || pwdAgain.equals("")) { + if (pwd == null || pwdAgain == null || pwd.equals("") + || pwdAgain.equals("")) { CMS.debug("BackupKeyCertPanel validate: Password is null"); context.put("updateStatus", "validate-failure"); throw new IOException("PK12 password is empty."); @@ -184,7 +184,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { if (!pwd.equals(pwdAgain)) { CMS.debug("BackupKeyCertPanel validate: Password and password again are not the same."); context.put("updateStatus", "validate-failure"); - throw new IOException("PK12 password is different from the PK12 password again."); + throw new IOException( + "PK12 password is different from the PK12 password again."); } } } @@ -193,8 +194,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String select = HttpInput.getID(request, "choice"); @@ -219,9 +219,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { String select = ""; try { select = HttpInput.getID(request, "choice"); @@ -242,8 +240,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { context.put("panel", "admin/console/config/backupkeycertpanel.vm"); } - public void backupKeysCerts(HttpServletRequest request) - throws IOException { + public void backupKeysCerts(HttpServletRequest request) throws IOException { CMS.debug("BackupKeyCertPanel backupKeysCerts: start"); IConfigStore cs = CMS.getConfigStore(); String certlist = ""; @@ -257,9 +254,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { cm = CryptoManager.getInstance(); } catch (Exception e) { - CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("BackupKeyCertPanel::backupKeysCerts() - " + "Exception=" + + e.toString()); + throw new IOException(e.toString()); } String pwd = request.getParameter("__pwd"); @@ -273,12 +270,12 @@ public class BackupKeyCertPanel extends WizardPanelBase { String nickname = ""; String modname = ""; try { - nickname = cs.getString("preop.cert."+t+".nickname"); + nickname = cs.getString("preop.cert." + t + ".nickname"); modname = cs.getString("preop.module.token"); } catch (Exception e) { } if (!modname.equals("Internal Key Storage Token")) - nickname = modname+":"+nickname; + nickname = modname + ":" + nickname; X509Certificate x509cert = null; byte localKeyId[] = null; @@ -288,7 +285,7 @@ public class BackupKeyCertPanel extends WizardPanelBase { } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } @@ -296,22 +293,24 @@ public class BackupKeyCertPanel extends WizardPanelBase { PrivateKey pkey = cm.findPrivKeyByCert(x509cert); addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel: Exception=" + e.toString()); throw new IOException("Failed to create pkcs12 file."); } - } //while loop - + } // while loop + X509Certificate[] cacerts = cm.getCACerts(); - for (int i=0; i<cacerts.length; i++) { - //String nickname = cacerts[i].getSubjectDN().toString(); + for (int i = 0; i < cacerts.length; i++) { + // String nickname = cacerts[i].getSubjectDN().toString(); String nickname = null; try { - byte[] localKeyId = addCertBag(cacerts[i], nickname, safeContents); + byte[] localKeyId = addCertBag(cacerts[i], nickname, + safeContents); } catch (IOException e) { throw e; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + + e.toString()); throw new IOException("Failed to create pkcs12 file."); } } @@ -319,9 +318,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { try { AuthenticatedSafes authSafes = new AuthenticatedSafes(); authSafes.addSafeContents(safeContents); - authSafes.addSafeContents(encSafeContents); + authSafes.addSafeContents(encSafeContents); PFX pfx = new PFX(authSafes); - pfx.computeMacData(pass, null, 5); + pfx.computeMacData(pass, null, 5); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pfx.encode(bos); byte[] output = bos.toByteArray(); @@ -329,13 +328,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { pass.clear(); cs.commit(false); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + + e.toString()); } } private void addKeyBag(PrivateKey pkey, X509Certificate x509cert, - Password pass, byte[] localKeyId, SEQUENCE safeContents) - throws IOException { + Password pass, byte[] localKeyId, SEQUENCE safeContents) + throws IOException { try { PasswordConverter passConverter = new PasswordConverter(); @@ -343,24 +343,24 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte salt[] = random.generateSeed(4); // 4 bytes salt byte[] priData = getEncodedKey(pkey); - PrivateKeyInfo pki = (PrivateKeyInfo) - ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); + PrivateKeyInfo pki = (PrivateKeyInfo) ASN1Util.decode( + PrivateKeyInfo.getTemplate(), priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, - pass, salt, 1, passConverter, pki); - SET keyAttrs = createBagAttrs( - x509cert.getSubjectDN().toString(), localKeyId); - SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, - key, keyAttrs); + PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1, + passConverter, pki); + SET keyAttrs = createBagAttrs(x509cert.getSubjectDN().toString(), + localKeyId); + SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, key, + keyAttrs); safeContents.addElement(keyBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString()); throw new IOException("Failed to create pk12 file."); } } - private byte[] addCertBag(X509Certificate x509cert, String nickname, - SEQUENCE safeContents) throws IOException { + private byte[] addCertBag(X509Certificate x509cert, String nickname, + SEQUENCE safeContents) throws IOException { byte[] localKeyId = null; try { ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); @@ -368,11 +368,11 @@ public class BackupKeyCertPanel extends WizardPanelBase { SET certAttrs = null; if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId); - SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, - new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); + SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, new CertBag( + CertBag.X509_CERT_TYPE, cert), certAttrs); safeContents.addElement(certBag); } catch (Exception e) { - CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString()); + CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString()); throw new IOException("Failed to create pk12 file."); } @@ -385,8 +385,9 @@ public class BackupKeyCertPanel extends WizardPanelBase { CryptoToken token = cm.getInternalKeyStorageToken(); KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + KeyWrapper wrapper = token + .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); wrapper.initWrap(sk, param); byte[] enckey = wrapper.wrap(pkey); @@ -395,14 +396,14 @@ public class BackupKeyCertPanel extends WizardPanelBase { byte[] recovered = c.doFinal(enckey); return recovered; } catch (Exception e) { - CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + + e.toString()); } return null; } - private byte[] createLocalKeyId(X509Certificate cert) - throws IOException { + private byte[] createLocalKeyId(X509Certificate cert) throws IOException { try { // SHA1 hash of the X509Cert der encoding byte certDer[] = cert.getEncoded(); @@ -412,16 +413,18 @@ public class BackupKeyCertPanel extends WizardPanelBase { md.update(certDer); return md.digest(); } catch (CertificateEncodingException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + + e.toString()); throw new IOException("Failed to encode certificate."); } catch (NoSuchAlgorithmException e) { - CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString()); + CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + + e.toString()); throw new IOException("No such algorithm supported."); } } private SET createBagAttrs(String nickName, byte localKeyId[]) - throws IOException { + throws IOException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -442,7 +445,8 @@ public class BackupKeyCertPanel extends WizardPanelBase { attrs.addElement(localKeyAttr); return attrs; } catch (CharConversionException e) { - CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString()); + CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + + e.toString()); throw new IOException("Failed to create PKCS12 file."); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 01d06631..74961c49 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; @@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet; import com.netscape.certsrv.apps.CMS; - public class BaseServlet extends VelocityServlet { /** @@ -46,14 +44,14 @@ public class BaseServlet extends VelocityServlet { } public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String pin = (String) request.getSession().getAttribute("pin"); if (pin == null) { try { response.sendRedirect("login"); - } catch (IOException e) {} + } catch (IOException e) { + } return false; } return true; @@ -66,29 +64,26 @@ public class BaseServlet extends VelocityServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || pn.endsWith("password") + || pn.endsWith("passwd") || pn.endsWith("pwd") + || pn.equalsIgnoreCase("admin_password_again") + || pn.equalsIgnoreCase("directoryManagerPwd") + || pn.equalsIgnoreCase("bindpassword") + || pn.equalsIgnoreCase("bindpwd") + || pn.equalsIgnoreCase("passwd") + || pn.equalsIgnoreCase("password") + || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") + || pn.equalsIgnoreCase("pwdagain") + || pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } @@ -97,14 +92,12 @@ public class BaseServlet extends VelocityServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { return null; } public Template handleRequest(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { if (CMS.debugOn()) { outputHttpParameters(request); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java index 33a0ff69..5e4c015e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CAInfoPanel extends WizardPanelBase { - public CAInfoPanel() {} + public CAInfoPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("CA Information"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("CA Information"); setId(id); @@ -82,14 +81,15 @@ public class CAInfoPanel extends WizardPanelBase { } else { return true; } - } catch (Exception e) {} + } catch (Exception e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -97,8 +97,7 @@ public class CAInfoPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("CAInfoPanel: display"); IConfigStore cs = CMS.getConfigStore(); @@ -118,15 +117,18 @@ public class CAInfoPanel extends WizardPanelBase { try { hostname = cs.getString("preop.ca.hostname"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpport = cs.getString("preop.ca.httpport"); - } catch (Exception e) {} + } catch (Exception e) { + } try { httpsport = cs.getString("preop.ca.httpsport"); - } catch (Exception e) {} + } catch (Exception e) { + } if (type.equals("sdca")) { context.put("check_sdca", "checked"); @@ -143,12 +145,11 @@ public class CAInfoPanel extends WizardPanelBase { String cstype = "CA"; String portType = "SecurePort"; -/* - try { - cstype = cs.getString("cs.type", ""); - } catch (EBaseException e) {} -*/ - + /* + * try { cstype = cs.getString("cs.type", ""); } catch (EBaseException + * e) {} + */ + CMS.debug("CAInfoPanel: Ready to get url"); Vector v = getUrlListFromSecurityDomain(cs, cstype, portType); v.addElement("External CA"); @@ -163,12 +164,13 @@ public class CAInfoPanel extends WizardPanelBase { list.append(","); } } - + try { cs.putString("preop.ca.list", list.toString()); cs.commit(false); - } catch (Exception e) {} - + } catch (Exception e) { + } + context.put("urls", v); context.put("sdcaHostname", hostname); @@ -183,8 +185,7 @@ public class CAInfoPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); } @@ -192,20 +193,18 @@ public class CAInfoPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { /* - String select = request.getParameter("choice"); - if (select == null) { - CMS.debug("CAInfoPanel: choice not found"); - throw new IOException("choice not found"); - } + * String select = request.getParameter("choice"); if (select == null) { + * CMS.debug("CAInfoPanel: choice not found"); throw new + * IOException("choice not found"); } */ IConfigStore config = CMS.getConfigStore(); try { - String subsystemselect = config.getString("preop.subsystem.select", ""); + String subsystemselect = config.getString("preop.subsystem.select", + ""); if (subsystemselect.equals("clone")) return; } catch (Exception e) { @@ -213,25 +212,26 @@ public class CAInfoPanel extends WizardPanelBase { String select = null; String index = request.getParameter("urls"); - String url = ""; + String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } URL urlx = null; @@ -240,7 +240,7 @@ public class CAInfoPanel extends WizardPanelBase { select = "otherca"; config.putString("preop.ca.pkcs7", ""); config.putInteger("preop.ca.certchain.size", 0); - } else { + } else { select = "sdca"; // parse URL (CA1 - https://...) @@ -272,10 +272,12 @@ public class CAInfoPanel extends WizardPanelBase { try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, + String hostname, String httpsPortStr) throws IOException { CMS.debug("CAInfoPanel update: this is the CA in the security domain."); IConfigStore config = CMS.getConfigStore(); @@ -292,26 +294,23 @@ public class CAInfoPanel extends WizardPanelBase { try { httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug( - "CAInfoPanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug("CAInfoPanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Http Port is not valid."); } config.putString("preop.ca.hostname", hostname); config.putString("preop.ca.httpsport", httpsPortStr); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, - httpsport, true, context, - certApprovalCallback ); + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, + true, context, certApprovalCallback); } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { /* This should never be called */ context.put("title", "CA Information"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java index fb8c2d9c..0aedded8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java @@ -17,9 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - - - public class Cert { private String mNickname = ""; private String mTokenname = ""; @@ -116,8 +113,8 @@ public class Cert { } public String escapeForHTML(String s) { - s = s.replaceAll("\"", """); - return s; + s = s.replaceAll("\"", """); + return s; } public String getEscapedDN() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java index 30bcc78d..15059d08 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; import java.util.StringTokenizer; @@ -42,19 +41,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class CertPrettyPrintPanel extends WizardPanelBase { private Vector mCerts = null; - public CertPrettyPrintPanel() {} + public CertPrettyPrintPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Certificates"); setId(id); @@ -63,7 +62,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public PropertySet getUsage() { // expects no input from client PropertySet set = new PropertySet(); - + return set; } @@ -75,15 +74,15 @@ public class CertPrettyPrintPanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done", - false); + boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done", false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -93,8 +92,10 @@ public class CertPrettyPrintPanel extends WizardPanelBase { CMS.debug("CertPrettyPrintPanel: in getCert()"); try { // String cert = config.getString(CONF_CA_CERT); - String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); - String certs = config.getString(subsystem + "." + certTag + ".cert"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); + String certs = config + .getString(subsystem + "." + certTag + ".cert"); byte[] certb = CryptoUtil.base64Decode(certs); if (cert != null) { @@ -116,8 +117,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("CertPrettyPrintPanel: display()"); context.put("title", "Certificates Pretty Print"); @@ -134,32 +134,30 @@ public class CertPrettyPrintPanel extends WizardPanelBase { String certTag = st.nextToken(); try { - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); - String nickname = config.getString( - subsystem + "." + certTag + ".nickname"); - String tokenname = config.getString( - subsystem + "." + certTag + ".tokenname"); + String nickname = config.getString(subsystem + "." + + certTag + ".nickname"); + String tokenname = config.getString(subsystem + "." + + certTag + ".tokenname"); Cert c = new Cert(tokenname, nickname, certTag); - String type = config.getString( - PCERT_PREFIX + certTag + ".type"); + String type = config.getString(PCERT_PREFIX + certTag + + ".type"); c.setType(type); getCert(request, config, context, certTag, c); mCerts.addElement(c); } catch (Exception e) { - CMS.debug( - "CertPrettyPrintPanel: display() certTag " + certTag - + " Exception caught: " + e.toString()); + CMS.debug("CertPrettyPrintPanel: display() certTag " + + certTag + " Exception caught: " + e.toString()); } } } catch (Exception e) { - CMS.debug( - "CertPrettyPrintPanel:display() Exception caught: " - + e.toString()); + CMS.debug("CertPrettyPrintPanel:display() Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } // try @@ -175,25 +173,22 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { CMS.debug("CertPrettyPrintPanel: in update()"); IConfigStore config = CMS.getConfigStore(); config.putBoolean("preop.CertPrettyPrintPanel.done", true); try { config.commit(false); } catch (EBaseException e) { - CMS.debug( - "CertPrettyPrintPanel: update() Exception caught at config commit: " - + e.toString()); + CMS.debug("CertPrettyPrintPanel: update() Exception caught at config commit: " + + e.toString()); } } @@ -201,8 +196,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Certificates Pretty Print"); context.put("panel", "admin/console/config/certprettyprintpanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java index 5e783b1a..962c9080 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.security.Principal; @@ -58,35 +57,38 @@ public class CertRequestPanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public CertRequestPanel() {} + public CertRequestPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Requests & Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Requests and Certificates"); mServlet = servlet; setId(id); } - // XXX how do you do this? There could be multiple certs. + // XXX how do you do this? There could be multiple certs. public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameters */ - null); + + Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameters */ + null); set.add("cert", certDesc); - + return set; } @@ -95,13 +97,13 @@ public class CertRequestPanel extends WizardPanelBase { */ public boolean showApplyButton() { if (isPanelDone()) - return false; + return false; else - return true; + return true; } - private boolean findCertificate(String tokenname, String nickname) - throws IOException { + private boolean findCertificate(String tokenname, String nickname) + throws IOException { IConfigStore cs = CMS.getConfigStore(); CryptoManager cm = null; try { @@ -112,9 +114,10 @@ public class CertRequestPanel extends WizardPanelBase { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } try { @@ -126,16 +129,23 @@ public class CertRequestPanel extends WizardPanelBase { return true; } catch (Exception ee) { if (hardware) { - CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); - throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding."); + CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + + fullnickname + + " has been found on HSM. Please remove it before proceeding."); + throw new IOException( + "The certificate with the same nickname: " + + fullnickname + + " has been found on HSM. Please remove it before proceeding."); } return true; } } catch (IOException e) { - CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString()); + CMS.debug("CertRequestPanel findCertificate: throw exception:" + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString()); + CMS.debug("CertRequestPanel findCertificate: Exception=" + + e.toString()); return false; } } @@ -148,13 +158,13 @@ public class CertRequestPanel extends WizardPanelBase { try { select = cs.getString("preop.subsystem.select", ""); list = cs.getString("preop.cert.list", ""); - tokenname = cs.getString("preop.module.token", ""); + tokenname = cs.getString("preop.module.token", ""); } catch (Exception e) { } - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); - + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); + if (ca != null) { CMS.debug("CertRequestPanel cleanup: get certificate repository"); BigInteger beginS = null; @@ -176,27 +186,28 @@ public class CertRequestPanel extends WizardPanelBase { try { cr.removeCertRecords(beginS, endS); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + + e.toString()); } - + try { - cr.resetSerialNumber(new BigInteger(beginNum,16)); + cr.resetSerialNumber(new BigInteger(beginNum, 16)); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString()); + CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + + e.toString()); } } } - StringTokenizer st = new StringTokenizer(list, ","); String nickname = ""; boolean enable = false; while (st.hasMoreTokens()) { String t = st.nextToken(); - + try { - enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true); - nickname = cs.getString(PCERT_PREFIX +t+".nickname", ""); + enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true); + nickname = cs.getString(PCERT_PREFIX + t + ".nickname", ""); } catch (Exception e) { } @@ -208,10 +219,12 @@ public class CertRequestPanel extends WizardPanelBase { if (findCertificate(tokenname, nickname)) { try { - CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+")."); - deleteCert(tokenname, nickname); + CMS.debug("CertRequestPanel cleanup: deleting certificate (" + + nickname + ")."); + deleteCert(tokenname, nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString()); + CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + + nickname + "). Exception: " + e.toString()); } } } @@ -227,50 +240,50 @@ public class CertRequestPanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.CertRequestPanel.done", - false); + boolean s = cs.getBoolean("preop.CertRequestPanel.done", false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } - public void getCert(IConfigStore config, - Context context, String certTag, Cert cert) { + public void getCert(IConfigStore config, Context context, String certTag, + Cert cert) { try { - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); - String certs = config.getString(subsystem + "." + certTag + ".cert", ""); + String certs = config.getString( + subsystem + "." + certTag + ".cert", ""); if (cert != null) { String certf = certs; - CMS.debug( - "CertRequestPanel getCert: certTag=" + certTag + CMS.debug("CertRequestPanel getCert: certTag=" + certTag + " cert=" + certs); - //get and set formated cert - if (!certs.startsWith("...")) { + // get and set formated cert + if (!certs.startsWith("...")) { certf = CryptoUtil.certFormat(certs); } cert.setCert(certf); - //get and set cert pretty print + // get and set cert pretty print byte[] certb = CryptoUtil.base64Decode(certs); CertPrettyPrint pp = new CertPrettyPrint(certb); cert.setCertpp(pp.toString(Locale.getDefault())); } else { - CMS.debug( "CertRequestPanel::getCert() - cert is null!" ); + CMS.debug("CertRequestPanel::getCert() - cert is null!"); return; } - String userfriendlyname = config.getString( - PCERT_PREFIX + certTag + ".userfriendlyname"); + String userfriendlyname = config.getString(PCERT_PREFIX + certTag + + ".userfriendlyname"); cert.setUserFriendlyName(userfriendlyname); String type = config.getString(PCERT_PREFIX + certTag + ".type"); @@ -285,46 +298,45 @@ public class CertRequestPanel extends WizardPanelBase { } public X509Key getECCX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; - String pubKeyEncoded = config.getString( - PCERT_PREFIX + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString(PCERT_PREFIX + certTag + + ".pubkey.encoded"); + pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil + .string2byte(pubKeyEncoded)); return pubk; } public X509Key getRSAX509Key(IConfigStore config, String certTag) - throws Exception - { + throws Exception { X509Key pubk = null; - String pubKeyModulus = config.getString( - PCERT_PREFIX + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - PCERT_PREFIX + certTag + ".pubkey.exponent"); + String pubKeyModulus = config.getString(PCERT_PREFIX + certTag + + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString(PCERT_PREFIX + certTag + + ".pubkey.exponent"); pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); return pubk; } - public void handleCertRequest(IConfigStore config, - Context context, String certTag, Cert cert) { + public void handleCertRequest(IConfigStore config, Context context, + String certTag, Cert cert) { try { // get public key - String pubKeyType = config.getString( - PCERT_PREFIX + certTag + ".keytype"); - String algorithm = config.getString( - PCERT_PREFIX + certTag + ".keyalgorithm"); + String pubKeyType = config.getString(PCERT_PREFIX + certTag + + ".keytype"); + String algorithm = config.getString(PCERT_PREFIX + certTag + + ".keyalgorithm"); X509Key pubk = null; if (pubKeyType.equals("rsa")) { pubk = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { pubk = getECCX509Key(config, certTag); } else { - CMS.debug( "CertRequestPanel::handleCertRequest() - " - + "pubKeyType " + pubKeyType + " is unsupported!" ); + CMS.debug("CertRequestPanel::handleCertRequest() - " + + "pubKeyType " + pubKeyType + " is unsupported!"); return; } @@ -337,11 +349,11 @@ public class CertRequestPanel extends WizardPanelBase { } // get private key - String privKeyID = config.getString( - PCERT_PREFIX + certTag + ".privkey.id"); + String privKeyID = config.getString(PCERT_PREFIX + certTag + + ".privkey.id"); CMS.debug("CertRequestPanel: privKeyID=" + privKeyID); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); - + PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); if (privk != null) { @@ -349,7 +361,7 @@ public class CertRequestPanel extends WizardPanelBase { } else { CMS.debug("CertRequestPanel: error getting private key null"); } - + // construct cert request String caDN = config.getString(PCERT_PREFIX + certTag + ".dn"); @@ -361,9 +373,9 @@ public class CertRequestPanel extends WizardPanelBase { byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); String certReqf = CryptoUtil.reqFormat(certReqs); - - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", certReqs); config.commit(false); cert.setRequest(certReqf); @@ -378,8 +390,7 @@ public class CertRequestPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("CertRequestPanel: display()"); context.put("title", "Requests and Certificates"); @@ -396,36 +407,35 @@ public class CertRequestPanel extends WizardPanelBase { String certTag = st.nextToken(); try { - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - String nickname = config.getString( - subsystem + "." + certTag + ".nickname"); - String tokenname = config.getString( - subsystem + "." + certTag + ".tokenname"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); + String nickname = config.getString(subsystem + "." + + certTag + ".nickname"); + String tokenname = config.getString(subsystem + "." + + certTag + ".tokenname"); Cert c = new Cert(tokenname, nickname, certTag); handleCertRequest(config, context, certTag, c); - String type = config.getString( - PCERT_PREFIX + certTag + ".type"); + String type = config.getString(PCERT_PREFIX + certTag + + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + + ".enable", true); c.setEnable(enable); getCert(config, context, certTag, c); c.setSubsystem(subsystem); mCerts.addElement(c); } catch (Exception e) { - CMS.debug( - "CertRequestPanel:display() Exception caught: " - + e.toString() + " for certTag " + certTag); + CMS.debug("CertRequestPanel:display() Exception caught: " + + e.toString() + " for certTag " + certTag); } } } catch (Exception e) { - CMS.debug( - "CertRequestPanel:display() Exception caught: " - + e.toString()); + CMS.debug("CertRequestPanel:display() Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } // try @@ -441,8 +451,7 @@ public class CertRequestPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } private boolean findBootstrapServerCert() { @@ -458,7 +467,8 @@ public class CertRequestPanel extends WizardPanelBase { if (issuerDN.equals(subjectDN)) return true; } catch (Exception e) { - CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" + + e.toString()); } return false; @@ -472,7 +482,8 @@ public class CertRequestPanel extends WizardPanelBase { deleteCert("Internal Key Storage Token", nickname); } catch (Exception e) { - CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString()); + CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" + + e.toString()); } } @@ -480,8 +491,7 @@ public class CertRequestPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { CMS.debug("CertRequestPanel: in update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -502,7 +512,7 @@ public class CertRequestPanel extends WizardPanelBase { String tokenname = ""; try { - tokenname = config.getString("preop.module.token", ""); + tokenname = config.getString("preop.module.token", ""); } catch (Exception e) { } @@ -510,202 +520,216 @@ public class CertRequestPanel extends WizardPanelBase { Cert cert = (Cert) c.nextElement(); String certTag = cert.getCertTag(); String subsystem = cert.getSubsystem(); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + + ".enable", true); if (!enable) continue; - if (hasErr) + if (hasErr) continue; String nickname = cert.getNickname(); - CMS.debug( - "CertRequestPanel: update() for cert tag " - + cert.getCertTag()); - // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", ""); + CMS.debug("CertRequestPanel: update() for cert tag " + + cert.getCertTag()); + // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", + // ""); String b64 = HttpInput.getCert(request, certTag); if (cert.getType().equals("local") - && b64.equals( - "...certificate be generated internally...")) { + && b64.equals("...certificate be generated internally...")) { - String pubKeyType = config.getString( - PCERT_PREFIX + certTag + ".keytype"); + String pubKeyType = config.getString(PCERT_PREFIX + certTag + + ".keytype"); X509Key x509key = null; if (pubKeyType.equals("rsa")) { - x509key = getRSAX509Key(config, certTag); + x509key = getRSAX509Key(config, certTag); } else if (pubKeyType.equals("ecc")) { - x509key = getECCX509Key(config, certTag); + x509key = getECCX509Key(config, certTag); } - + if (findCertificate(tokenname, nickname)) { if (!certTag.equals("sslserver")) - continue; + continue; } - X509CertImpl impl = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, cert.getType(), context); + X509CertImpl impl = CertUtil.createLocalCert(config, + x509key, PCERT_PREFIX, certTag, cert.getType(), + context); if (impl != null) { - byte[] certb = impl.getEncoded(); + byte[] certb = impl.getEncoded(); String certs = CryptoUtil.base64Encode(certb); cert.setCert(certs); - config.putString(subsystem + "." + certTag + ".cert", certs); + config.putString(subsystem + "." + certTag + ".cert", + certs); /* import certificate */ - CMS.debug( - "CertRequestPanel configCert: nickname=" - + nickname); + CMS.debug("CertRequestPanel configCert: nickname=" + + nickname); try { - if (certTag.equals("sslserver") && findBootstrapServerCert()) + if (certTag.equals("sslserver") + && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) deleteCert(tokenname, nickname); - if (certTag.equals("signing") && subsystem.equals("ca")) - CryptoUtil.importUserCertificate(impl, nickname); + if (certTag.equals("signing") + && subsystem.equals("ca")) + CryptoUtil + .importUserCertificate(impl, nickname); else - CryptoUtil.importUserCertificate(impl, nickname, false); - CMS.debug( - "CertRequestPanel configCert: cert imported for certTag " - + certTag); + CryptoUtil.importUserCertificate(impl, + nickname, false); + CMS.debug("CertRequestPanel configCert: cert imported for certTag " + + certTag); } catch (Exception ee) { - CMS.debug( - "CertRequestPanel configCert: import certificate for certTag=" - + certTag + " Exception: " - + ee.toString()); + CMS.debug("CertRequestPanel configCert: import certificate for certTag=" + + certTag + " Exception: " + ee.toString()); CMS.debug("ok"); -// hasErr = true; + // hasErr = true; } } } else if (cert.getType().equals("remote")) { if (b64 != null && b64.length() > 0 && !b64.startsWith("...")) { - String b64chain = HttpInput.getCertChain(request, certTag+"_cc"); - CMS.debug( - "CertRequestPanel: in update() process remote...import cert"); + String b64chain = HttpInput.getCertChain(request, + certTag + "_cc"); + CMS.debug("CertRequestPanel: in update() process remote...import cert"); - String input = HttpInput.getCert(request, cert.getCertTag()); + String input = HttpInput.getCert(request, + cert.getCertTag()); if (input != null) { try { - if (certTag.equals("sslserver") && findBootstrapServerCert()) + if (certTag.equals("sslserver") + && findBootstrapServerCert()) deleteBootstrapServerCert(); - if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + if (findCertificate(tokenname, nickname)) { + deleteCert(tokenname, nickname); } } catch (Exception e) { - CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString()); + CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + + e.toString()); } input = CryptoUtil.stripCertBrackets(input.trim()); String certs = CryptoUtil.normalizeCertStr(input); byte[] certb = CryptoUtil.base64Decode(certs); - config.putString(subsystem + "." + certTag + ".cert", - certs); + config.putString(subsystem + "." + certTag + + ".cert", certs); try { CryptoManager cm = CryptoManager.getInstance(); - X509Certificate x509cert = cm.importCertPackage( - certb, nickname); + X509Certificate x509cert = cm + .importCertPackage(certb, nickname); CryptoUtil.trustCertByNickname(nickname); - X509Certificate[] certchains = cm.buildCertificateChain( - x509cert); + X509Certificate[] certchains = cm + .buildCertificateChain(x509cert); X509Certificate leaf = null; if (certchains != null) { - CMS.debug( - "CertRequestPanel certchains length=" - + certchains.length); + CMS.debug("CertRequestPanel certchains length=" + + certchains.length); leaf = certchains[certchains.length - 1]; } - if( leaf == null ) { - CMS.debug( "CertRequestPanel::update() - " - + "leaf is null!" ); - throw new IOException( "leaf is null" ); + if (leaf == null) { + CMS.debug("CertRequestPanel::update() - " + + "leaf is null!"); + throw new IOException("leaf is null"); } - if (/*(certchains.length <= 1) &&*/ - (b64chain != null && b64chain.length() != 0)) { - CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain); - try { - CryptoUtil.importCertificateChain( - CryptoUtil.normalizeCertAndReq(b64chain)); - } catch (Exception e) { - CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString()); - } + if (/* (certchains.length <= 1) && */ + (b64chain != null && b64chain.length() != 0)) { + CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + + b64chain); + try { + CryptoUtil + .importCertificateChain(CryptoUtil + .normalizeCertAndReq(b64chain)); + } catch (Exception e) { + CMS.debug("CertRequestPanel: importCertChain: Exception: " + + e.toString()); + } } InternalCertificate icert = (InternalCertificate) leaf; - icert.setSSLTrust( - InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); - CMS.debug( - "CertRequestPanel configCert: import certificate successfully, certTag=" - + certTag); + icert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); + CMS.debug("CertRequestPanel configCert: import certificate successfully, certTag=" + + certTag); } catch (Exception ee) { - CMS.debug( - "CertRequestPanel configCert: import certificate for certTag=" - + certTag + " Exception: " - + ee.toString()); + CMS.debug("CertRequestPanel configCert: import certificate for certTag=" + + certTag + + " Exception: " + + ee.toString()); CMS.debug("ok"); -// hasErr=true; + // hasErr=true; } } else { CMS.debug("CertRequestPanel: in update() input null"); hasErr = true; } } else { - CMS.debug("CertRequestPanel: in update() b64 not set"); - hasErr=true; + CMS.debug("CertRequestPanel: in update() b64 not set"); + hasErr = true; } - + } else { b64 = CryptoUtil.stripCertBrackets(b64.trim()); String certs = CryptoUtil.normalizeCertStr(b64); byte[] certb = CryptoUtil.base64Decode(certs); X509CertImpl impl = new X509CertImpl(certb); try { - if (certTag.equals("sslserver") && findBootstrapServerCert()) + if (certTag.equals("sslserver") + && findBootstrapServerCert()) deleteBootstrapServerCert(); if (findCertificate(tokenname, nickname)) { - deleteCert(tokenname, nickname); + deleteCert(tokenname, nickname); } } catch (Exception ee) { - CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString()); + CMS.debug("CertRequestPanel update: deleteCert Exception=" + + ee.toString()); } try { if (certTag.equals("signing") && subsystem.equals("ca")) CryptoUtil.importUserCertificate(impl, nickname); else - CryptoUtil.importUserCertificate(impl, nickname, false); + CryptoUtil.importUserCertificate(impl, nickname, + false); } catch (Exception ee) { - CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString()); - hasErr=true; + CMS.debug("CertRequestPanel: Failed to import user certificate." + + ee.toString()); + hasErr = true; } } - //update requests in request queue for local certs to allow renewal - if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) { - CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null); + // update requests in request queue for local certs to allow + // renewal + if ((cert.getType().equals("local")) + || (cert.getType().equals("selfsign"))) { + CertUtil.updateLocalRequest(config, certTag, + cert.getRequest(), "pkcs10", null); } if (certTag.equals("signing") && subsystem.equals("ca")) { String NickName = nickname; - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - NickName = tokenname+ ":"+ nickname; + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) + NickName = tokenname + ":" + nickname; - CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName); + CMS.debug("CertRequestPanel update: set trust on CA signing cert " + + NickName); CryptoUtil.trustCertByNickname(NickName); CMS.reinit(ICertificateAuthority.ID); - } - } //while loop + } + } // while loop if (hasErr == false) { - config.putBoolean("preop.CertRequestPanel.done", true); + config.putBoolean("preop.CertRequestPanel.done", true); } config.commit(false); } catch (Exception e) { @@ -713,7 +737,7 @@ public class CertRequestPanel extends WizardPanelBase { System.err.println("Exception caught: " + e.toString()); } - //reset the attribute of the user certificate to u,u,u + // reset the attribute of the user certificate to u,u,u String certlist = ""; try { certlist = config.getString("preop.cert.list", ""); @@ -723,25 +747,28 @@ public class CertRequestPanel extends WizardPanelBase { String tag = tokenizer.nextToken(); if (tag.equals("signing")) continue; - String nickname = config.getString("preop.cert."+tag+".nickname", ""); + String nickname = config.getString("preop.cert." + tag + + ".nickname", ""); String tokenname = config.getString("preop.module.token", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; X509Certificate c = cm.findCertByNickname(nickname); if (c instanceof InternalCertificate) { - InternalCertificate ic = (InternalCertificate)c; + InternalCertificate ic = (InternalCertificate) c; ic.setSSLTrust(InternalCertificate.USER); ic.setEmailTrust(InternalCertificate.USER); if (tag.equals("audit_signing")) { - ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); + ic.setObjectSigningTrust(InternalCertificate.USER + | InternalCertificate.VALID_PEER + | InternalCertificate.TRUSTED_PEER); } else { ic.setObjectSigningTrust(InternalCertificate.USER); } } - } + } } catch (Exception e) { } - if (!hasErr) { + if (!hasErr) { context.put("updateStatus", "success"); } else { context.put("updateStatus", "failure"); @@ -752,8 +779,7 @@ public class CertRequestPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Certificate Request"); context.put("panel", "admin/console/config/certrequestpanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 3725149d..0a6d3c60 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -64,13 +64,12 @@ import com.netscape.cmsutil.http.HttpResponse; import com.netscape.cmsutil.http.JssSSLSocketFactory; import com.netscape.cmsutil.xml.XMLObject; - public class CertUtil { static final int LINE_COUNT = 76; - public static X509CertImpl createRemoteCert(String hostname, - int port, String content, HttpServletResponse response, WizardPanelBase panel) - throws IOException { + public static X509CertImpl createRemoteCert(String hostname, int port, + String content, HttpServletResponse response, WizardPanelBase panel) + throws IOException { HttpClient httpclient = new HttpClient(); String c = null; CMS.debug("CertUtil createRemoteCert: content " + content); @@ -98,21 +97,22 @@ public class CertUtil { if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "CertUtil::createRemoteCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("CertUtil::createRemoteCert() - " + "Exception=" + + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); CMS.debug("CertUtil createRemoteCert: status=" + status); if (status.equals("2")) { - //relogin to the security domain + // relogin to the security domain panel.reloginSecurityDomain(response); return null; } else if (!status.equals("0")) { @@ -136,43 +136,43 @@ public class CertUtil { return null; } - public static String getPKCS10(IConfigStore config, String prefix, + public static String getPKCS10(IConfigStore config, String prefix, Cert certObj, Context context) throws IOException { String certTag = certObj.getCertTag(); X509Key pubk = null; try { - String pubKeyType = config.getString( - prefix + certTag + ".keytype"); - String algorithm = config.getString( - prefix + certTag + ".keyalgorithm"); + String pubKeyType = config.getString(prefix + certTag + ".keytype"); + String algorithm = config.getString(prefix + certTag + + ".keyalgorithm"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - prefix + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - prefix + certTag + ".pubkey.exponent"); - pubk = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); + String pubKeyModulus = config.getString(prefix + certTag + + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString(prefix + certTag + + ".pubkey.exponent"); + pubk = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil.string2byte(pubKeyPublicExponent)); } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( - prefix + certTag + ".pubkey.encoded"); - pubk = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString(prefix + certTag + + ".pubkey.encoded"); + pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil + .string2byte(pubKeyEncoded)); } else { - CMS.debug( "CertRequestPanel::getPKCS10() - " - + "public key type is unsupported!" ); - throw new IOException( "public key type is unsupported" ); + CMS.debug("CertRequestPanel::getPKCS10() - " + + "public key type is unsupported!"); + throw new IOException("public key type is unsupported"); } if (pubk != null) { CMS.debug("CertRequestPanel: got public key"); } else { CMS.debug("CertRequestPanel: error getting public key null"); - throw new IOException( "public key is null" ); + throw new IOException("public key is null"); } // get private key - String privKeyID = config.getString(prefix + certTag + ".privkey.id"); + String privKeyID = config.getString(prefix + certTag + + ".privkey.id"); byte[] keyIDb = CryptoUtil.string2byte(privKeyID); PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb); @@ -187,8 +187,8 @@ public class CertUtil { String dn = config.getString(prefix + certTag + ".dn"); PKCS10 certReq = null; - certReq = CryptoUtil.createCertificationRequest(dn, pubk, - privk, algorithm); + certReq = CryptoUtil.createCertificationRequest(dn, pubk, privk, + algorithm); byte[] certReqb = certReq.toByteArray(); String certReqs = CryptoUtil.base64Encode(certReqb); @@ -201,15 +201,15 @@ public class CertUtil { } } - -/* - * create requests so renewal can work on these initial certs - */ - public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException { -// RequestId rid = new RequestId(serialNum); + /* + * create requests so renewal can work on these initial certs + */ + public static IRequest createLocalRequest(IRequestQueue queue, + String serialNum, X509CertInfo info) throws EBaseException { + // RequestId rid = new RequestId(serialNum); // just need a request, no need to get into a queue -// IRequest r = new EnrollmentRequest(rid); - CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum); + // IRequest r = new EnrollmentRequest(rid); + CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum); IRequest req = queue.newRequest("enrollment"); CMS.debug("certUtil: newRequest called"); req.setExtData("profile", "true"); @@ -217,14 +217,14 @@ public class CertUtil { req.setExtData("req_seq_num", "0"); req.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); req.setExtData(IEnrollProfile.REQUEST_EXTENSIONS, - new CertificateExtensions()); + new CertificateExtensions()); req.setExtData("requesttype", "enrollment"); req.setExtData("requestor_name", ""); req.setExtData("requestor_email", ""); req.setExtData("requestor_phone", ""); req.setExtData("profileRemoteHost", ""); req.setExtData("profileRemoteAddr", ""); - req.setExtData("requestnotes",""); + req.setExtData("requestnotes", ""); req.setExtData("isencryptioncert", "false"); req.setExtData("profileapprovedby", "system"); @@ -235,18 +235,19 @@ public class CertUtil { return req; } -/** - * update local cert request with the actual request - * called from CertRequestPanel.java - */ - public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) - { - try { + /** + * update local cert request with the actual request called from + * CertRequestPanel.java + */ + public static void updateLocalRequest(IConfigStore config, String certTag, + String certReq, String reqType, String subjectName) { + try { CMS.debug("Updating local request... certTag=" + certTag); - RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId")); + RequestId rid = new RequestId(config.getString("preop.cert." + + certTag + ".reqId")); - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); IRequestQueue queue = ca.getRequestQueue(); if (queue != null) { @@ -262,76 +263,84 @@ public class CertUtil { } queue.updateRequest(req); } else { - CMS.debug("CertUtil:updateLocalRequest - request queue = null"); + CMS.debug("CertUtil:updateLocalRequest - request queue = null"); } } catch (Exception e) { CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString()); } } -/** - * reads from the admin cert profile caAdminCert.profile and takes the first - * entry in the list of allowed algorithms. Users that wish a different algorithm - * can specify it in the profile using default.params.signingAlg - */ + /** + * reads from the admin cert profile caAdminCert.profile and takes the first + * entry in the list of allowed algorithms. Users that wish a different + * algorithm can specify it in the profile using default.params.signingAlg + */ public static String getAdminProfileAlgorithm(IConfigStore config) { String algorithm = "SHA256withRSA"; try { - String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa"); + String caSigningKeyType = config.getString( + "preop.cert.signing.keytype", "rsa"); String pfile = config.getString("profile.caAdminCert.config"); FileInputStream fis = new FileInputStream(pfile); DataInputStream in = new DataInputStream(fis); BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String strLine; - while ((strLine = br.readLine()) != null) { - String marker2 = "default.params.signingAlg="; - int indx = strLine.indexOf(marker2); - if (indx != -1) { - String alg = strLine.substring(indx + marker2.length()); - if ((alg.length() > 0) && (!alg.equals("-"))) { - algorithm = alg; - break; - }; - }; - - String marker = "signingAlgsAllowed="; - indx = strLine.indexOf(marker); - if (indx != -1) { - String[] algs = strLine.substring(indx + marker.length()).split(","); - for (int i=0; i<algs.length; i++) { - if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) || - (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) { - algorithm = algs[i]; - break; - } - } - } - } - in.close(); + String strLine; + while ((strLine = br.readLine()) != null) { + String marker2 = "default.params.signingAlg="; + int indx = strLine.indexOf(marker2); + if (indx != -1) { + String alg = strLine.substring(indx + marker2.length()); + if ((alg.length() > 0) && (!alg.equals("-"))) { + algorithm = alg; + break; + } + ; + } + ; + + String marker = "signingAlgsAllowed="; + indx = strLine.indexOf(marker); + if (indx != -1) { + String[] algs = strLine.substring(indx + marker.length()) + .split(","); + for (int i = 0; i < algs.length; i++) { + if ((caSigningKeyType.equals("rsa") && (algs[i] + .indexOf("RSA") != -1)) + || (caSigningKeyType.equals("ecc") && (algs[i] + .indexOf("EC") != -1))) { + algorithm = algs[i]; + break; + } + } + } + } + in.close(); } catch (Exception e) { CMS.debug("getAdminProfleAlgorithm: exception: " + e); } return algorithm; } - public static X509CertImpl createLocalCert(IConfigStore config, X509Key x509key, - String prefix, String certTag, String type, Context context) throws IOException { + public static X509CertImpl createLocalCert(IConfigStore config, + X509Key x509key, String prefix, String certTag, String type, + Context context) throws IOException { CMS.debug("Creating local certificate... certTag=" + certTag); String profile = null; try { profile = config.getString(prefix + certTag + ".profile"); - } catch (Exception e) {} + } catch (Exception e) { + } X509CertImpl cert = null; ICertificateAuthority ca = null; ICertificateRepository cr = null; RequestId reqId = null; String profileId = null; - IRequestQueue queue = null; + IRequestQueue queue = null; IRequest req = null; try { @@ -344,38 +353,40 @@ public class CertUtil { if (certTag.equals("admin")) { keyAlgorithm = getAdminProfileAlgorithm(config); } else { - keyAlgorithm = config.getString(prefix + certTag + ".keyalgorithm"); + keyAlgorithm = config.getString(prefix + certTag + + ".keyalgorithm"); } - ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); cr = (ICertificateRepository) ca.getCertificateRepository(); BigInteger serialNo = cr.getNextSerialNumber(); if (type.equals("selfsign")) { CMS.debug("Creating local certificate... issuerdn=" + dn); CMS.debug("Creating local certificate... dn=" + dn); - info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date, - date, keyAlgorithm); - } else { + info = CryptoUtil.createX509CertInfo(x509key, + serialNo.intValue(), dn, dn, date, date, keyAlgorithm); + } else { String issuerdn = config.getString("preop.cert.signing.dn", ""); CMS.debug("Creating local certificate... issuerdn=" + issuerdn); CMS.debug("Creating local certificate... dn=" + dn); info = CryptoUtil.createX509CertInfo(x509key, - serialNo.intValue(), issuerdn, dn, date, date, keyAlgorithm); + serialNo.intValue(), issuerdn, dn, date, date, + keyAlgorithm); } CMS.debug("Cert Template: " + info.toString()); String instanceRoot = config.getString("instanceRoot"); - CertInfoProfile processor = new CertInfoProfile( - instanceRoot + "/conf/" + profile); + CertInfoProfile processor = new CertInfoProfile(instanceRoot + + "/conf/" + profile); // cfu - create request to enable renewal try { queue = ca.getRequestQueue(); if (queue != null) { req = createLocalRequest(queue, serialNo.toString(), info); - CMS.debug("CertUtil profile name= "+profile); + CMS.debug("CertUtil profile name= " + profile); req.setExtData("req_key", x509key.toString()); // store original profile id in cert request @@ -387,59 +398,60 @@ public class CertUtil { String name = profile.substring(0, idx); req.setExtData("origprofileid", name); } - + // store mapped profile ID for use in renewal profileId = processor.getProfileIDMapping(); req.setExtData("profileid", profileId); - req.setExtData("profilesetid", processor.getProfileSetIDMapping()); + req.setExtData("profilesetid", + processor.getProfileSetIDMapping()); reqId = req.getRequestId(); - config.putString("preop.cert." + certTag + ".reqId", reqId.toString()); + config.putString("preop.cert." + certTag + ".reqId", + reqId.toString()); } else { CMS.debug("certUtil: requestQueue null"); } } catch (Exception e) { - CMS.debug("Creating local request exception:"+e.toString()); + CMS.debug("Creating local request exception:" + e.toString()); } processor.populate(info); - String caPriKeyID = config.getString( - prefix + "signing" + ".privkey.id"); + String caPriKeyID = config.getString(prefix + "signing" + + ".privkey.id"); byte[] keyIDb = CryptoUtil.string2byte(caPriKeyID); - PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID( - keyIDb); + PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(keyIDb); - if( caPrik == null ) { - CMS.debug( "CertUtil::createSelfSignedCert() - " - + "CA private key is null!" ); - throw new IOException( "CA private key is null" ); + if (caPrik == null) { + CMS.debug("CertUtil::createSelfSignedCert() - " + + "CA private key is null!"); + throw new IOException("CA private key is null"); } else { CMS.debug("CertUtil createSelfSignedCert: got CA private key"); } String keyAlgo = x509key.getAlgorithm(); CMS.debug("key algorithm is " + keyAlgo); - String caSigningKeyType = - config.getString("preop.cert.signing.keytype","rsa"); - String caSigningKeyAlgo = ""; - if (type.equals("selfsign")) { - caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA"); + String caSigningKeyType = config.getString( + "preop.cert.signing.keytype", "rsa"); + String caSigningKeyAlgo = ""; + if (type.equals("selfsign")) { + caSigningKeyAlgo = config.getString( + "preop.cert.signing.keyalgorithm", "SHA256withRSA"); } else { - caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA"); + caSigningKeyAlgo = config.getString( + "preop.cert.signing.signingalgorithm", "SHA256withRSA"); } CMS.debug("CA Signing Key type " + caSigningKeyType); CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo); if (caSigningKeyType.equals("ecc")) { - CMS.debug("CA signing cert is ECC"); - cert = CryptoUtil.signECCCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is ECC"); + cert = CryptoUtil.signECCCert(caPrik, info, caSigningKeyAlgo); } else { - CMS.debug("CA signing cert is not ecc"); - cert = CryptoUtil.signCert(caPrik, info, - caSigningKeyAlgo); + CMS.debug("CA signing cert is not ecc"); + cert = CryptoUtil.signCert(caPrik, info, caSigningKeyAlgo); } if (cert != null) { @@ -453,7 +465,8 @@ public class CertUtil { if (cr == null) { context.put("errorString", "Ceritifcate Authority is not ready to serve."); - throw new IOException("Ceritifcate Authority is not ready to serve."); + throw new IOException( + "Ceritifcate Authority is not ready to serve."); } ICertRecord record = null; @@ -462,23 +475,21 @@ public class CertUtil { if (reqId != null) { meta.set(ICertRecord.META_REQUEST_ID, reqId.toString()); } - + meta.set(ICertRecord.META_PROFILE_ID, profileId); - record = (ICertRecord) cr.createCertRecord( - cert.getSerialNumber(), cert, meta); + record = (ICertRecord) cr.createCertRecord(cert.getSerialNumber(), + cert, meta); } catch (Exception e) { - CMS.debug( - "NamePanel configCert: failed to add metainfo. Exception: " + e.toString()); + CMS.debug("NamePanel configCert: failed to add metainfo. Exception: " + + e.toString()); } try { cr.addCertificateRecord(record); - CMS.debug( - "NamePanel configCert: finished adding certificate record."); + CMS.debug("NamePanel configCert: finished adding certificate record."); } catch (Exception e) { - CMS.debug( - "NamePanel configCert: failed to add certificate record. Exception: " - + e.toString()); + CMS.debug("NamePanel configCert: failed to add certificate record. Exception: " + + e.toString()); try { cr.deleteCertificateRecord(record.getSerialNumber()); cr.addCertificateRecord(record); @@ -488,10 +499,10 @@ public class CertUtil { } if (req != null) { - // update request with cert + // update request with cert req.setExtData(IEnrollProfile.REQUEST_ISSUED_CERT, cert); - // store request in db + // store request in db try { CMS.debug("certUtil: before updateRequest"); if (queue != null) { @@ -507,21 +518,21 @@ public class CertUtil { public static void addUserCertificate(X509CertImpl cert) { IConfigStore cs = CMS.getConfigStore(); - int num=0; + int num = 0; try { num = cs.getInteger("preop.subsystem.count", 0); } catch (Exception e) { } IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); - String id = "user"+num; + String id = "user" + num; - try { - String sysType = cs.getString("cs.type", ""); - String machineName = cs.getString("machineName", ""); - String securePort = cs.getString("service.securePort", ""); - id = sysType + "-" + machineName + "-" + securePort; + try { + String sysType = cs.getString("cs.type", ""); + String machineName = cs.getString("machineName", ""); + String securePort = cs.getString("service.securePort", ""); + id = sysType + "-" + machineName + "-" + securePort; } catch (Exception e1) { - // ignore + // ignore } num++; @@ -566,7 +577,7 @@ public class CertUtil { system.addUserCert(user); CMS.debug("CertUtil addUserCertificate: successfully add the user certificate"); } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate exception="+e.toString()); + CMS.debug("CertUtil addUserCertificate exception=" + e.toString()); } IGroup group = null; @@ -580,7 +591,8 @@ public class CertUtil { CMS.debug("CertUtil addUserCertificate: update: successfully added the user to the group."); } } catch (Exception e) { - CMS.debug("CertUtil addUserCertificate update: modifyGroup " + e.toString()); + CMS.debug("CertUtil addUserCertificate update: modifyGroup " + + e.toString()); } } @@ -603,17 +615,17 @@ public class CertUtil { } if (content.length() > 0) result.append(content); - result.append("\n"); + result.append("\n"); return result.toString(); } public static boolean privateKeyExistsOnToken(String certTag, - String tokenname, String nickname) { + String tokenname, String nickname) { IConfigStore cs = CMS.getConfigStore(); String givenid = ""; try { - givenid = cs.getString("preop.cert."+certTag+".privkey.id"); + givenid = cs.getString("preop.cert." + certTag + ".privkey.id"); } catch (Exception e) { CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet."); return false; @@ -622,9 +634,10 @@ public class CertUtil { String fullnickname = nickname; boolean hardware = false; - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) { + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) { hardware = true; - fullnickname = tokenname+":"+nickname; + fullnickname = tokenname + ":" + nickname; } X509Certificate cert = null; @@ -633,7 +646,8 @@ public class CertUtil { cm = CryptoManager.getInstance(); cert = cm.findCertByNickname(fullnickname); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" + + fullnickname + " Exception:" + e.toString()); return false; } @@ -641,19 +655,22 @@ public class CertUtil { try { privKey = cm.findPrivKeyByCert(cert); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + + fullnickname + ") exception: " + e.toString()); return false; } if (privKey == null) { - CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")"); + CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + + fullnickname + ")"); return false; } else { String str = ""; try { str = CryptoUtil.byte2string(privKey.getUniqueID()); } catch (Exception e) { - CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString()); + CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " + + e.toString()); } if (str.equals(givenid)) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java index b3c10b6e..a28ae76b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java @@ -36,7 +36,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class CheckIdentity extends CMSServlet { /** @@ -52,6 +51,7 @@ public class CheckIdentity extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -61,7 +61,8 @@ public class CheckIdentity extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -74,12 +75,12 @@ public class CheckIdentity extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("CheckIdentity authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, "Error: Not authenticated"); return; - } + } try { XMLObject xmlObj = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java index f2587300..e1d18140 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public abstract class ConfigBaseServlet extends BaseServlet { /** * @@ -36,8 +34,7 @@ public abstract class ConfigBaseServlet extends BaseServlet { private static final long serialVersionUID = 7692352201878710530L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String display = request.getParameter("display"); if (display == null) { @@ -50,43 +47,40 @@ public abstract class ConfigBaseServlet extends BaseServlet { public abstract void display(HttpServletRequest request, HttpServletResponse response, Context context); - public abstract void update(HttpServletRequest request, + public abstract void update(HttpServletRequest request, HttpServletResponse response, Context context); public abstract Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context); + HttpServletResponse response, Context context); public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("ConfigBaseServlet:service() uri = " + httpReq.getRequestURI()); + CMS.debug("ConfigBaseServlet:service() uri = " + + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || pn.endsWith("password") + || pn.endsWith("passwd") || pn.endsWith("pwd") + || pn.equalsIgnoreCase("admin_password_again") + || pn.equalsIgnoreCase("directoryManagerPwd") + || pn.equalsIgnoreCase("bindpassword") + || pn.equalsIgnoreCase("bindpwd") + || pn.equalsIgnoreCase("passwd") + || pn.equalsIgnoreCase("password") + || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") + || pn.equalsIgnoreCase("pwdagain") + || pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("ConfigBaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } @@ -95,9 +89,8 @@ public abstract class ConfigBaseServlet extends BaseServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { - + HttpServletResponse response, Context context) { + if (CMS.debugOn()) { outputHttpParameters(request); } @@ -107,16 +100,16 @@ public abstract class ConfigBaseServlet extends BaseServlet { } else { update(request, response, context); } - + Template template = null; - + try { context.put("name", "Velocity Test"); template = getTemplate(request, response, context); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } - + return template; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java index d95c85d1..8216593a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java @@ -20,16 +20,14 @@ package com.netscape.cms.servlet.csadmin; import org.mozilla.jss.crypto.X509Certificate; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; - -public class ConfigCertApprovalCallback - implements SSLCertificateApprovalCallback { +public class ConfigCertApprovalCallback implements + SSLCertificateApprovalCallback { public ConfigCertApprovalCallback() { } public boolean approve(X509Certificate cert, - SSLCertificateApprovalCallback.ValidityStatus status) { - return true; + SSLCertificateApprovalCallback.ValidityStatus status) { + return true; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java index 37493b6b..536e953a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCertReqServlet extends BaseServlet { /** @@ -34,15 +32,14 @@ public class ConfigCertReqServlet extends BaseServlet { private static final long serialVersionUID = 4489288758636916446L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity.getTemplate( - "admin/console/config/config_certreq.vm"); + template = Velocity + .getTemplate("admin/console/config/config_certreq.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java index e7d88a35..ddd098bc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigCloneServlet extends BaseServlet { /** @@ -34,15 +32,14 @@ public class ConfigCloneServlet extends BaseServlet { private static final long serialVersionUID = -9065299591659111350L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity.getTemplate( - "admin/console/config/config_clone.vm"); + template = Velocity + .getTemplate("admin/console/config/config_clone.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java index 08ebf08e..05fc8936 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -28,7 +27,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; - public class ConfigDatabaseServlet extends ConfigBaseServlet { /** @@ -47,7 +45,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { try { modified = cs.getString("preop.configDatabase.modified", ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (modified.equals("true")) { return true; @@ -57,8 +56,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String hostname = null; String portStr = null; String basedn = null; @@ -75,7 +73,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else { hostname = HOST; portStr = PORT; @@ -95,8 +94,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore cs = CMS.getConfigStore(); String errorString = ""; String hostname = request.getParameter("host"); @@ -113,7 +111,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { int port = -1; try { - port = Integer.parseInt(portStr); + port = Integer.parseInt(portStr); cs.putInteger("internaldb.ldapconn.port", port); } catch (Exception e) { errorString = "Port is invalid"; @@ -159,7 +157,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); return; } - psStore.putString("internaldb", bindpwd); + psStore.putString("internaldb", bindpwd); } else { errorString = "Bind password is empty string"; } @@ -185,11 +183,11 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet { } public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { try { return Velocity.getTemplate("admin/console/config/config_db.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java index d04fbf2f..c524e667 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileNotFoundException; import java.io.IOException; @@ -46,13 +45,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { private CryptoManager mCryptoManager = null; private String mPwdFilePath = ""; - public ConfigHSMLoginPanel() {} + public ConfigHSMLoginPanel() { + } public void init(ServletConfig config, int panelno) throws ServletException { try { mCryptoManager = CryptoManager.getInstance(); - mPwdFilePath = CMS.getConfigStore().getString( - "passwordFile"); + mPwdFilePath = CMS.getConfigStore().getString("passwordFile"); } catch (Exception e) { CMS.debug("ConfigHSMLoginPanel: " + e.toString()); } @@ -60,11 +59,11 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { setName("ConfigHSMLogin"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { try { mCryptoManager = CryptoManager.getInstance(); - mPwdFilePath = CMS.getConfigStore().getString( - "passwordFile"); + mPwdFilePath = CMS.getConfigStore().getString("passwordFile"); } catch (Exception e) { CMS.debug("ConfigHSMLoginPanel: " + e.toString()); } @@ -89,8 +88,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { } public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ConfigHSMLoginPanel: in display()"); context.put("title", "Security Module Login"); @@ -115,9 +113,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { try { token = mCryptoManager.getTokenByName(tokName); } catch (Exception e) { - CMS.debug( - "ConfigHSMLoginPanel: getTokenByName() failed: " - + e.toString()); + CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); context.put("error", "tokenNotFound:" + tokName); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); return; @@ -132,7 +129,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString()); } CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache"); - String tokPwd = pr.getPassword("hardware-"+tokName); + String tokPwd = pr.getPassword("hardware-" + tokName); boolean loggedIn = false; @@ -157,48 +154,47 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { password = new Password(tokPwd.toCharArray()); try { - if (token.passwordIsInitialized()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():token password is initialized"); - if (!token.isLoggedIn()) { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); - token.login(password); - context.put("status", "justLoggedIn"); - } else { - CMS.debug( - "ConfigHSMLoginPanel:Token has already logged on"); - context.put("status", "alreadyLoggedIn"); - } - } else { - CMS.debug( - "ConfigHSMLoginPanel: loginToken():Token password not initialized"); - context.put("status", "tokenPasswordNotInitialized"); - rv = false; - } - - } catch (IncorrectPasswordException e) { - context.put("status", "incorrectPassword"); - context.put("errorString", e.toString()); - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - rv = false; - } catch (Exception e) { - CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); - context.put("errorString", e.toString()); - rv = false; - } + if (token.passwordIsInitialized()) { + CMS.debug("ConfigHSMLoginPanel: loginToken():token password is initialized"); + if (!token.isLoggedIn()) { + CMS.debug("ConfigHSMLoginPanel: loginToken():Token is not logged in, try it"); + token.login(password); + context.put("status", "justLoggedIn"); + } else { + CMS.debug("ConfigHSMLoginPanel:Token has already logged on"); + context.put("status", "alreadyLoggedIn"); + } + } else { + CMS.debug("ConfigHSMLoginPanel: loginToken():Token password not initialized"); + context.put("status", "tokenPasswordNotInitialized"); + rv = false; + } + + } catch (IncorrectPasswordException e) { + context.put("status", "incorrectPassword"); + context.put("errorString", e.toString()); + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + rv = false; + } catch (Exception e) { + CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString()); + context.put("errorString", e.toString()); + rv = false; + } return rv; } // XXX how do you do this? public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */ - set.add( - "choice", choiceDesc); - + Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* + * no + * default + * parameters + */ + + set.add("choice", choiceDesc); + return set; } @@ -206,13 +202,11 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore cs = CMS.getConfigStore(); String select = ""; @@ -220,10 +214,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { select = cs.getString("preop.subsystem.select", ""); } catch (Exception e) { } - -// if (select.equals("clone")) - // return; - + + // if (select.equals("clone")) + // return; + CMS.debug("ConfigHSMLoginPanel: in update()"); String uTokName = null; @@ -233,7 +227,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { uPasswd = HttpInput.getPassword(request, "__uPasswd"); } catch (Exception e) { } - + if (uPasswd == null) { CMS.debug("ConfigHSMLoginPanel: password not found"); context.put("error", "no password"); @@ -248,47 +242,41 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { try { token = mCryptoManager.getTokenByName(uTokName); } catch (Exception e) { - CMS.debug( - "ConfigHSMLoginPanel: getTokenByName() failed: " - + e.toString()); + CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: " + + e.toString()); context.put("error", "tokenNotFound:" + uTokName); } try { if (loginToken(token, uPasswd, context) == false) { - CMS.debug( - "ConfigHSMLoginPanel:loginToken failed for " - + uTokName); + CMS.debug("ConfigHSMLoginPanel:loginToken failed for " + + uTokName); context.put("error", "tokenLoginFailed"); context.put("updateStatus", "login failed"); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); return; } - CMS.debug( - "ConfigHSMLoginPanel: update(): just logged in successfully"); + CMS.debug("ConfigHSMLoginPanel: update(): just logged in successfully"); PlainPasswordWriter pw = new PlainPasswordWriter(); pw.init(mPwdFilePath); - pw.putPassword("hardware-"+uTokName, uPasswd); + pw.putPassword("hardware-" + uTokName, uPasswd); pw.commit(); } catch (FileNotFoundException e) { - CMS.debug( - "ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString() + " writing to "+ mPwdFilePath); - CMS.debug( - "ConfigHSMLoginPanel: update(): password not written to cache"); + CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString() + " writing to " + mPwdFilePath); + CMS.debug("ConfigHSMLoginPanel: update(): password not written to cache"); System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } catch (Exception e) { - CMS.debug( - "ConfigHSMLoginPanel: update(): Exception caught: " - + e.toString()); + CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); context.put("error", "Exception:" + e.toString()); } - + } // found password context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); @@ -302,10 +290,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Security Module Login"); context.put("panel", "admin/console/config/config_hsmloginpanel.vm"); } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java index bfc6e278..814569ed 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -39,7 +38,6 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.Module; - public class ConfigHSMServlet extends ConfigBaseServlet { /** * @@ -68,9 +66,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet { mCurrModTable.put(mod.getName(), mod); } // while } catch (Exception e) { - CMS.debug( - "ConfigHSMServlet: Exception caught in loadCurrModTable: " - + e.toString()); + CMS.debug("ConfigHSMServlet: Exception caught in loadCurrModTable: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } @@ -119,21 +116,19 @@ public class ConfigHSMServlet extends ConfigBaseServlet { try { CryptoToken token = (CryptoToken) tokens.nextElement(); - CMS.debug("ConfigHSMServlet: token nick name=" + token.getName()); - CMS.debug( - "ConfigHSMServlet: token logged in?" - + token.isLoggedIn()); - CMS.debug( - "ConfigHSMServlet: token is present?" - + token.isPresent()); + CMS.debug("ConfigHSMServlet: token nick name=" + + token.getName()); + CMS.debug("ConfigHSMServlet: token logged in?" + + token.isLoggedIn()); + CMS.debug("ConfigHSMServlet: token is present?" + + token.isPresent()); if (!token.getName().equals("Internal Crypto Services Token")) { module.addToken(token); } else { - CMS.debug( - "ConfigHSMServlet: token " + token.getName() + CMS.debug("ConfigHSMServlet: token " + token.getName() + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ConfigHSMServlet:" + ex.toString()); } @@ -165,11 +160,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ConfigHSMServlet: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ConfigHSMServlet: module found: " + cn); module.setFound(true); @@ -178,7 +173,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { loadModTokens(module, m); } - + CMS.debug("ConfigHSMServlet: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -187,16 +182,14 @@ public class ConfigHSMServlet extends ConfigBaseServlet { }// for } catch (Exception e) { - CMS.debug( - "ConfigHSMServlet: Exception caught in loadSupportedModules(): " - + e.toString()); + CMS.debug("ConfigHSMServlet: Exception caught in loadSupportedModules(): " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String choice = request.getParameter("choice"); if (choice == null) { @@ -223,8 +216,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ConfigHSMServlet: in display()"); loadCurrModTable(); @@ -252,8 +244,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore cs = CMS.getConfigStore(); @@ -286,12 +277,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet { } public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { try { return Velocity.getTemplate("admin/console/config/config_hsm.vm"); - } catch (Exception e) {} + } catch (Exception e) { + } return null; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java index 3b3b8a64..6bf74af6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class ConfigImportCertServlet extends BaseServlet { /** @@ -34,15 +32,14 @@ public class ConfigImportCertServlet extends BaseServlet { private static final long serialVersionUID = 1907102921734394118L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { context.put("name", "Velocity Test"); - template = Velocity.getTemplate( - "admin/console/config/config_importcert.vm"); + template = Velocity + .getTemplate("admin/console/config/config_importcert.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java index 01917303..4415fdbd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -30,7 +29,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.cmsutil.crypto.CryptoUtil; - public class ConfigJoinServlet extends ConfigBaseServlet { /** @@ -39,8 +37,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { private static final long serialVersionUID = -5848083581083497909L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String cert = request.getParameter("cert"); if (cert == null) { @@ -52,12 +49,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String cert = null; try { cert = config.getString("preop.join.cert", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (cert == null || cert.equals("")) { return false; } else { @@ -69,15 +67,14 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Displays panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); try { - String pubKeyModulus = config.getString( - "preop.keysize.pubKeyModulus"); - String pubKeyPublicExponent = config.getString( - "preop.keysize.pubKeyPublicExponent"); + String pubKeyModulus = config + .getString("preop.keysize.pubKeyModulus"); + String pubKeyPublicExponent = config + .getString("preop.keysize.pubKeyPublicExponent"); String dn = config.getString("preop.name.dn"); String priKeyID = config.getString("preop.keysize.priKeyID"); String pkcs10 = CryptoUtil.getPKCS10FromKey(dn, @@ -85,7 +82,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { CryptoUtil.string2byte(pubKeyPublicExponent), CryptoUtil.string2byte(priKeyID)); context.put("certreq", pkcs10); - } catch (Exception e) {} + } catch (Exception e) { + } String select = "auto"; boolean select_manual = true; @@ -94,8 +92,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet { try { select = config.getString("preop.join.select", null); } catch (EBaseException e) { - CMS.debug( "ConfigJoinServlet::display() - " - + "Exception="+e.toString() ); + CMS.debug("ConfigJoinServlet::display() - " + "Exception=" + + e.toString()); return; } if (select.equals("auto")) { @@ -109,12 +107,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet { String cert = config.getString("preop.join.cert", ""); context.put("cert", cert); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } else { context.put("cert", ""); } - if (select_manual) { + if (select_manual) { context.put("check_manual", "checked"); context.put("check_auto", ""); } else { @@ -128,8 +127,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet { * Updates panel. */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("JoinServlet: update"); IConfigStore config = CMS.getConfigStore(); String select = request.getParameter("choice"); @@ -155,22 +153,21 @@ public class ConfigJoinServlet extends ConfigBaseServlet { config.putString("preop.join.pwd", pwd); /* XXX - submit request to the CA, and import it automatically */ - config.putString( - "preop.join.cert", ""); /* store the chain */ + config.putString("preop.join.cert", ""); /* store the chain */ } config.putString("preop.join.select", select); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } } - + public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { - template = Velocity.getTemplate( - "admin/console/config/config_join.vm"); + template = Velocity + .getTemplate("admin/console/config/config_join.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java index 895c75ac..9926895b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -32,7 +31,6 @@ import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.CertInfoProfile; - public class ConfigRootCAServlet extends ConfigBaseServlet { /** @@ -41,8 +39,7 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { private static final long serialVersionUID = 1128630821163059659L; public boolean isDisplayMode(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String profile = request.getParameter("profile"); if (profile == null) { @@ -54,12 +51,13 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { public boolean isPanelModified() { IConfigStore config = CMS.getConfigStore(); - + String profile = null; try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } if (profile == null || profile.equals("")) { return false; } else { @@ -73,29 +71,31 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { try { instancePath = config.getString("instanceRoot"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String p[] = { "caCert.profile" }; Vector profiles = new Vector(); for (int i = 0; i < p.length; i++) { try { - profiles.addElement( - new CertInfoProfile(instancePath + "/conf/" + p[i])); - } catch (Exception e) {} + profiles.addElement(new CertInfoProfile(instancePath + "/conf/" + + p[i])); + } catch (Exception e) { + } } return profiles; } public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); String profile = null; if (isPanelModified()) { try { profile = config.getString("preop.hierarchy.profile", null); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } if (profile == null) { profile = "caCert.profile"; @@ -108,15 +108,15 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { } public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String profile = request.getParameter("profile"); IConfigStore config = CMS.getConfigStore(); config.putString("preop.hierarchy.profile", profile); try { - config.commit(false); - } catch (Exception e) {} + config.commit(false); + } catch (Exception e) { + } context.put("status", "update"); context.put("error", ""); Vector profiles = getProfiles(); @@ -124,15 +124,14 @@ public class ConfigRootCAServlet extends ConfigBaseServlet { context.put("profiles", profiles); context.put("selected_profile_id", profile); } - + public Template getTemplate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { - template = Velocity.getTemplate( - "admin/console/config/config_rootca.vm"); + template = Velocity + .getTemplate("admin/console/config/config_rootca.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java index daf14c9e..febe8f9a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URL; import java.util.StringTokenizer; @@ -39,19 +38,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class CreateSubsystemPanel extends WizardPanelBase { - public CreateSubsystemPanel() {} + public CreateSubsystemPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Subsystem Selection"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Subsystem Type"); setId(id); @@ -72,15 +71,16 @@ public class CreateSubsystemPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -88,8 +88,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Subsystem Type"); IConfigStore config = CMS.getConfigStore(); String session_id = request.getParameter("session_id"); @@ -112,8 +111,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", ""); context.put("check_clonesubsystem", "checked"); } - context.put("subsystemName", - config.getString("preop.subsystem.name")); + context.put("subsystemName", + config.getString("preop.subsystem.name")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -121,8 +120,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("check_newsubsystem", "checked"); context.put("check_clonesubsystem", ""); try { - context.put("subsystemName", - config.getString("preop.system.fullname")); + context.put("subsystemName", + config.getString("preop.system.fullname")); } catch (Exception e) { CMS.debug(e.toString()); } @@ -135,7 +134,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { context.put("cstype", cstype); context.put("wizardname", config.getString("preop.wizard.name")); context.put("systemname", config.getString("preop.system.name")); - context.put("fullsystemname", config.getString("preop.system.fullname")); + context.put("fullsystemname", + config.getString("preop.system.fullname")); context.put("machineName", config.getString("machineName")); context.put("http_port", CMS.getEENonSSLPort()); context.put("https_agent_port", CMS.getAgentPort()); @@ -144,7 +144,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } catch (EBaseException e) { } - Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" ); + Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort"); StringBuffer list = new StringBuffer(); int size = v.size(); @@ -164,7 +164,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { errorString = "Internal error, cs.type is missing from CS.cfg"; } - if (list.length()==0) + if (list.length() == 0) context.put("disableClone", "true"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); @@ -176,16 +176,14 @@ public class CreateSubsystemPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String errorString = ""; IConfigStore config = CMS.getConfigStore(); String select = HttpInput.getID(request, "choice"); @@ -196,8 +194,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { throw new IOException("choice not found"); } - config.putString("preop.subsystem.name", - HttpInput.getName(request, "subsystemName")); + config.putString("preop.subsystem.name", + HttpInput.getName(request, "subsystemName")); if (select.equals("newsubsystem")) { config.putString("preop.subsystem.select", "new"); config.putString("subsystem.select", "New"); @@ -209,7 +207,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { } cstype = toLowerCaseSubsystemType(cstype); - + config.putString("preop.subsystem.select", "clone"); config.putString("subsystem.select", "Clone"); @@ -223,9 +221,9 @@ public class CreateSubsystemPanel extends WizardPanelBase { while (t.hasMoreTokens()) { String tag = t.nextToken(); if (tag.equals("sslserver")) - config.putBoolean(PCERT_PREFIX+tag+".enable", true); - else - config.putBoolean(PCERT_PREFIX+tag+".enable", false); + config.putBoolean(PCERT_PREFIX + tag + ".enable", true); + else + config.putBoolean(PCERT_PREFIX + tag + ".enable", false); } // get the master CA @@ -254,10 +252,8 @@ public class CreateSubsystemPanel extends WizardPanelBase { String host = u.getHost(); int https_ee_port = u.getPort(); - String https_admin_port = getSecurityDomainAdminPort( config, - host, - String.valueOf(https_ee_port), - cstype ); + String https_admin_port = getSecurityDomainAdminPort(config, host, + String.valueOf(https_ee_port), cstype); config.putString("preop.master.hostname", host); config.putInteger("preop.master.httpsport", https_ee_port); @@ -265,12 +261,12 @@ public class CreateSubsystemPanel extends WizardPanelBase { ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); if (cstype.equals("ca")) { - updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port, - true, context, certApprovalCallback ); + updateCertChainUsingSecureEEPort(config, "clone", host, + https_ee_port, true, context, certApprovalCallback); } - getTokenInfo(config, cstype, host, https_ee_port, true, context, - certApprovalCallback); + getTokenInfo(config, cstype, host, https_ee_port, true, context, + certApprovalCallback); } else { CMS.debug("CreateSubsystemPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -291,8 +287,7 @@ public class CreateSubsystemPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Subsystem Type"); context.put("panel", "admin/console/config/createsubsystempanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java index 17a4bae6..feb6ad28 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; @@ -64,7 +63,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil; public class DatabasePanel extends WizardPanelBase { private static final String HOST = "localhost"; - private static final String CLONE_HOST="Enter FQDN here"; + private static final String CLONE_HOST = "Enter FQDN here"; private static final String PORT = "389"; private static final String BASEDN = "o=netscapeCertificateServer"; private static final String BINDDN = "cn=Directory Manager"; @@ -74,19 +73,19 @@ public class DatabasePanel extends WizardPanelBase { private WizardServlet mServlet = null; - public DatabasePanel() {} + public DatabasePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Internal Database"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Internal Database"); setId(id); @@ -101,15 +100,15 @@ public class DatabasePanel extends WizardPanelBase { public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.Database.done", - false); + boolean s = cs.getBoolean("preop.Database.done", false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -120,7 +119,7 @@ public class DatabasePanel extends WizardPanelBase { "Host name"); set.add("hostname", hostDesc); - + Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null, "Port"); @@ -130,19 +129,19 @@ public class DatabasePanel extends WizardPanelBase { "Base DN"); set.add("basedn", basednDesc); - + Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null, "Bind DN"); set.add("binddn", binddnDesc); - Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null, - "Bind Password"); + Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, + null, "Bind Password"); set.add("bindpwd", bindpwdDesc); - Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, null, - "Database"); + Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, + null, "Database"); set.add("database", databaseDesc); @@ -153,8 +152,7 @@ public class DatabasePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("DatabasePanel: display()"); context.put("title", "Internal Database"); context.put("firsttime", "false"); @@ -187,8 +185,9 @@ public class DatabasePanel extends WizardPanelBase { basedn = cs.getString("internaldb.basedn", ""); binddn = cs.getString("internaldb.ldapauth.bindDN", ""); database = cs.getString("internaldb.database", ""); - secure = cs.getString("internaldb.ldapconn.secureConn", ""); - cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", ""); + secure = cs.getString("internaldb.ldapconn.secureConn", ""); + cloneStartTLS = cs.getString( + "internaldb.ldapconn.cloneStartTLS", ""); errorString = cs.getString("preop.database.errorString", ""); } catch (Exception e) { CMS.debug("DatabasePanel display: " + e.toString()); @@ -199,12 +198,12 @@ public class DatabasePanel extends WizardPanelBase { try { basedn = cs.getString("internaldb.basedn", ""); } catch (Exception e) { - CMS.debug( "DatabasePanel::display() - " - + "Exception="+e.toString() ); + CMS.debug("DatabasePanel::display() - " + "Exception=" + + e.toString()); return; } binddn = BINDDN; - database = basedn.substring(basedn.lastIndexOf('=')+1); + database = basedn.substring(basedn.lastIndexOf('=') + 1); CMS.debug("Clone: database=" + database); } else { hostname = HOST; @@ -223,11 +222,10 @@ public class DatabasePanel extends WizardPanelBase { boolean multipleEnable = false; try { multipleEnable = cs.getBoolean( - "internaldb.multipleSuffix.enable", false); + "internaldb.multipleSuffix.enable", false); } catch (Exception e) { } - - + if (multipleEnable) basedn = "ou=" + instanceId + "," + suffix; else @@ -243,15 +241,15 @@ public class DatabasePanel extends WizardPanelBase { context.put("binddn", binddn); context.put("bindpwd", bindpwd); context.put("database", database); - context.put("secureConn", (secure.equals("true")? "on":"off")); - context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off")); + context.put("secureConn", (secure.equals("true") ? "on" : "off")); + context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" + : "off")); context.put("panel", "admin/console/config/databasepanel.vm"); context.put("errorString", errorString); } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String select = ""; try { @@ -271,8 +269,7 @@ public class DatabasePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); context.put("firsttime", "false"); @@ -317,13 +314,15 @@ public class DatabasePanel extends WizardPanelBase { String masterport = ""; String masterbasedn = ""; try { - masterhost = cs.getString("preop.internaldb.master.hostname", ""); + masterhost = cs.getString("preop.internaldb.master.hostname", + ""); masterport = cs.getString("preop.internaldb.master.port", ""); - masterbasedn = cs.getString("preop.internaldb.master.basedn", ""); + masterbasedn = cs.getString("preop.internaldb.master.basedn", + ""); } catch (Exception e) { } - //get the real host name + // get the real host name String realhostname = ""; if (hostname.equals("localhost")) { try { @@ -333,12 +332,14 @@ public class DatabasePanel extends WizardPanelBase { } if (masterhost.equals(realhostname) && masterport.equals(portStr)) { context.put("updateStatus", "validate-failure"); - throw new IOException("Master and clone must not share the same internal database"); + throw new IOException( + "Master and clone must not share the same internal database"); } if (!masterbasedn.equals(basedn)) { context.put("updateStatus", "validate-failure"); - throw new IOException("Master and clone should have the same base DN"); + throw new IOException( + "Master and clone should have the same base DN"); } } @@ -365,13 +366,15 @@ public class DatabasePanel extends WizardPanelBase { } if (basedn == null || basedn.length() == 0) { - cs.putString("preop.database.errorString", "Base DN is empty string"); + cs.putString("preop.database.errorString", + "Base DN is empty string"); context.put("updateStatus", "validate-failure"); throw new IOException("Base DN is empty string"); } if (binddn == null || binddn.length() == 0) { - cs.putString("preop.database.errorString", "Bind DN is empty string"); + cs.putString("preop.database.errorString", + "Bind DN is empty string"); context.put("updateStatus", "validate-failure"); throw new IOException("Bind DN is empty string"); } @@ -395,8 +398,7 @@ public class DatabasePanel extends WizardPanelBase { } private LDAPConnection getLocalLDAPConn(Context context, String secure) - throws IOException - { + throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -409,7 +411,7 @@ public class DatabasePanel extends WizardPanelBase { host = cs.getString("internaldb.ldapconn.host"); port = cs.getString("internaldb.ldapconn.port"); binddn = cs.getString("internaldb.ldapauth.bindDN"); - pwd = (String) context.get("bindpwd"); + pwd = (String) context.get("bindpwd"); security = cs.getString("internaldb.ldapconn.secureConn"); } catch (Exception e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); @@ -428,12 +430,12 @@ public class DatabasePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); - } + CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } CMS.debug("DatabasePanel connecting to " + host + ":" + p); try { @@ -443,81 +445,80 @@ public class DatabasePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - private boolean deleteDir(File dir) - { + private boolean deleteDir(File dir) { if (dir.isDirectory()) { String[] children = dir.list(); - for (int i=0; i<children.length; i++) { + for (int i = 0; i < children.length; i++) { boolean success = deleteDir(new File(dir, children[i])); if (!success) { return false; } } } - + // The directory is now empty so delete it return dir.delete(); - } + } - private void cleanupDB(LDAPConnection conn, String baseDN, String database) - { + private void cleanupDB(LDAPConnection conn, String baseDN, String database) { String[] entries = {}; String filter = "objectclass=*"; LDAPSearchConstraints cons = null; String[] attrs = null; - String dn=""; + String dn = ""; try { CMS.debug("Deleting baseDN: " + baseDN); - LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res != null) - deleteEntries(res, conn, baseDN, entries); + LDAPSearchResults res = conn.search(baseDN, + LDAPConnection.SCOPE_BASE, filter, attrs, true, cons); + if (res != null) + deleteEntries(res, conn, baseDN, entries); + } catch (LDAPException e) { } - catch (LDAPException e) {} - + try { - dn="cn=mapping tree, cn=config"; - filter = "nsslapd-backend=" + database; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); - if (res != null) { - while (res.hasMoreElements()) { - dn = res.next().getDN(); - filter = "objectclass=*"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); - if (res2 != null) - deleteEntries(res2, conn, dn, entries); - } - } - } - catch (LDAPException e) {} + dn = "cn=mapping tree, cn=config"; + filter = "nsslapd-backend=" + database; + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, + filter, attrs, true, cons); + if (res != null) { + while (res.hasMoreElements()) { + dn = res.next().getDN(); + filter = "objectclass=*"; + LDAPSearchResults res2 = conn.search(dn, + LDAPConnection.SCOPE_BASE, filter, attrs, true, + cons); + if (res2 != null) + deleteEntries(res2, conn, dn, entries); + } + } + } catch (LDAPException e) { + } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true, cons); + LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, + filter, attrs, true, cons); if (res != null) { deleteEntries(res, conn, dn, entries); - String dbdir = getInstanceDir(conn) + "/db/" + database; - if (dbdir != null) { - CMS.debug(" Deleting dbdir " + dbdir); + String dbdir = getInstanceDir(conn) + "/db/" + database; + if (dbdir != null) { + CMS.debug(" Deleting dbdir " + dbdir); boolean success = deleteDir(new File(dbdir)); if (!success) { - CMS.debug("Unable to delete database directory " + dbdir); + CMS.debug("Unable to delete database directory " + + dbdir); } } } + } catch (LDAPException e) { } - catch (LDAPException e) {} } - - private void populateDB(HttpServletRequest request, Context context, String secure) - throws IOException { + private void populateDB(HttpServletRequest request, Context context, + String secure) throws IOException { IConfigStore cs = CMS.getConfigStore(); String baseDN = ""; @@ -542,50 +543,53 @@ public class DatabasePanel extends WizardPanelBase { boolean foundDatabase = false; try { LDAPEntry entry = conn.read(baseDN); - if (entry != null) foundBaseDN = true; + if (entry != null) + foundBaseDN = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } try { dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config"; LDAPEntry entry = conn.read(dn); - if (entry != null) foundDatabase = true; + if (entry != null) + foundDatabase = true; } catch (LDAPException e) { - switch( e.getLDAPResultCode() ) { - case LDAPException.NO_SUCH_OBJECT: - break; - default: - CMS.debug("DatabasePanel update: LDAPException " + e.toString()); - throw new IOException("Failed to create the database"); + switch (e.getLDAPResultCode()) { + case LDAPException.NO_SUCH_OBJECT: + break; + default: + CMS.debug("DatabasePanel update: LDAPException " + e.toString()); + throw new IOException("Failed to create the database"); } } if (foundDatabase) { CMS.debug("DatabasePanel update: This database has already been used."); if (remove == null) { - throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database"); - } - else { + throw new IOException( + "This database has already been used. Select the checkbox below to remove all data and reuse this database"); + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -596,9 +600,11 @@ public class DatabasePanel extends WizardPanelBase { if (foundBaseDN) { CMS.debug("DatabasePanel update: This base DN has already been used."); if (remove == null) { - throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN"); - } - else { + throw new IOException( + "This base DN (" + + baseDN + + ") has already been used. Select the checkbox below to remove all data and reuse this base DN"); + } else { CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN"); cleanupDB(conn, baseDN, database); foundBaseDN = false; @@ -609,7 +615,7 @@ public class DatabasePanel extends WizardPanelBase { // create database try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "extensibleObject", "nsBackendInstance"}; + String oc[] = { "top", "extensibleObject", "nsBackendInstance" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("cn", database)); attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN)); @@ -623,7 +629,7 @@ public class DatabasePanel extends WizardPanelBase { try { LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc2[] = { "top", "extensibleObject", "nsMappingTree"}; + String oc2[] = { "top", "extensibleObject", "nsMappingTree" }; attrs.add(new LDAPAttribute("objectClass", oc2)); attrs.add(new LDAPAttribute("cn", baseDN)); attrs.add(new LDAPAttribute("nsslapd-backend", database)); @@ -632,7 +638,8 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (Exception e) { - CMS.debug("Warning: database mapping tree creation error - " + e.toString()); + CMS.debug("Warning: database mapping tree creation error - " + + e.toString()); throw new IOException("Failed to create the database."); } @@ -644,19 +651,19 @@ public class DatabasePanel extends WizardPanelBase { String n = st.nextToken(); String v = st.nextToken(); LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc3[] = { "top", "domain"}; + String oc3[] = { "top", "domain" }; if (n.equals("o")) { - oc3[1] = "organization"; + oc3[1] = "organization"; } else if (n.equals("ou")) { - oc3[1] = "organizationalUnit"; - } + oc3[1] = "organizationalUnit"; + } attrs.add(new LDAPAttribute("objectClass", oc3)); attrs.add(new LDAPAttribute(n, v)); LDAPEntry entry = new LDAPEntry(baseDN, attrs); conn.add(entry); } catch (Exception e) { CMS.debug("Warning: suffix creation error - " + e.toString()); - throw new IOException("Failed to create the base DN: "+baseDN); + throw new IOException("Failed to create the base DN: " + baseDN); } // check to see if the base dn exists @@ -666,19 +673,23 @@ public class DatabasePanel extends WizardPanelBase { LDAPEntry entry = conn.read(baseDN); if (entry != null) { - foundBaseDN = true; + foundBaseDN = true; } - } catch (LDAPException e) {} + } catch (LDAPException e) { + } boolean createBaseDN = true; boolean testing = false; try { testing = cs.getBoolean("internaldb.multipleSuffix.enable", false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!foundBaseDN) { if (!testing) { - context.put("errorString", "Base DN was not found. Please make sure to create the suffix in the internal database."); + context.put( + "errorString", + "Base DN was not found. Please make sure to create the suffix in the internal database."); throw new IOException("Base DN not found"); } @@ -697,7 +708,7 @@ public class DatabasePanel extends WizardPanelBase { // support only one level creation - create new entry // right under the suffix LDAPAttributeSet attrs = new LDAPAttributeSet(); - String oc[] = { "top", "organizationalUnit"}; + String oc[] = { "top", "organizationalUnit" }; attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("ou", dns2[0])); @@ -705,7 +716,7 @@ public class DatabasePanel extends WizardPanelBase { try { conn.add(entry); - foundBaseDN = true; + foundBaseDN = true; CMS.debug("DatabasePanel added " + baseDN); } catch (LDAPException e) { throw new IOException("Failed to create " + baseDN); @@ -723,39 +734,41 @@ public class DatabasePanel extends WizardPanelBase { } if (select.equals("clone")) { - // if this is clone, add index before replication - // don't put in the schema or bad things will happen - - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + // if this is clone, add index before replication + // don't put in the schema or bad things will happen + + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } else { - // data will be replicated from the master to the clone - // so clone does not need the data - // + // data will be replicated from the master to the clone + // so clone does not need the data + // - importLDIFS("preop.internaldb.schema.ldif", conn); - importLDIFS("preop.internaldb.ldif", conn); - importLDIFS("preop.internaldb.data_ldif", conn); - importLDIFS("preop.internaldb.index_ldif", conn); + importLDIFS("preop.internaldb.schema.ldif", conn); + importLDIFS("preop.internaldb.ldif", conn); + importLDIFS("preop.internaldb.data_ldif", conn); + importLDIFS("preop.internaldb.index_ldif", conn); } try { conn.disconnect(); - } catch (LDAPException e) {} + } catch (LDAPException e) { + } } - private void importLDIFS(String param, LDAPConnection conn) throws IOException { + private void importLDIFS(String param, LDAPConnection conn) + throws IOException { IConfigStore cs = CMS.getConfigStore(); String v = null; CMS.debug("DatabasePanel populateDB param=" + param); try { v = cs.getString(param); - } catch (EBaseException e) { + } catch (EBaseException e) { CMS.debug("DatabasePanel populateDB: " + e.toString()); throw new IOException("Cant find ldif files."); } - + StringTokenizer tokenizer = new StringTokenizer(v, ","); String baseDN = null; String database = null; @@ -770,9 +783,8 @@ public class DatabasePanel extends WizardPanelBase { database = cs.getString("internaldb.database"); CMS.debug("DatabasePanel update: database=" + database); } catch (EBaseException e) { - CMS.debug( - "DatabasePanel update: Failed to get database name. Exception: " - + e.toString()); + CMS.debug("DatabasePanel update: Failed to get database name. Exception: " + + e.toString()); database = "userRoot"; } @@ -787,13 +799,12 @@ public class DatabasePanel extends WizardPanelBase { String instanceId = null; try { - instanceId = cs.getString("instanceId"); + instanceId = cs.getString("instanceId"); } catch (EBaseException e) { throw new IOException("instanceId is missing"); } - - String configDir = instancePath + File.separator + "conf"; + String configDir = instancePath + File.separator + "conf"; while (tokenizer.hasMoreTokens()) { String token = tokenizer.nextToken().trim(); @@ -807,7 +818,8 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel importLDIFS: ldif file = " + token); String filename = configDir + File.separator + name; - CMS.debug("DatabasePanel importLDIFS: ldif file copy to " + filename); + CMS.debug("DatabasePanel importLDIFS: ldif file copy to " + + filename); PrintStream ps = null; BufferedReader in = null; @@ -846,14 +858,14 @@ public class DatabasePanel extends WizardPanelBase { if (!endOfline) { ps.println(s); } - } + } } in.close(); ps.close(); - } catch (Exception e) { + } catch (Exception e) { CMS.debug("DBSubsystem popuateDB: " + e.toString()); - throw new IOException( - "Problem of copying ldif file: " + filename); + throw new IOException("Problem of copying ldif file: " + + filename); } LDAPUtil.importLDIF(conn, filename); @@ -864,10 +876,9 @@ public class DatabasePanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - boolean hasErr = false; + boolean hasErr = false; boolean firsttime = false; context.put("firsttime", "false"); @@ -903,17 +914,20 @@ public class DatabasePanel extends WizardPanelBase { cs.putString("internaldb.ldapauth.bindDN", binddn); cs.putString("internaldb.database", database2); String secure = HttpInput.getCheckbox(request, "secureConn"); - cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.secureConn", + (secure.equals("on") ? "true" : "false")); String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS"); - cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false")); + cs.putString("internaldb.ldapconn.cloneStartTLS", + (cloneStartTLS.equals("on") ? "true" : "false")); String remove = HttpInput.getID(request, "removeData"); if (isPanelDone() && (remove == null || remove.equals(""))) { - /* if user submits the same data, they just want to skip - to the next panel, no database population is required. */ - if (hostname1.equals(hostname2) && - portStr1.equals(portStr2) && - database1.equals(database2)) { + /* + * if user submits the same data, they just want to skip to the next + * panel, no database population is required. + */ + if (hostname1.equals(hostname2) && portStr1.equals(portStr2) + && database1.equals(database2)) { context.put("updateStatus", "success"); return; } @@ -921,15 +935,17 @@ public class DatabasePanel extends WizardPanelBase { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - try { - populateDB(request, context, (secure.equals("on")?"true":"false")); + populateDB(request, context, (secure.equals("on") ? "true" + : "false")); } catch (IOException e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (Exception e) { - CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString()); + CMS.debug("DatabasePanel update: populateDB Exception: " + + e.toString()); context.put("errorString", e.toString()); cs.putString("preop.database.errorString", e.toString()); context.put("updateStatus", "failure"); @@ -950,11 +966,11 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { CMS.debug("ConfigDatabaseServlet update: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException( e.toString() ); + throw new IOException(e.toString()); } psStore.putString("internaldb", bindpwd); psStore.putString("replicationdb", replicationpwd); - cs.putString("preop.internaldb.replicationpwd" , replicationpwd); + cs.putString("preop.internaldb.replicationpwd", replicationpwd); cs.putString("preop.database.removeData", "false"); try { @@ -983,57 +999,65 @@ public class DatabasePanel extends WizardPanelBase { // always populate the index the last try { - CMS.debug("Populating local indexes"); - LDAPConnection conn = getLocalLDAPConn(context, - (secure.equals("on")?"true":"false")); - importLDIFS("preop.internaldb.post_ldif", conn); - - /* For vlvtask, we need to check if the task has - been completed or not. Presence of nsTaskExitCode means task is complete - */ - String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); - if (!wait_dn.equals("")) { - int i = 0; - LDAPEntry task = null; - boolean taskComplete = false; - CMS.debug("Checking wait_dn " + wait_dn); - do { - Thread.sleep(1000); - try { - task = conn.read(wait_dn, (String[])null); - if (task != null) { - LDAPAttribute attr = task.getAttribute("nsTaskExitCode"); - if (attr != null) { - taskComplete = true; - String val = (String) attr.getStringValues().nextElement(); - if (val.compareTo("0") != 0) { - CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val); - } - } + CMS.debug("Populating local indexes"); + LDAPConnection conn = getLocalLDAPConn(context, + (secure.equals("on") ? "true" : "false")); + importLDIFS("preop.internaldb.post_ldif", conn); + + /* + * For vlvtask, we need to check if the task has been completed or + * not. Presence of nsTaskExitCode means task is complete + */ + String wait_dn = cs.getString("preop.internaldb.wait_dn", ""); + if (!wait_dn.equals("")) { + int i = 0; + LDAPEntry task = null; + boolean taskComplete = false; + CMS.debug("Checking wait_dn " + wait_dn); + do { + Thread.sleep(1000); + try { + task = conn.read(wait_dn, (String[]) null); + if (task != null) { + LDAPAttribute attr = task + .getAttribute("nsTaskExitCode"); + if (attr != null) { + taskComplete = true; + String val = (String) attr.getStringValues() + .nextElement(); + if (val.compareTo("0") != 0) { + CMS.debug("Error in populating local indexes: nsTaskExitCode=" + + val); + } + } + } + } catch (LDAPException le) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + + le.toString() + ")"); + } catch (Exception e) { + CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + + e.toString() + ")."); + } + } while ((!taskComplete) && (i < 20)); + if (i < 20) { + CMS.debug("Done checking wait_dn " + wait_dn); + } else { + CMS.debug("Done checking wait_dn " + wait_dn + + " due to timeout."); } - } catch (LDAPException le) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")"); - } catch (Exception e) { - CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ")."); - } - } while ((!taskComplete) && (i < 20)); - if (i < 20) { - CMS.debug("Done checking wait_dn " + wait_dn); - } else { - CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout."); } - } - conn.disconnect(); - CMS.debug("Done populating local indexes"); + conn.disconnect(); + CMS.debug("Done populating local indexes"); } catch (Exception e) { - CMS.debug("Populating index failure - " + e); + CMS.debug("Populating index failure - " + e); } // setup replication after indexes have been created if (select.equals("clone")) { CMS.debug("Start setting up replication."); - setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false")); + setupReplication(request, context, (secure.equals("on") ? "true" + : "false"), (cloneStartTLS.equals("on") ? "true" : "false")); CMS.debug("Finish setting up replication."); try { @@ -1048,25 +1072,23 @@ public class DatabasePanel extends WizardPanelBase { } } - if (hasErr == false) { - cs.putBoolean("preop.Database.done", true); - try { - cs.commit(false); - } catch (EBaseException e) { - CMS.debug( - "DatabasePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + cs.putBoolean("preop.Database.done", true); + try { + cs.commit(false); + } catch (EBaseException e) { + CMS.debug("DatabasePanel: update() Exception caught at config commit: " + + e.toString()); + } + } context.put("updateStatus", "success"); } - private void setupReplication(HttpServletRequest request, - Context context, String secure, String cloneStartTLS) throws IOException { + private void setupReplication(HttpServletRequest request, Context context, + String secure, String cloneStartTLS) throws IOException { String bindpwd = HttpInput.getPassword(request, "__bindpwd"); IConfigStore cs = CMS.getConfigStore(); - + String cstype = ""; String machinename = ""; String instanceId = ""; @@ -1078,13 +1100,14 @@ public class DatabasePanel extends WizardPanelBase { } catch (Exception e) { } - - //setup replication agreement - String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId; + // setup replication agreement + String masterAgreementName = "masterAgreement1-" + machinename + "-" + + instanceId; cs.putString("internaldb.replication.master", masterAgreementName); - String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId; + String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + + instanceId; cs.putString("internaldb.replication.consumer", cloneAgreementName); - + try { cs.commit(false); } catch (Exception e) { @@ -1097,11 +1120,14 @@ public class DatabasePanel extends WizardPanelBase { String master1_replicationpwd = ""; try { - master1_hostname = cs.getString("preop.internaldb.master.hostname", ""); + master1_hostname = cs.getString("preop.internaldb.master.hostname", + ""); master1_port = cs.getInteger("preop.internaldb.master.port", -1); master1_binddn = cs.getString("preop.internaldb.master.binddn", ""); - master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", ""); - master1_replicationpwd = cs.getString("preop.internaldb.master.replicationpwd", ""); + master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", + ""); + master1_replicationpwd = cs.getString( + "preop.internaldb.master.replicationpwd", ""); } catch (Exception e) { } @@ -1116,21 +1142,22 @@ public class DatabasePanel extends WizardPanelBase { master2_port = cs.getInteger("internaldb.ldapconn.port", -1); master2_binddn = cs.getString("internaldb.ldapauth.bindDN", ""); master2_bindpwd = bindpwd; - master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", ""); + master2_replicationpwd = cs.getString( + "preop.internaldb.replicationpwd", ""); } catch (Exception e) { } - + LDAPConnection conn1 = null; LDAPConnection conn2 = null; if (secure.equals("true")) { - CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); - conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); - } else { - CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); - conn1 = new LDAPConnection(); - conn2 = new LDAPConnection(); - } + CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap"); + conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + } else { + CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap"); + conn1 = new LDAPConnection(); + conn2 = new LDAPConnection(); + } String basedn = ""; try { @@ -1140,19 +1167,23 @@ public class DatabasePanel extends WizardPanelBase { try { conn1.connect(master1_hostname, master1_port, master1_binddn, - master1_bindpwd); + master1_bindpwd); conn2.connect(master2_hostname, master2_port, master2_binddn, - master2_bindpwd); + master2_bindpwd); String suffix = cs.getString("internaldb.basedn", ""); - String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config"; - CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn); + String replicadn = "cn=replica,cn=\"" + suffix + + "\",cn=mapping tree,cn=config"; + CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn); - String masterBindUser = "Replication Manager " + masterAgreementName; + String masterBindUser = "Replication Manager " + + masterAgreementName; String cloneBindUser = "Replication Manager " + cloneAgreementName; - createReplicationManager(conn1, masterBindUser, master1_replicationpwd); - createReplicationManager(conn2, cloneBindUser, master2_replicationpwd); + createReplicationManager(conn1, masterBindUser, + master1_replicationpwd); + createReplicationManager(conn2, cloneBindUser, + master2_replicationpwd); String dir1 = getInstanceDir(conn1); createChangeLog(conn1, dir1 + "/changelogs"); @@ -1162,36 +1193,43 @@ public class DatabasePanel extends WizardPanelBase { int replicaId = cs.getInteger("dbs.beginReplicaNumber", 1); - replicaId = enableReplication(replicadn, conn1, masterBindUser, basedn, replicaId); - replicaId = enableReplication(replicadn, conn2, cloneBindUser, basedn, replicaId); + replicaId = enableReplication(replicadn, conn1, masterBindUser, + basedn, replicaId); + replicaId = enableReplication(replicadn, conn2, cloneBindUser, + basedn, replicaId); cs.putString("dbs.beginReplicaNumber", Integer.toString(replicaId)); CMS.debug("DatabasePanel setupReplication: Finished enabling replication"); - createReplicationAgreement(replicadn, conn1, masterAgreementName, - master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn1, masterAgreementName, + master2_hostname, master2_port, master2_replicationpwd, + basedn, cloneBindUser, secure, cloneStartTLS); - createReplicationAgreement(replicadn, conn2, cloneAgreementName, - master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS); + createReplicationAgreement(replicadn, conn2, cloneAgreementName, + master1_hostname, master1_port, master1_replicationpwd, + basedn, masterBindUser, secure, cloneStartTLS); // initialize consumer initializeConsumer(replicadn, conn1, masterAgreementName); - while (! replicationDone(replicadn, conn1, masterAgreementName)) { + while (!replicationDone(replicadn, conn1, masterAgreementName)) { CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete"); Thread.sleep(1000); } - String status = replicationStatus(replicadn, conn1, masterAgreementName); + String status = replicationStatus(replicadn, conn1, + masterAgreementName); if (!status.startsWith("0 ")) { - CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + - status); - throw new IOException("consumer initialization failed. " + status); - } + CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " + + status); + throw new IOException("consumer initialization failed. " + + status); + } } catch (Exception e) { - CMS.debug("DatabasePanel setupReplication: "+e.toString()); - throw new IOException("Failed to setup the replication for cloning."); + CMS.debug("DatabasePanel setupReplication: " + e.toString()); + throw new IOException( + "Failed to setup the replication for cloning."); } } @@ -1199,27 +1237,26 @@ public class DatabasePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { try { - initParams(request, context); - } catch (IOException e) { + initParams(request, context); + } catch (IOException e) { } context.put("title", "Database"); context.put("panel", "admin/console/config/databasepanel.vm"); } private boolean isAgreementExist(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn="+name+","+replicadn; - String filter = "(cn="+name+")"; - String[] attrs = {"cn"}; + String name) { + String dn = "cn=" + name + "," + replicadn; + String filter = "(cn=" + name + ")"; + String[] attrs = { "cn" }; try { LDAPSearchResults results = conn.search(dn, LDAPv3.SCOPE_SUB, - filter, attrs, false); + filter, attrs, false); while (results.hasMoreElements()) - return true; + return true; } catch (LDAPException e) { return false; } @@ -1227,8 +1264,8 @@ public class DatabasePanel extends WizardPanelBase { return false; } - private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd) - throws LDAPException { + private void createReplicationManager(LDAPConnection conn, String bindUser, + String pwd) throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=" + bindUser + ",cn=config"; @@ -1248,11 +1285,13 @@ public class DatabasePanel extends WizardPanelBase { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationManager: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationManager: " + + ee.toString()); } return; } else { - CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + + e.toString()); throw e; } } @@ -1261,7 +1300,7 @@ public class DatabasePanel extends WizardPanelBase { } private void createChangeLog(LDAPConnection conn, String dir) - throws LDAPException { + throws LDAPException { LDAPAttributeSet attrs = null; LDAPEntry entry = null; String dn = "cn=changelog5,cn=config"; @@ -1276,17 +1315,16 @@ public class DatabasePanel extends WizardPanelBase { } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used"); -/* leave it, dont delete it because it will have operation error - try { - conn.delete(dn); - conn.add(entry); - } catch (LDAPException ee) { - CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); - } -*/ + /* + * leave it, dont delete it because it will have operation error + * try { conn.delete(dn); conn.add(entry); } catch + * (LDAPException ee) { + * CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); } + */ return; } else { - CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " + + e.toString()); throw e; } } @@ -1294,9 +1332,9 @@ public class DatabasePanel extends WizardPanelBase { CMS.debug("DatabasePanel createChangeLog: Successfully create change log entry"); } - private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id) - throws LDAPException { - CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn); + private int enableReplication(String replicadn, LDAPConnection conn, + String bindUser, String basedn, int id) throws LDAPException { + CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn); LDAPAttributeSet attrs = null; LDAPEntry entry = null; try { @@ -1306,8 +1344,8 @@ public class DatabasePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("objectclass", "extensibleobject")); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3")); - attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser + + ",cn=config")); attrs.add(new LDAPAttribute("cn", "replica")); attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id))); attrs.add(new LDAPAttribute("nsds5flags", "1")); @@ -1315,49 +1353,57 @@ public class DatabasePanel extends WizardPanelBase { conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - /* BZ 470918 -we cant just add the new dn. We need to do a replace instead - * until the DS code is fixed */ - CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used"); - + /* + * BZ 470918 -we cant just add the new dn. We need to do a + * replace instead until the DS code is fixed + */ + CMS.debug("DatabasePanel enableReplication: " + replicadn + + " has already been used"); + try { entry = conn.read(replicadn); - LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN"); - attr.addValue( "cn=" + bindUser + ",cn=config"); - LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); + LDAPAttribute attr = entry + .getAttribute("nsDS5ReplicaBindDN"); + attr.addValue("cn=" + bindUser + ",cn=config"); + LDAPModification mod = new LDAPModification( + LDAPModification.REPLACE, attr); conn.modify(replicadn, mod); } catch (LDAPException ee) { - CMS.debug("DatabasePanel enableReplication: Failed to modify " - +replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to modify " + + replicadn + " entry. Exception: " + e.toString()); } return id; } else { - CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel enableReplication: Failed to create " + + replicadn + " entry. Exception: " + e.toString()); return id; } } - CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry."); + CMS.debug("DatabasePanel enableReplication: Successfully create " + + replicadn + " entry."); return id + 1; } - private void createReplicationAgreement(String replicadn, - LDAPConnection conn, String name, String replicahost, int replicaport, - String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn); + private void createReplicationAgreement(String replicadn, + LDAPConnection conn, String name, String replicahost, + int replicaport, String replicapwd, String basedn, String bindUser, + String secure, String cloneStartTLS) throws LDAPException { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn); LDAPEntry entry = null; LDAPAttributeSet attrs = null; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", - "nsds5replicationagreement")); + "nsds5replicationagreement")); attrs.add(new LDAPAttribute("cn", name)); attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost)); - attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport)); - attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",cn=config")); + attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport)); + attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser + + ",cn=config")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple")); attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd)); @@ -1368,50 +1414,58 @@ public class DatabasePanel extends WizardPanelBase { } CMS.debug("About to set description attr to " + name); - attrs.add(new LDAPAttribute("description",name)); + attrs.add(new LDAPAttribute("description", name)); entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (LDAPException e) { if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) { - CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used"); + CMS.debug("DatabasePanel createReplicationAgreement: " + dn + + " has already used"); try { conn.delete(dn); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + + ee.toString()); throw ee; } try { conn.add(entry); } catch (LDAPException ee) { - CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: " + + ee.toString()); throw ee; } } else { - CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + + dn + " entry. Exception: " + e.toString()); throw e; } } - CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name); + CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " + + name); } - private void initializeConsumer(String replicadn, LDAPConnection conn, - String name) { - String dn = "cn="+name+","+replicadn; - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn); - CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort()); + private void initializeConsumer(String replicadn, LDAPConnection conn, + String name) { + String dn = "cn=" + name + "," + replicadn; + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + + dn); + CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + + conn.getHost() + " port: " + conn.getPort()); try { LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh", - "start"); + "start"); LDAPModification mod = new LDAPModification( - LDAPModification.REPLACE, attr); + LDAPModification.REPLACE, attr); CMS.debug("DatabasePanel initializeConsumer: start modifying"); conn.modify(dn, mod); CMS.debug("DatabasePanel initializeConsumer: Finish modification."); } catch (LDAPException e) { - CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString()); + CMS.debug("DatabasePanel initializeConsumer: Failed to modify " + + dn + " entry. Exception: " + e.toString()); return; } catch (Exception e) { CMS.debug("DatabasePanel initializeConsumer: exception " + e); @@ -1422,33 +1476,35 @@ public class DatabasePanel extends WizardPanelBase { Thread.sleep(5000); CMS.debug("DatabasePanel initializeConsumer: finish sleeping."); } catch (InterruptedException ee) { - CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString()); + CMS.debug("DatabasePanel initializeConsumer: exception: " + + ee.toString()); } CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer"); } - private boolean replicationDone(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private boolean replicationDone(String replicadn, LDAPConnection conn, + String name) throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5beginreplicarefresh"}; + String[] attrs = { "nsds5beginreplicarefresh" }; - CMS.debug("DatabasePanel replicationDone: dn: "+dn); + CMS.debug("DatabasePanel replicationDone: dn: " + dn); try { - LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, true); + LDAPSearchResults results = conn.search(dn, + LDAPConnection.SCOPE_BASE, filter, attrs, true); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } - + } + LDAPEntry entry = results.next(); - LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh"); + LDAPAttribute refresh = entry + .getAttribute("nsds5beginreplicarefresh"); if (refresh == null) { return true; - } + } return false; } catch (Exception e) { CMS.debug("DatabasePanel replicationDone: exception " + e); @@ -1456,31 +1512,33 @@ public class DatabasePanel extends WizardPanelBase { } } - private String replicationStatus(String replicadn, LDAPConnection conn, String name) - throws IOException { - String dn = "cn="+name+","+replicadn; + private String replicationStatus(String replicadn, LDAPConnection conn, + String name) throws IOException { + String dn = "cn=" + name + "," + replicadn; String filter = "(objectclass=*)"; - String[] attrs = {"nsds5replicalastinitstatus"}; + String[] attrs = { "nsds5replicalastinitstatus" }; String status = null; - CMS.debug("DatabasePanel replicationStatus: dn: "+dn); + CMS.debug("DatabasePanel replicationStatus: dn: " + dn); try { - LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, - attrs, false); + LDAPSearchResults results = conn.search(dn, + LDAPConnection.SCOPE_BASE, filter, attrs, false); int count = results.getCount(); if (count < 1) { throw new IOException("Replication entry not found"); - } + } LDAPEntry entry = results.next(); - LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus"); + LDAPAttribute attr = entry + .getAttribute("nsds5replicalastinitstatus"); if (attr != null) { Enumeration valsInAttr = attr.getStringValues(); if (valsInAttr.hasMoreElements()) { - return (String)valsInAttr.nextElement(); + return (String) valsInAttr.nextElement(); } else { - throw new IOException("No value returned for nsds5replicalastinitstatus"); + throw new IOException( + "No value returned for nsds5replicalastinitstatus"); } } else { throw new IOException("nsDS5ReplicaLastInitStatus is null."); @@ -1492,35 +1550,42 @@ public class DatabasePanel extends WizardPanelBase { } private String getInstanceDir(LDAPConnection conn) { - String instancedir=""; + String instancedir = ""; try { String filter = "(objectclass=*)"; - String[] attrs = {"nsslapd-directory"}; - LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB, - filter, attrs, false); + String[] attrs = { "nsslapd-directory" }; + LDAPSearchResults results = conn.search( + "cn=config,cn=ldbm database,cn=plugins,cn=config", + LDAPv3.SCOPE_SUB, filter, attrs, false); while (results.hasMoreElements()) { LDAPEntry entry = results.next(); String dn = entry.getDN(); - CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn); + CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " + + dn); LDAPAttributeSet entryAttrs = entry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet + .nextElement(); String attrName = nextAttr.getName(); - CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName); + CMS.debug("DatabasePanel getInstanceDir: attribute name: " + + attrName); Enumeration valsInAttr = nextAttr.getStringValues(); - while ( valsInAttr.hasMoreElements() ) { - String nextValue = (String)valsInAttr.nextElement(); + while (valsInAttr.hasMoreElements()) { + String nextValue = (String) valsInAttr.nextElement(); if (attrName.equalsIgnoreCase("nsslapd-directory")) { - CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue); - return nextValue.substring(0,nextValue.lastIndexOf("/db")); + CMS.debug("DatabasePanel getInstanceDir: instanceDir=" + + nextValue); + return nextValue.substring(0, + nextValue.lastIndexOf("/db")); } } } } } catch (LDAPException e) { - CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString()); + CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + + e.toString()); } return instancedir; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java index d8fd7526..127e233c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DatabaseServlet extends BaseServlet { /** @@ -34,8 +32,7 @@ public class DatabaseServlet extends BaseServlet { private static final long serialVersionUID = 6474664942834474385L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java index 1e1b6dec..b2365eb7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.URLEncoder; import java.util.Locale; @@ -42,25 +41,25 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class DisplayCertChainPanel extends WizardPanelBase { - public DisplayCertChainPanel() {} + public DisplayCertChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Display Certificate Chain"); setId(id); } - - public boolean isSubPanel() { + + public boolean isSubPanel() { return true; } @@ -70,7 +69,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -86,8 +85,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - try { - String select = cs.getString("securitydomain.select",""); + try { + String select = cs.getString("securitydomain.select", ""); String type = cs.getString("preop.subsystem.select", ""); String hierarchy = cs.getString("preop.hierarchy.select", ""); @@ -113,11 +112,10 @@ public class DisplayCertChainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("DisplayCertChainPanel: display"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("DisplayCertChainPanel setting session id."); @@ -132,7 +130,8 @@ public class DisplayCertChainPanel extends WizardPanelBase { try { certchain_size = cs.getString(certChainConfigName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } int size = 0; Vector v = new Vector(); @@ -140,20 +139,22 @@ public class DisplayCertChainPanel extends WizardPanelBase { if (!certchain_size.equals("")) { try { size = Integer.parseInt(certchain_size); - } catch (Exception e) {} + } catch (Exception e) { + } for (int i = 0; i < size; i++) { certChainConfigName = "preop." + type + ".certchain." + i; try { String c = cs.getString(certChainConfigName, ""); byte[] b_c = CryptoUtil.base64Decode(c); - CertPrettyPrint pp = new CertPrettyPrint( - new X509CertImpl(b_c)); + CertPrettyPrint pp = new CertPrettyPrint(new X509CertImpl( + b_c)); v.addElement(pp.toString(Locale.getDefault())); - } catch (Exception e) {} + } catch (Exception e) { + } } } - + if (getId().equals("securitydomain")) { context.put("panelid", "securitydomain"); context.put("panelname", "Security Domain Trust Verification"); @@ -171,44 +172,48 @@ public class DisplayCertChainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { importCertChain(getId()); if (getId().equals("securitydomain")) { - int panel = getPanelNo()+1; + int panel = getPanelNo() + 1; IConfigStore cs = CMS.getConfigStore(); try { String sd_hostname = cs.getString("securitydomain.host", ""); - int sd_port = cs.getInteger("securitydomain.httpsadminport", -1); + int sd_port = cs + .getInteger("securitydomain.httpsadminport", -1); String cs_hostname = cs.getString("machineName", ""); int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + + toLowerCaseSubsystemType(subsystem) + + "/admin/console/config/wizard?p=" + panel + + "&subsystem=" + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + sd_hostname + ":" + sd_port + + "/ca/admin/ca/securityDomainLogin?url=" + + encodedValue; response.sendRedirect(sdurl); // The user previously specified the CA Security Domain's // SSL Admin port in the "Security Domain Panel"; // now retrieve this specified CA Security Domain's // non-SSL EE, SSL Agent, and SSL EE ports: - cs.putString( "securitydomain.httpport", - getSecurityDomainPort( cs, "UnSecurePort" ) ); - cs.putString("securitydomain.httpsagentport", - getSecurityDomainPort( cs, "SecureAgentPort" ) ); - cs.putString("securitydomain.httpseeport", - getSecurityDomainPort( cs, "SecurePort" ) ); + cs.putString("securitydomain.httpport", + getSecurityDomainPort(cs, "UnSecurePort")); + cs.putString("securitydomain.httpsagentport", + getSecurityDomainPort(cs, "SecureAgentPort")); + cs.putString("securitydomain.httpseeport", + getSecurityDomainPort(cs, "SecurePort")); } catch (Exception ee) { - CMS.debug("DisplayCertChainPanel Exception="+ee.toString()); + CMS.debug("DisplayCertChainPanel Exception=" + ee.toString()); } } context.put("updateStatus", "success"); @@ -218,8 +223,7 @@ public class DisplayCertChainPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { /* This should never be called */ context.put("title", "Display Certificate Chain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java index 00871921..cdcc8a47 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class DisplayServlet extends BaseServlet { /** @@ -34,8 +32,7 @@ public class DisplayServlet extends BaseServlet { private static final long serialVersionUID = -8753831516572779596L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java index 9669ddb1..c8c4d56c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.net.URLEncoder; @@ -57,23 +56,22 @@ public class DonePanel extends WizardPanelBase { public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); - public static final String RESTART_SERVER_AFTER_CONFIGURATION = - "restart_server_after_configuration"; + public static final String RESTART_SERVER_AFTER_CONFIGURATION = "restart_server_after_configuration"; public static final String PKI_SECURITY_DOMAIN = "pki_security_domain"; - public DonePanel() {} + public DonePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Done"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Done"); setId(id); @@ -88,15 +86,13 @@ public class DonePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } - private LDAPConnection getLDAPConn(Context context) - throws IOException - { + private LDAPConnection getLDAPConn(Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -112,8 +108,9 @@ public class DonePanel extends WizardPanelBase { pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("DonePanel: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException( + "DonePanel: Failed to obtain password from password store"); } try { @@ -138,11 +135,11 @@ public class DonePanel extends WizardPanelBase { LDAPConnection conn = null; if (security.equals("true")) { - CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } CMS.debug("DonePanel connecting to " + host + ":" + p); @@ -153,19 +150,17 @@ public class DonePanel extends WizardPanelBase { throw new IOException("Failed to connect to the internal database."); } - return conn; + return conn; } - /** * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("DonePanel: display()"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -193,31 +188,32 @@ public class DonePanel extends WizardPanelBase { instanceRoot = cs.getString("instanceRoot"); select = cs.getString("preop.subsystem.select", ""); systemdService = cs.getString("pkicreate.systemd.servicename", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String initDaemon = ""; if (type.equals("CA")) { - initDaemon = "pki-cad"; + initDaemon = "pki-cad"; } else if (type.equals("KRA")) { - initDaemon = "pki-krad"; + initDaemon = "pki-krad"; } else if (type.equals("OCSP")) { - initDaemon = "pki-ocspd"; + initDaemon = "pki-ocspd"; } else if (type.equals("TKS")) { - initDaemon = "pki-tksd"; + initDaemon = "pki-tksd"; } - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/bin/systemctl"); - context.put( "instanceId", systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/bin/systemctl"); + context.put("instanceId", systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Done"); context.put("panel", "admin/console/config/donepanel.vm"); @@ -233,7 +229,7 @@ public class DonePanel extends WizardPanelBase { return; } else context.put("csstate", "0"); - + } catch (Exception e) { } @@ -267,7 +263,8 @@ public class DonePanel extends WizardPanelBase { boolean cloneMaster = false; - if (select.equals("clone") && type.equalsIgnoreCase("CA") && isSDHostDomainMaster(cs)) { + if (select.equals("clone") && type.equalsIgnoreCase("CA") + && isSDHostDomainMaster(cs)) { cloneMaster = true; CMS.debug("Cloning a domain master"); } @@ -280,20 +277,22 @@ public class DonePanel extends WizardPanelBase { String basedn = cs.getString("internaldb.basedn"); String secdomain = cs.getString("securitydomain.name"); - try { + try { // Create security domain ldap entry String dn = "ou=Security Domain," + basedn; CMS.debug("DonePanel: creating ldap entry : " + dn); - + LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", "pkiSecurityDomain")); + attrs.add(new LDAPAttribute("objectclass", + "pkiSecurityDomain")); if (secdomain.equals("")) { // this should not happen - just in case CMS.debug("DonePanel display(): Security domain is an empty string!"); - throw new IOException("Security domain is an empty string!"); + throw new IOException( + "Security domain is an empty string!"); } else { attrs.add(new LDAPAttribute("name", secdomain)); } @@ -305,29 +304,33 @@ public class DonePanel extends WizardPanelBase { throw e; } - try { + try { // create list containers - String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; - for (int i=0; i< clist.length; i++) { + String clist[] = { "CAList", "OCSPList", "KRAList", + "RAList", "TKSList", "TPSList" }; + for (int i = 0; i < clist.length; i++) { LDAPEntry entry = null; LDAPAttributeSet attrs = null; - String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; + String dn = "cn=" + clist[i] + ",ou=Security Domain," + + basedn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup")); + attrs.add(new LDAPAttribute("objectclass", + "pkiSecurityGroup")); attrs.add(new LDAPAttribute("cn", clist[i])); entry = new LDAPEntry(dn, attrs); conn.add(entry); } } catch (Exception e) { - CMS.debug("Unable to create security domain list groups" ); + CMS.debug("Unable to create security domain list groups"); throw e; - } + } try { - // Add this host (only CA can create new domain) + // Add this host (only CA can create new domain) String cn = ownhost + ":" + ownadminsport; - String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn; + String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + + basedn; LDAPEntry entry = null; LDAPAttributeSet attrs = null; attrs = new LDAPAttributeSet(); @@ -336,12 +339,12 @@ public class DonePanel extends WizardPanelBase { attrs.add(new LDAPAttribute("Host", ownhost)); attrs.add(new LDAPAttribute("SecurePort", ownsport)); attrs.add(new LDAPAttribute("SecureAgentPort", - ownagentsport)); + ownagentsport)); attrs.add(new LDAPAttribute("SecureAdminPort", - ownadminsport)); + ownadminsport)); if (owneeclientauthsport != null) { - attrs.add(new LDAPAttribute("SecureEEClientAuthPort", - owneeclientauthsport)); + attrs.add(new LDAPAttribute("SecureEEClientAuthPort", + owneeclientauthsport)); } attrs.add(new LDAPAttribute("UnSecurePort", ownport)); attrs.add(new LDAPAttribute("Clone", "FALSE")); @@ -357,31 +360,32 @@ public class DonePanel extends WizardPanelBase { CMS.debug("DonePanel display: finish updating domain info"); conn.disconnect(); } catch (Exception e) { - CMS.debug("DonePanel display: "+e.toString()); + CMS.debug("DonePanel display: " + e.toString()); } int sd_admin_port_int = -1; try { - sd_admin_port_int = Integer.parseInt( sd_admin_port ); + sd_admin_port_int = Integer.parseInt(sd_admin_port); } catch (Exception e) { } try { // Fetch the "new" security domain and display it - CMS.debug( "Dump contents of new Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); - } catch( Exception e ) {} + CMS.debug("Dump contents of new Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); + } catch (Exception e) { + } // Since this instance is a new Security Domain, // create an empty file to designate this fact. String security_domain = instanceRoot + "/conf/" - + PKI_SECURITY_DOMAIN; - if( !Utils.isNT() ) { - Utils.exec( "touch " + security_domain ); - Utils.exec( "chmod 00660 " + security_domain ); + + PKI_SECURITY_DOMAIN; + if (!Utils.isNT()) { + Utils.exec("touch " + security_domain); + Utils.exec("chmod 00660 " + security_domain); } - } else { //existing domain + } else { // existing domain int sd_agent_port_int = -1; int sd_admin_port_int = -1; try { @@ -398,34 +402,30 @@ public class DonePanel extends WizardPanelBase { cloneStr = "&clone=false"; String domainMasterStr = ""; - if (cloneMaster) + if (cloneMaster) domainMasterStr = "&dm=true"; - else - domainMasterStr = "&dm=false"; + else + domainMasterStr = "&dm=false"; String eecaStr = ""; - if (owneeclientauthsport != null) - eecaStr="&eeclientauthsport=" + owneeclientauthsport; - - updateDomainXML( sd_host, sd_agent_port_int, true, - "/ca/agent/ca/updateDomainXML", - "list=" + s - + "&type=" + type - + "&host=" + ownhost - + "&name=" + subsystemName - + "&sport=" + ownsport - + domainMasterStr - + cloneStr - + "&agentsport=" + ownagentsport - + "&adminsport=" + ownadminsport - + eecaStr - + "&httpport=" + ownport ); + if (owneeclientauthsport != null) + eecaStr = "&eeclientauthsport=" + owneeclientauthsport; + + updateDomainXML(sd_host, sd_agent_port_int, true, + "/ca/agent/ca/updateDomainXML", "list=" + s + "&type=" + + type + "&host=" + ownhost + "&name=" + + subsystemName + "&sport=" + ownsport + + domainMasterStr + cloneStr + "&agentsport=" + + ownagentsport + "&adminsport=" + + ownadminsport + eecaStr + "&httpport=" + + ownport); // Fetch the "updated" security domain and display it - CMS.debug( "Dump contents of updated Security Domain . . ." ); - String c = getDomainXML( sd_host, sd_admin_port_int, true ); + CMS.debug("Dump contents of updated Security Domain . . ."); + String c = getDomainXML(sd_host, sd_admin_port_int, true); } catch (Exception e) { - context.put("errorString", "Failed to update the security domain on the domain master."); - //return; + context.put("errorString", + "Failed to update the security domain on the domain master."); + // return; } } @@ -436,16 +436,17 @@ public class DonePanel extends WizardPanelBase { cs.putString("securitydomain.store", "ldap"); cs.commit(false); } catch (Exception e) { - CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e); + CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + + e); } - // need to push connector information to the CA if (type.equals("KRA") && !ca_host.equals("")) { try { updateConnectorInfo(ownagenthost, ownagentsport); } catch (IOException e) { - context.put("errorString", "Failed to update connector information."); + context.put("errorString", + "Failed to update connector information."); return; } setupClientAuthUser(); @@ -469,7 +470,7 @@ public class DonePanel extends WizardPanelBase { setupClientAuthUser(); } - + if (!select.equals("clone")) { if (type.equals("CA") || type.equals("KRA")) { String beginRequestNumStr = ""; @@ -478,7 +479,7 @@ public class DonePanel extends WizardPanelBase { String endSerialNumStr = ""; String requestIncStr = ""; String serialIncStr = ""; - + try { endRequestNumStr = cs.getString("dbs.endRequestNumber", ""); endSerialNumStr = cs.getString("dbs.endSerialNumber", ""); @@ -492,28 +493,37 @@ public class DonePanel extends WizardPanelBase { String serialdn = ""; if (type.equals("CA")) { - serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn; + serialdn = "ou=certificateRepository,ou=" + + type.toLowerCase() + "," + basedn; } else { - serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; - } - LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString()); - LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange ); - conn.modify( serialdn, serialmod ); - - String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; - LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString()); - LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange ); - conn.modify( requestdn, requestmod ); - - conn.disconnect(); + serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + + "," + basedn; + } + LDAPAttribute attrSerialNextRange = new LDAPAttribute( + "nextRange", endSerialNum.add(oneNum).toString()); + LDAPModification serialmod = new LDAPModification( + LDAPModification.REPLACE, attrSerialNextRange); + conn.modify(serialdn, serialmod); + + String requestdn = "ou=" + type.toLowerCase() + + ",ou=requests," + basedn; + LDAPAttribute attrRequestNextRange = new LDAPAttribute( + "nextRange", endRequestNum.add(oneNum).toString()); + LDAPModification requestmod = new LDAPModification( + LDAPModification.REPLACE, attrRequestNextRange); + conn.modify(requestdn, requestmod); + + conn.disconnect(); } catch (Exception e) { - CMS.debug("Unable to update global next range numbers: " + e); - } + CMS.debug("Unable to update global next range numbers: " + + e); + } } - } + } if (cloneMaster) { - // cloning a domain master CA, the clone is also master of its domain + // cloning a domain master CA, the clone is also master of its + // domain try { cs.putString("securitydomain.host", ownhost); cs.putString("securitydomain.httpport", ownport); @@ -536,42 +546,58 @@ public class DonePanel extends WizardPanelBase { String ss = st.nextToken(); if (ss.equals("sslserver")) continue; - cs.putString("cloning." + ss + ".nickname", cs.getString("preop.cert." + ss + ".nickname", "")); - cs.putString("cloning." + ss + ".dn", cs.getString("preop.cert." + ss + ".dn", "")); - cs.putString("cloning." + ss + ".keytype", cs.getString("preop.cert." + ss + ".keytype", "")); - cs.putString("cloning." + ss + ".keyalgorithm", cs.getString("preop.cert." + ss + ".keyalgorithm", "")); - cs.putString("cloning." + ss + ".privkey.id", cs.getString("preop.cert." + ss + ".privkey.id", "")); - cs.putString("cloning." + ss + ".pubkey.exponent", cs.getString("preop.cert." + ss + ".pubkey.exponent", "")); - cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString("preop.cert." + ss + ".pubkey.modulus", "")); - cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString("preop.cert." + ss + ".pubkey.encoded", "")); + cs.putString("cloning." + ss + ".nickname", + cs.getString("preop.cert." + ss + ".nickname", "")); + cs.putString("cloning." + ss + ".dn", + cs.getString("preop.cert." + ss + ".dn", "")); + cs.putString("cloning." + ss + ".keytype", + cs.getString("preop.cert." + ss + ".keytype", "")); + cs.putString("cloning." + ss + ".keyalgorithm", + cs.getString("preop.cert." + ss + ".keyalgorithm", "")); + cs.putString("cloning." + ss + ".privkey.id", + cs.getString("preop.cert." + ss + ".privkey.id", "")); + cs.putString("cloning." + ss + ".pubkey.exponent", cs + .getString("preop.cert." + ss + ".pubkey.exponent", "")); + cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString( + "preop.cert." + ss + ".pubkey.modulus", "")); + cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString( + "preop.cert." + ss + ".pubkey.encoded", "")); } - cs.putString("cloning.module.token", cs.getString("preop.module.token", "")); + cs.putString("cloning.module.token", + cs.getString("preop.module.token", "")); cs.putString("cloning.list", list); // more cloning variables needed for non-ca clones - if (! type.equals("CA")) { + if (!type.equals("CA")) { String val = cs.getString("preop.ca.hostname", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.hostname", val); val = cs.getString("preop.ca.httpport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpport", val); - val = cs.getString("preop.ca.httpsport", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val); + val = cs.getString("preop.ca.httpsport", ""); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.httpsport", val); val = cs.getString("preop.ca.list", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.list", val); val = cs.getString("preop.ca.pkcs7", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.pkcs7", val); val = cs.getString("preop.ca.type", ""); - if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val); + if (val.compareTo("") != 0) + cs.putString("cloning.ca.type", val); } // save EC type for sslserver cert (if present) - cs.putString("jss.ssl.sslserver.ectype", cs.getString("preop.cert.sslserver.ec.type", "ECDHE")); + cs.putString("jss.ssl.sslserver.ectype", + cs.getString("preop.cert.sslserver.ec.type", "ECDHE")); cs.removeSubStore("preop"); cs.commit(false); @@ -580,10 +606,10 @@ public class DonePanel extends WizardPanelBase { // this server instance has been configured, it has NOT yet // been restarted! String restart_server = instanceRoot + "/conf/" - + RESTART_SERVER_AFTER_CONFIGURATION; - if( !Utils.isNT() ) { - Utils.exec( "touch " + restart_server ); - Utils.exec( "chmod 00660 " + restart_server ); + + RESTART_SERVER_AFTER_CONFIGURATION; + if (!Utils.isNT()) { + Utils.exec("touch " + restart_server); + Utils.exec("chmod 00660 " + restart_server); } } catch (Exception e) { @@ -593,13 +619,11 @@ public class DonePanel extends WizardPanelBase { context.put("csstate", "1"); } - private void setupClientAuthUser() - { + private void setupClientAuthUser() { IConfigStore cs = CMS.getConfigStore(); // retrieve CA subsystem certificate from the CA - IUGSubsystem system = - (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); + IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String id = ""; try { String b64 = getCASubsystemCert(); @@ -640,9 +664,8 @@ public class DonePanel extends WizardPanelBase { } } - - private void updateOCSPConfig(HttpServletResponse response) - throws IOException { + private void updateOCSPConfig(HttpServletResponse response) + throws IOException { IConfigStore config = CMS.getConfigStore(); String cahost = ""; int caport = -1; @@ -661,7 +684,8 @@ public class DonePanel extends WizardPanelBase { int ocspport = Integer.parseInt(CMS.getAgentPort()); int ocspagentport = Integer.parseInt(CMS.getAgentPort()); String session_id = CMS.getConfigSDSessionId(); - String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport; + String content = "xmlOutput=true&sessionID=" + session_id + + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport; updateOCSPConfig(cahost, caport, true, content, response); } @@ -675,38 +699,43 @@ public class DonePanel extends WizardPanelBase { if (b64.equals("")) throw new IOException("Failed to get certificate chain."); - + try { // this could be a chain X509Certificate[] certs = Cert.mapCertFromPKCS7(b64); X509Certificate leafCert = null; if (certs != null && certs.length > 0) { - if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) { + if (certs[0].getSubjectDN().getName() + .equals(certs[0].getIssuerDN().getName())) { leafCert = certs[certs.length - 1]; } else { leafCert = certs[0]; } - - IOCSPAuthority ocsp = - (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID); + + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(IOCSPAuthority.ID); IDefStore defStore = ocsp.getDefaultStore(); // (1) need to normalize (sort) the chain // (2) store certificate (and certificate chain) into // database - ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), - BIG_ZERO, - MINUS_ONE, null, null); + ICRLIssuingPointRecord rec = defStore + .createCRLIssuingPointRecord(leafCert + .getSubjectDN().getName(), BIG_ZERO, + MINUS_ONE, null, null); try { - rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); + rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, + leafCert.getEncoded()); } catch (Exception e) { // error } - defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); - //log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); + defStore.addCRLIssuingPoint(leafCert.getSubjectDN() + .getName(), rec); + // log(ILogger.EV_AUDIT, AuditFormat.LEVEL, + // "Added CA certificate " + + // leafCert.getSubjectDN().getName()); CMS.debug("DonePanel importCACertToOCSP: Added CA certificate."); } @@ -717,7 +746,8 @@ public class DonePanel extends WizardPanelBase { throw e; } catch (Exception e) { CMS.debug("DonePanel importCACertToOCSP: Failed to import the certificate chain into the OCSP"); - throw new IOException("Failed to import the certificate chain into the OCSP"); + throw new IOException( + "Failed to import the certificate chain into the OCSP"); } } @@ -748,7 +778,7 @@ public class DonePanel extends WizardPanelBase { } private void updateConnectorInfo(String ownagenthost, String ownagentsport) - throws IOException { + throws IOException { IConfigStore cs = CMS.getConfigStore(); int port = -1; String url = ""; @@ -757,21 +787,29 @@ public class DonePanel extends WizardPanelBase { try { url = cs.getString("preop.ca.url", ""); if (!url.equals("")) { - host = cs.getString("preop.ca.hostname", ""); - port = cs.getInteger("preop.ca.httpsadminport", -1); - transportCert = cs.getString("kra.transport.cert", ""); + host = cs.getString("preop.ca.hostname", ""); + port = cs.getInteger("preop.ca.httpsadminport", -1); + transportCert = cs.getString("kra.transport.cert", ""); } } catch (Exception e) { } if (host == null) { - CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); + CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required"); } else { - CMS.debug("DonePanel: Transport certificate is being setup in " + url); - String session_id = CMS.getConfigSDSessionId(); - String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; - - updateConnectorInfo(host, port, true, content); + CMS.debug("DonePanel: Transport certificate is being setup in " + + url); + String session_id = CMS.getConfigSDSessionId(); + String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + + ownagenthost + + "&ca.connector.KRA.port=" + + ownagentsport + + "&ca.connector.KRA.transportCert=" + + URLEncoder.encode(transportCert) + + "&sessionID=" + + session_id; + + updateConnectorInfo(host, port, true, content); } } @@ -793,21 +831,23 @@ public class DonePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException {} + HttpServletResponse response, Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) {/* This should never be called */} + HttpServletResponse response, Context context) {/* + * This should never + * be called + */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java index 9d7fc22a..561fbcf6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java @@ -50,6 +50,7 @@ public class DownloadPKCS12 extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,7 +60,7 @@ public class DownloadPKCS12 extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("DownloadPKCS12: processing..."); @@ -70,7 +71,7 @@ public class DownloadPKCS12 extends CMSServlet { mRenderResult = false; // check the pin from the session - String pin = (String)httpReq.getSession().getAttribute("pin"); + String pin = (String) httpReq.getSession().getAttribute("pin"); if (pin == null) { CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie."); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); @@ -101,18 +102,26 @@ public class DownloadPKCS12 extends CMSServlet { httpResp.getOutputStream().write(pkcs12); return; } catch (Exception e) { - CMS.debug("DownloadPKCS12 process: Exception="+e.toString()); + CMS.debug("DownloadPKCS12 process: Exception=" + e.toString()); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java index 87cb7a7c..57af9f9a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Locale; @@ -40,7 +39,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetCertChain extends CMSServlet { /** @@ -56,6 +54,7 @@ public class GetCertChain extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -63,11 +62,13 @@ public class GetCertChain extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -76,11 +77,11 @@ public class GetCertChain extends CMSServlet { String outputString = null; - CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain(); + CertificateChain certChain = ((ICertAuthority) mAuthority) + .getCACertChain(); if (certChain == null) { - CMS.debug( - "GetCertChain displayChain: cannot get the certificate chain."); + CMS.debug("GetCertChain displayChain: cannot get the certificate chain."); outputError(httpResp, "Error: Failed to get certificate chain."); return; } @@ -95,7 +96,7 @@ public class GetCertChain extends CMSServlet { } catch (IOException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", - e.toString())); + e.toString())); outputError(httpResp, "Error: Failed to encode the certificate chain"); } @@ -121,7 +122,15 @@ public class GetCertChain extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java index c1010b46..456bf6c1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java @@ -59,6 +59,7 @@ public class GetConfigEntries extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -67,11 +68,13 @@ public class GetConfigEntries extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -84,12 +87,12 @@ public class GetConfigEntries extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetConfigEntries authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; - } + } // Construct an ArgBlock IArgBlock args = cmsReq.getHttpParams(); @@ -104,32 +107,32 @@ public class GetConfigEntries extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetConfigEntries process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetConfigEntries process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "read"); } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } catch (Exception e) { - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, + outputError(httpResp, "Error: Encountered problem during authorization."); - return; + return; } if (authzToken == null) { - outputError(httpResp, "Error: Not authorized"); - return; + outputError(httpResp, "Error: Not authorized"); + return; } if (op != null) { @@ -140,9 +143,9 @@ public class GetConfigEntries extends CMSServlet { String name1 = t.nextToken(); IConfigStore cs = config.getSubStore(name1); Enumeration enum1 = cs.getPropertyNames(); - + while (enum1.hasMoreElements()) { - String name = name1+"."+enum1.nextElement(); + String name = name1 + "." + enum1.nextElement(); try { String value = config.getString(name); Node container = xmlObj.createContainer(root, "Config"); @@ -171,10 +174,10 @@ public class GetConfigEntries extends CMSServlet { value = getLDAPPassword(); } else if (name.equals("internaldb.replication.password")) { value = getReplicationPassword(); - } else + } else continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -208,7 +211,15 @@ public class GetConfigEntries extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } private String getLDAPPassword() { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java index 74edda79..1e59bf71 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -45,7 +45,6 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - public class GetCookie extends CMSServlet { /** @@ -57,10 +56,8 @@ public class GetCookie extends CMSServlet { private String mErrorFormPath = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; - private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = - "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; public GetCookie() { super(); @@ -68,6 +65,7 @@ public class GetCookie extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -78,12 +76,13 @@ public class GetCookie extends CMSServlet { mRandom = new Random(); mErrorFormPath = sc.getInitParameter("errorTemplatePath"); if (mOutputTemplatePath != null) { - mFormPath = mOutputTemplatePath; + mFormPath = mOutputTemplatePath; } } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -100,28 +99,27 @@ public class GetCookie extends CMSServlet { } IArgBlock header = CMS.createArgBlock(); - IArgBlock ctx = CMS.createArgBlock(); + IArgBlock ctx = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, ctx); CMSTemplate form = null; Locale[] locale = new Locale[1]; String url = httpReq.getParameter("url"); - CMS.debug("GetCookie before auth, url ="+url); + CMS.debug("GetCookie before auth, url =" + url); String url_e = ""; URL u = null; try { url_e = URLDecoder.decode(url, "UTF-8"); u = new URL(url_e); } catch (Exception eee) { - throw new ECMSGWException( - "GetCookie missing parameter: url"); + throw new ECMSGWException("GetCookie missing parameter: url"); } int index2 = url_e.indexOf("subsystem="); String subsystem = ""; if (index2 > 0) { - subsystem = url.substring(index2+10); + subsystem = url.substring(index2 + 10); int index1 = subsystem.indexOf("&"); if (index1 > 0) subsystem = subsystem.substring(0, index1); @@ -131,9 +129,9 @@ public class GetCookie extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { CMS.debug("GetCookie authentication failed"); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); header.addStringValue("sd_uid", ""); header.addStringValue("sd_pwd", ""); header.addStringValue("host", u.getHost()); @@ -149,17 +147,17 @@ public class GetCookie extends CMSServlet { form = getTemplate(mErrorFormPath, httpReq, locale); } catch (IOException eee) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ - } + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + * throw new ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ + } - if( form == null ) { + if (form == null) { CMS.debug("GetCookie::process() - form is null!"); - throw new EBaseException( "form is null" ); + throw new EBaseException("form is null"); } try { @@ -170,16 +168,17 @@ public class GetCookie extends CMSServlet { form.renderOutput(out, argSet); } catch (IOException ee) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + ee.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; - } + } String cookie = ""; String auditMessage = ""; - + if (authToken != null) { String uid = authToken.getInString("uid"); String groupname = getGroupName(uid, subsystem); @@ -187,16 +186,15 @@ public class GetCookie extends CMSServlet { if (groupname != null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - uid, - ILogger.SUCCESS, - groupname); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.SUCCESS, + groupname); audit(auditMessage); // assign cookie long num = mRandom.nextLong(); - cookie = num+""; - ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable(); + cookie = num + ""; + ISecurityDomainSessionTable ctable = CMS + .getSecurityDomainSessionTable(); String addr = ""; try { addr = u.getHost(); @@ -207,43 +205,42 @@ public class GetCookie extends CMSServlet { ip = InetAddress.getByName(addr).toString(); int index = ip.indexOf("/"); if (index > 0) - ip = ip.substring(index+1); + ip = ip.substring(index + 1); } catch (Exception e) { } - String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip + - "+uid;;" + uid + "+groupname;;" + groupname; + String auditParams = "operation;;issue_token+token;;" + cookie + + "+ip;;" + ip + "+uid;;" + uid + "+groupname;;" + + groupname; int status = ctable.addEntry(cookie, ip, uid, groupname); if (status == ISecurityDomainSessionTable.SUCCESS) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - uid, - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid, + ILogger.SUCCESS, auditParams); audit(auditMessage); } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - uid, - ILogger.FAILURE, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid, + ILogger.FAILURE, auditParams); audit(auditMessage); } try { - String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort(); + String sd_url = "https://" + CMS.getEESSLHost() + ":" + + CMS.getEESSLPort(); if (!url.startsWith("$")) { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { CMS.debug("GetCookie process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", + * e.toString())); throw new ECMSGWException( + * CMS.getUserMessage + * ("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } header.addStringValue("url", url); @@ -251,26 +248,26 @@ public class GetCookie extends CMSServlet { EBaseException error = null; try { - ServletOutputStream out = httpResp.getOutputStream(); + ServletOutputStream out = httpResp + .getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - httpResp.setContentType("text/html"); - form.renderOutput(out, argSet); + httpResp.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } catch (Exception e) { } } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ROLE_ASSUME, - uid, - ILogger.FAILURE, - "Enterprise " + subsystem + " Administrators"); + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.FAILURE, + "Enterprise " + subsystem + " Administrators"); audit(auditMessage); } } @@ -278,25 +275,25 @@ public class GetCookie extends CMSServlet { private String getGroupName(String uid, String subsystemname) { String groupname = ""; - IUGSubsystem subsystem = - (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID)); - if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && - subsystemname.equals("CA")) { + IUGSubsystem subsystem = (IUGSubsystem) (CMS + .getSubsystem(IUGSubsystem.ID)); + if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") + && subsystemname.equals("CA")) { return "Enterprise CA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") && - subsystemname.equals("KRA")) { + } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") + && subsystemname.equals("KRA")) { return "Enterprise KRA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") && - subsystemname.equals("OCSP")) { + } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") + && subsystemname.equals("OCSP")) { return "Enterprise OCSP Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") && - subsystemname.equals("TKS")) { + } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") + && subsystemname.equals("TKS")) { return "Enterprise TKS Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") && - subsystemname.equals("RA")) { + } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") + && subsystemname.equals("RA")) { return "Enterprise RA Administrators"; - } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") && - subsystemname.equals("TPS")) { + } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") + && subsystemname.equals("TPS")) { return "Enterprise TPS Administrators"; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java index f9e6c70e..b3d9470d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.IOException; import java.util.Enumeration; @@ -48,7 +47,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class GetDomainXML extends CMSServlet { /** @@ -64,6 +62,7 @@ public class GetDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +72,13 @@ public class GetDomainXML extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -95,8 +96,7 @@ public class GetDomainXML extends CMSServlet { try { secstore = cs.getString("securitydomain.store"); basedn = cs.getString("internaldb.basedn"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script"); } @@ -104,7 +104,8 @@ public class GetDomainXML extends CMSServlet { XMLObject response = new XMLObject(); Node root = response.createRoot("XMLResponse"); - if ((secstore != null) && (basedn != null) && (secstore.equals("ldap"))) { + if ((secstore != null) && (basedn != null) + && (secstore.equals("ldap"))) { ILdapConnFactory connFactory = null; LDAPConnection conn = null; try { @@ -120,64 +121,77 @@ public class GetDomainXML extends CMSServlet { connFactory.init(ldapConfig); conn = connFactory.getConn(); - // get the security domain name - String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement(); + // get the security domain name + String secdomain = (String) conn.read(dn) + .getAttribute("name").getStringValues() + .nextElement(); XMLObject xmlObj = new XMLObject(); Node domainInfo = xmlObj.createRoot("DomainInfo"); xmlObj.addItemToContainer(domainInfo, "Name", secdomain); - // this should return CAList, KRAList etc. - LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, true, cons); + // this should return CAList, KRAList etc. + LDAPSearchResults res = conn + .search(dn, LDAPConnection.SCOPE_ONE, filter, + attrs, true, cons); while (res.hasMoreElements()) { int count = 0; dn = res.next().getDN(); String listName = dn.substring(3, dn.indexOf(",")); - String subType = listName.substring(0, listName.indexOf("List")); - Node listNode = xmlObj.createContainer(domainInfo, listName); - + String subType = listName.substring(0, + listName.indexOf("List")); + Node listNode = xmlObj.createContainer(domainInfo, + listName); + filter = "objectclass=pkiSubsystem"; - LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, - attrs, false, cons); + LDAPSearchResults res2 = conn.search(dn, + LDAPConnection.SCOPE_ONE, filter, attrs, false, + cons); while (res2.hasMoreElements()) { - Node node = xmlObj.createContainer(listNode, subType); + Node node = xmlObj.createContainer(listNode, + subType); LDAPEntry entry = res2.next(); - LDAPAttributeSet entryAttrs = entry.getAttributeSet(); + LDAPAttributeSet entryAttrs = entry + .getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while (attrsInSet.hasMoreElements()) { - LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement(); + LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet + .nextElement(); String attrName = nextAttr.getName(); - if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) { - String attrValue = (String) nextAttr.getStringValues().nextElement(); - xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue); + if ((!attrName.equals("cn")) + && (!attrName.equals("objectClass"))) { + String attrValue = (String) nextAttr + .getStringValues().nextElement(); + xmlObj.addItemToContainer(node, + securityDomainLDAPtoXML(attrName), + attrValue); } } - count ++; - } - xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count)); + count++; + } + xmlObj.addItemToContainer(listNode, "SubsystemCount", + Integer.toString(count)); } // Add new xml object as string to response. - response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString()); - } - catch (Exception e) { - CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString()); + response.addItemToContainer(root, "DomainInfo", + xmlObj.toXMLString()); + } catch (Exception e) { + CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + + e.toString()); status = FAILED; - } - finally { - if ((conn != null) && (connFactory!= null)) { + } finally { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } } - } - else { - // get data from file store + } else { + // get data from file store - String path = CMS.getConfigStore().getString("instanceRoot", "") - + "/conf/domain.xml"; + String path = CMS.getConfigStore() + .getString("instanceRoot", "") + "/conf/domain.xml"; CMS.debug("GetDomainXML: got path=" + path); @@ -193,11 +207,12 @@ public class GetDomainXML extends CMSServlet { fis.close(); CMS.debug("GetDomainXML: Done Reading domain.xml..."); - response.addItemToContainer(root, "DomainInfo", new String(buf)); - } - catch (Exception e) { - CMS.debug("Failed to read domain.xml from file" + e.toString()); - status = FAILED; + response.addItemToContainer(root, "DomainInfo", new String( + buf)); + } catch (Exception e) { + CMS.debug("Failed to read domain.xml from file" + + e.toString()); + status = FAILED; } } @@ -206,23 +221,34 @@ public class GetDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("GetDomainXML: Failed to send the XML output" + e.toString()); + CMS.debug("GetDomainXML: Failed to send the XML output" + + e.toString()); } } protected String securityDomainLDAPtoXML(String attribute) { - if (attribute.equals("host")) return "Host"; - else return attribute; + if (attribute.equals("host")) + return "Host"; + else + return attribute; } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java index 02fe36c1..623acf9a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -36,7 +35,6 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.xml.XMLObject; - public class GetStatus extends CMSServlet { /** @@ -52,6 +50,7 @@ public class GetStatus extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -59,18 +58,19 @@ public class GetStatus extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String outputString = null; - String state = config.getString("cs.state", ""); - String type = config.getString("cs.type", ""); + String state = config.getString("cs.state", ""); + String type = config.getString("cs.type", ""); try { XMLObject xmlObj = null; @@ -89,7 +89,15 @@ public class GetStatus extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java index 0a6c5ec3..93d7e922 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -39,7 +38,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.xml.XMLObject; - public class GetSubsystemCert extends CMSServlet { /** @@ -55,6 +53,7 @@ public class GetSubsystemCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -62,7 +61,7 @@ public class GetSubsystemCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); @@ -75,27 +74,29 @@ public class GetSubsystemCert extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("GetSubsystemCert process: nickname="+nickname); + CMS.debug("GetSubsystemCert process: nickname=" + nickname); String s = ""; try { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); - + if (cert == null) { CMS.debug("GetSubsystemCert process: subsystem cert is null"); - outputError(httpResp, "Error: Failed to get subsystem certificate."); + outputError(httpResp, + "Error: Failed to get subsystem certificate."); return; } byte[] bytes = cert.getEncoded(); s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes)); } catch (Exception e) { - CMS.debug("GetSubsystemCert process: exception: "+e.toString()); + CMS.debug("GetSubsystemCert process: exception: " + e.toString()); } try { @@ -111,7 +112,15 @@ public class GetSubsystemCert extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java index d7af0740..f4d68392 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java @@ -52,6 +52,7 @@ public class GetTokenInfo extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -60,11 +61,13 @@ public class GetTokenInfo extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -78,8 +81,8 @@ public class GetTokenInfo extends CMSServlet { try { xmlObj = new XMLObject(); } catch (Exception e) { - CMS.debug("GetTokenInfo process: Exception: "+e.toString()); - throw new EBaseException( e.toString() ); + CMS.debug("GetTokenInfo process: Exception: " + e.toString()); + throw new EBaseException(e.toString()); } Node root = xmlObj.createRoot("XMLResponse"); @@ -97,7 +100,7 @@ public class GetTokenInfo extends CMSServlet { String name = t1.nextToken(); if (name.equals("sslserver")) continue; - name = "cloning."+name+".nickname"; + name = "cloning." + name + ".nickname"; String value = ""; try { @@ -105,7 +108,7 @@ public class GetTokenInfo extends CMSServlet { } catch (Exception ee) { continue; } - + Node container = xmlObj.createContainer(root, "Config"); xmlObj.addItemToContainer(container, "name", name); xmlObj.addItemToContainer(container, "value", value); @@ -149,6 +152,14 @@ public class GetTokenInfo extends CMSServlet { return locale; } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java index bc29b34a..8d8747b9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.CertificateEncodingException; import java.util.Locale; @@ -63,6 +62,7 @@ public class GetTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet { CMS.debug("GetTransportCert authentication successful."); } catch (Exception e) { CMS.debug("GetTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); CMS.debug("GetTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -124,19 +124,19 @@ public class GetTransportCert extends CMSServlet { IConfigStore cs = CMS.getConfigStore(); - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) mAuthority; - ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = - tu.getCertificate(); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; + ITransportKeyUnit tu = kra.getTransportKeyUnit(); + org.mozilla.jss.crypto.X509Certificate transportCert = tu + .getCertificate(); - String mime64 = ""; + String mime64 = ""; try { mime64 = CMS.BtoA(transportCert.getEncoded()); - mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64); - } catch (CertificateEncodingException eee) { + mime64 = com.netscape.cmsutil.util.Cert + .normalizeCertStrAndReq(mime64); + } catch (CertificateEncodingException eee) { CMS.debug("GetTransportCert: Failed to encode certificate"); - } + } // send success status back to the requestor try { @@ -154,14 +154,22 @@ public class GetTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java index a00b0fb7..02a2c21a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class HierarchyPanel extends WizardPanelBase { - public HierarchyPanel() {} + public HierarchyPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("PKI Hierarchy"); setId(id); @@ -56,16 +55,15 @@ public class HierarchyPanel extends WizardPanelBase { public boolean shouldSkip() { - // we dont need to ask the hierachy if we are + // we dont need to ask the hierachy if we are // setting up a clone try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select", - null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { // mark this panel as done - c.putString("preop.hierarchy.select","root"); - c.putString("hierarchy.select","Clone"); + c.putString("preop.hierarchy.select", "root"); + c.putString("hierarchy.select", "Clone"); return true; } } catch (EBaseException e) { @@ -89,15 +87,16 @@ public class HierarchyPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -105,8 +104,7 @@ public class HierarchyPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "PKI Hierarchy"); IConfigStore config = CMS.getConfigStore(); @@ -117,7 +115,7 @@ public class HierarchyPanel extends WizardPanelBase { if (s.equals("root")) { context.put("check_root", "checked"); } else if (s.equals("join")) { - context.put("check_join", "checked"); + context.put("check_join", "checked"); } } catch (Exception e) { CMS.debug(e.toString()); @@ -134,16 +132,14 @@ public class HierarchyPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); try { String cstype = config.getString("preop.subsystem.select", ""); @@ -163,16 +159,17 @@ public class HierarchyPanel extends WizardPanelBase { } if (select.equals("root")) { - config.putString("preop.hierarchy.select", "root"); - config.putString("hierarchy.select", "Root"); + config.putString("preop.hierarchy.select", "root"); + config.putString("hierarchy.select", "Root"); config.putString("preop.ca.type", "sdca"); try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } else if (select.equals("join")) { config.putString(PCERT_PREFIX + "signing.type", "remote"); config.putString("preop.hierarchy.select", "join"); - config.putString("hierarchy.select", "Subordinate"); + config.putString("hierarchy.select", "Subordinate"); } else { config.putString(PCERT_PREFIX + "signing.type", "remote"); CMS.debug("HierarchyPanel: invalid choice " + select); @@ -186,6 +183,6 @@ public class HierarchyPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) {} + HttpServletResponse response, Context context) { + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java index d4f93a9b..ce5e9795 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; @@ -47,19 +46,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil; public class ImportAdminCertPanel extends WizardPanelBase { - public ImportAdminCertPanel() {} + public ImportAdminCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Import Administrator's Certificate"); setId(id); @@ -86,8 +85,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ImportAdminCertPanel: display"); context.put("errorString", ""); context.put("title", "Import Administrator's Certificate"); @@ -102,11 +100,12 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { type = cs.getString("preop.ca.type", ""); subsystemtype = cs.getString("cs.type", ""); - } catch (Exception e) {} + } catch (Exception e) { + } try { String serialno = cs.getString("preop.admincert.serialno.0"); - + context.put("serialNumber", serialno); } catch (Exception e) { context.put("errorString", "Failed to get serial number."); @@ -129,21 +128,26 @@ public class ImportAdminCertPanel extends WizardPanelBase { if (ca == null) { if (type.equals("otherca")) { try { - // this is a non-CA system that has elected to have its certificates + // this is a non-CA system that has elected to have its + // certificates // signed by a CA outside of the security domain. - // in this case, we submitted the cert request for the admin cert to + // in this case, we submitted the cert request for the admin + // cert to // to security domain host. caHost = cs.getString("securitydomain.host", ""); caPort = cs.getString("securitydomain.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } else if (type.equals("sdca")) { try { // this is a non-CA system that submitted its certs to a CA - // within the security domain. In this case, we submitted the cert + // within the security domain. In this case, we submitted + // the cert // request for the admin cert to this CA caHost = cs.getString("preop.ca.hostname", ""); caPort = cs.getString("preop.ca.httpsadminport", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } } else { // for CAs, we always generate our own admin certs @@ -151,7 +155,8 @@ public class ImportAdminCertPanel extends WizardPanelBase { try { caHost = cs.getString("service.machineName", ""); caPort = cs.getString("pkicreate.admin_secure_port", ""); - } catch (Exception e) {} + } catch (Exception e) { + } } String pkcs7 = ""; @@ -170,16 +175,14 @@ public class ImportAdminCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); String type = ""; @@ -192,12 +195,13 @@ public class ImportAdminCertPanel extends WizardPanelBase { subsystemtype = cs.getString("cs.type", ""); security_domain_type = cs.getString("securitydomain.select", ""); selected_hierarchy = cs.getString("preop.hierarchy.select", ""); - } catch (Exception e) {} + } catch (Exception e) { + } - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); - if (ca == null) { + if (ca == null) { context.put("ca", "false"); } else { context.put("ca", "true"); @@ -206,25 +210,23 @@ public class ImportAdminCertPanel extends WizardPanelBase { X509CertImpl certs[] = new X509CertImpl[1]; - // REMINDER: This panel is NOT used by "clones" - if( ca != null ) { + // REMINDER: This panel is NOT used by "clones" + if (ca != null) { String serialno = null; - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " - + "Root CA subsystem - " - + "(new Security Domain)" ); + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + + "Root CA subsystem - " + "(new Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " - + "Subordinate CA subsystem - " - + "(new Security Domain)" ); + CMS.debug("ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(new Security Domain)"); } try { serialno = cs.getString("preop.admincert.serialno.0"); } catch (Exception e) { - CMS.debug( - "ImportAdminCertPanel update: Failed to get request id."); + CMS.debug("ImportAdminCertPanel update: Failed to get request id."); context.put("updateStatus", "failure"); throw new IOException("Failed to get request id."); } @@ -232,37 +234,37 @@ public class ImportAdminCertPanel extends WizardPanelBase { ICertificateRepository repost = ca.getCertificateRepository(); try { - certs[0] = repost.getX509Certificate( - new BigInteger(serialno, 16)); - } catch (Exception ee) {} + certs[0] = repost.getX509Certificate(new BigInteger(serialno, + 16)); + } catch (Exception ee) { + } } else { String dir = null; - // REMINDER: This panel is NOT used by "clones" - if( subsystemtype.equals( "CA" ) ) { - if( selected_hierarchy.equals( "root" ) ) { - CMS.debug( "ImportAdminCertPanel update: " - + "Root CA subsystem - " - + "(existing Security Domain)" ); + // REMINDER: This panel is NOT used by "clones" + if (subsystemtype.equals("CA")) { + if (selected_hierarchy.equals("root")) { + CMS.debug("ImportAdminCertPanel update: " + + "Root CA subsystem - " + + "(existing Security Domain)"); } else { - CMS.debug( "ImportAdminCertPanel update: " - + "Subordinate CA subsystem - " - + "(existing Security Domain)" ); + CMS.debug("ImportAdminCertPanel update: " + + "Subordinate CA subsystem - " + + "(existing Security Domain)"); } } else { - CMS.debug( "ImportAdminCertPanel update: " - + subsystemtype - + " subsystem" ); + CMS.debug("ImportAdminCertPanel update: " + subsystemtype + + " subsystem"); } try { - dir = cs.getString("preop.admincert.b64", ""); + dir = cs.getString("preop.admincert.b64", ""); CMS.debug("ImportAdminCertPanel update: dir=" + dir); - } catch (Exception ee) {} + } catch (Exception ee) { + } try { - BufferedReader reader = new BufferedReader( - new FileReader(dir)); + BufferedReader reader = new BufferedReader(new FileReader(dir)); String b64 = ""; StringBuffer sb = new StringBuffer(); @@ -289,15 +291,15 @@ public class ImportAdminCertPanel extends WizardPanelBase { user.setX509Certificates(certs); ug.addUserCert(user); } catch (LDAPException e) { - CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + + e.toString()); if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) { context.put("updateStatus", "failure"); throw new IOException(e.toString()); } } catch (Exception e) { - CMS.debug( - "ImportAdminCertPanel update: failed to add certificate. Exception: " - + e.toString()); + CMS.debug("ImportAdminCertPanel update: failed to add certificate. Exception: " + + e.toString()); context.put("updateStatus", "failure"); throw new IOException(e.toString()); } @@ -312,7 +314,7 @@ public class ImportAdminCertPanel extends WizardPanelBase { public boolean shouldSkip() { try { IConfigStore c = CMS.getConfigStore(); - String s = c.getString("preop.subsystem.select",null); + String s = c.getString("preop.subsystem.select", null); if (s != null && s.equals("clone")) { return true; } @@ -322,13 +324,11 @@ public class ImportAdminCertPanel extends WizardPanelBase { return false; } - /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { /* This should never be called */ context.put("title", "Import Administrator Certificate"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java index 0c2e7fa0..8b0ccc0c 100755 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class ImportCAChainPanel extends WizardPanelBase { - public ImportCAChainPanel() {} + public ImportCAChainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Import CA's Certificate Chain"); setId(id); @@ -75,8 +74,7 @@ public class ImportCAChainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ImportCACertChain: display"); context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); @@ -89,8 +87,9 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("https_port", cs.getString("pkicreate.ee_secure_port")); context.put("http_port", cs.getString("pkicreate.unsecure_port")); } catch (EBaseException e) { - CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); - context.put("errorString", "Error loading values for Import CA Certificate Panel"); + CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); + context.put("errorString", + "Error loading values for Import CA Certificate Panel"); } ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca"); @@ -107,19 +106,16 @@ public class ImportCAChainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); - context.put("errorString", ""); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); @@ -130,8 +126,7 @@ public class ImportCAChainPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { /* This should never be called */ IConfigStore cs = CMS.getConfigStore(); @@ -141,6 +136,7 @@ public class ImportCAChainPanel extends WizardPanelBase { context.put("http_port", cs.getString("pkicreate.unsecure_port")); context.put("title", "Import CA's Certificate Chain"); context.put("panel", "admin/console/config/importcachainpanel.vm"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java index 3f54ec1c..a5efbbfe 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -61,6 +60,7 @@ public class ImportTransportCert extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet { CMS.debug("ImportTransportCert authentication successful."); } catch (Exception e) { CMS.debug("ImportTransportCert: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("ImportTransportCert authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet { String certsString = httpReq.getParameter("certificate"); try { - CryptoManager cm = CryptoManager.getInstance(); - CMS.debug("ImportTransportCert: Importing certificate"); - org.mozilla.jss.crypto.X509Certificate cert = - cm.importCACertPackage(CMS.AtoB(certsString)); - String nickName = cert.getNickname(); - CMS.debug("ImportTransportCert: nickname " + nickName); - cs.putString("tks.drm_transport_cert_nickname", nickName); - CMS.debug("ImportTransportCert: Commiting configuration"); - cs.commit(false); - - // send success status back to the requestor + CryptoManager cm = CryptoManager.getInstance(); + CMS.debug("ImportTransportCert: Importing certificate"); + org.mozilla.jss.crypto.X509Certificate cert = cm + .importCACertPackage(CMS.AtoB(certsString)); + String nickName = cert.getNickname(); + CMS.debug("ImportTransportCert: nickname " + nickName); + cs.putString("tks.drm_transport_cert_nickname", nickName); + CMS.debug("ImportTransportCert: Commiting configuration"); + cs.commit(false); + + // send success status back to the requestor CMS.debug("ImportTransportCert: Sending response"); XMLObject xmlObj = new XMLObject(); Node root = xmlObj.createRoot("XMLResponse"); @@ -150,14 +150,22 @@ public class ImportTransportCert extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index da2a3ccb..b7b52129 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -36,11 +36,11 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; import com.netscape.cmsutil.password.IPasswordStore; /** - * This object stores the values for IP, uid and group based on the cookie id in LDAP. - * Entries are stored under ou=Security Domain, ou=sessions, $basedn + * This object stores the values for IP, uid and group based on the cookie id in + * LDAP. Entries are stored under ou=Security Domain, ou=sessions, $basedn */ -public class LDAPSecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class LDAPSecurityDomainSessionTable implements + ISecurityDomainSessionTable { private long m_timeToLive; @@ -48,8 +48,7 @@ public class LDAPSecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, String uid, String group) { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; boolean sessions_exists = true; @@ -61,7 +60,8 @@ public class LDAPSecurityDomainSessionTable basedn = cs.getString("internaldb.basedn"); sessionsdn = "ou=sessions,ou=Security Domain," + basedn; } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e); + CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + + e); return status; } @@ -77,14 +77,16 @@ public class LDAPSecurityDomainSessionTable attrs.add(new LDAPAttribute("ou", "sessions")); entry = new LDAPEntry(sessionsdn, attrs); conn.add(entry); - } catch (Exception e) { - if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { + } catch (Exception e) { + if ((e instanceof LDAPException) + && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) { // continue } else { - CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e); + CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + + e); sessions_exists = false; } - } + } // add new entry try { @@ -93,27 +95,32 @@ public class LDAPSecurityDomainSessionTable String entrydn = "cn=" + sessionId + "," + sessionsdn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); - attrs.add(new LDAPAttribute("objectclass", "securityDomainSessionEntry")); + attrs.add(new LDAPAttribute("objectclass", + "securityDomainSessionEntry")); attrs.add(new LDAPAttribute("cn", sessionId)); attrs.add(new LDAPAttribute("host", ip)); attrs.add(new LDAPAttribute("uid", uid)); attrs.add(new LDAPAttribute("cmsUserGroup", group)); - attrs.add(new LDAPAttribute("dateOfCreate", Long.toString((new Date()).getTime()))); + attrs.add(new LDAPAttribute("dateOfCreate", Long + .toString((new Date()).getTime()))); entry = new LDAPEntry(entrydn, attrs); if (sessions_exists) { conn.add(entry); - CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); + CMS.debug("SecurityDomainSessionTable: added session entry" + + sessionId); status = SUCCESS; } - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); - } + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to create session entry" + + sessionId + ": " + e); + } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + + e); } return status; } @@ -124,21 +131,25 @@ public class LDAPSecurityDomainSessionTable int status = FAILURE; try { String basedn = cs.getString("internaldb.basedn"); - String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn; + String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + + basedn; conn = getLDAPConn(); conn.delete(dn); status = SUCCESS; } catch (Exception e) { - if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { + if ((e instanceof LDAPException) + && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { // continue } else { - CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e); + CMS.debug("SecurityDomainSessionTable: unable to delete session " + + sessionId + ": " + e); } } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + + e); } return status; } @@ -154,21 +165,24 @@ public class LDAPSecurityDomainSessionTable String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) ret = true; - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, + filter, attrs, false); + if (res.getCount() > 0) + ret = true; + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + + sessionId + ": " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + + e); } return ret; } - public Enumeration getSessionIds() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; @@ -181,27 +195,31 @@ public class LDAPSecurityDomainSessionTable String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, + filter, attrs, false); while (res.hasMoreElements()) { LDAPEntry entry = res.next(); ret.add(entry.getAttribute("cn").getStringValueArray()[0]); } } catch (LDAPException e) { switch (e.getLDAPResultCode()) { - case LDAPException.NO_SUCH_OBJECT: - CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); - break; - default: - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e); + case LDAPException.NO_SUCH_OBJECT: + CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created"); + break; + default: + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + + e); } - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + + e); } return ret.elements(); @@ -211,25 +229,28 @@ public class LDAPSecurityDomainSessionTable IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; String ret = null; - try { + try { String basedn = cs.getString("internaldb.basedn"); String sessionsdn = "ou=sessions,ou=Security Domain," + basedn; String filter = "(cn=" + sessionId + ")"; String[] attrs = { attr }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); - if (res.getCount() > 0) { + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, + filter, attrs, false); + if (res.getCount() > 0) { LDAPEntry entry = res.next(); ret = entry.getAttribute(attr).getStringValueArray()[0]; } - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query session " + + sessionId + ": " + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + + e); } return ret; } @@ -261,7 +282,7 @@ public class LDAPSecurityDomainSessionTable public int getSize() { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; - int ret =0; + int ret = 0; try { String basedn = cs.getString("internaldb.basedn"); @@ -270,24 +291,25 @@ public class LDAPSecurityDomainSessionTable String[] attrs = { "cn" }; conn = getLDAPConn(); - LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false); + LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, + filter, attrs, false); ret = res.getCount(); - } catch(Exception e) { - CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e); + } catch (Exception e) { + CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + + e); } try { conn.disconnect(); } catch (Exception e) { - CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e); + CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + + e); } return ret; } - private LDAPConnection getLDAPConn() - throws IOException - { + private LDAPConnection getLDAPConn() throws IOException { IConfigStore cs = CMS.getConfigStore(); String host = ""; @@ -299,12 +321,13 @@ public class LDAPSecurityDomainSessionTable IPasswordStore pwdStore = CMS.getPasswordStore(); if (pwdStore != null) { - //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); + // CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available"); pwd = pwdStore.getPassword("internaldb"); } - if ( pwd == null) { - throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store"); + if (pwd == null) { + throw new IOException( + "SecurityDomainSessionTable: Failed to obtain password from password store"); } try { @@ -329,14 +352,15 @@ public class LDAPSecurityDomainSessionTable LDAPConnection conn = null; if (security.equals("true")) { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); - conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); + // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory()); } else { - //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); - conn = new LDAPConnection(); + // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); } - //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p); + // CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + + // p); try { conn.connect(host, p, binddn, pwd); } catch (LDAPException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java index e7fdbe3f..844a5a36 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class LoginServlet extends BaseServlet { /** @@ -36,14 +34,12 @@ public class LoginServlet extends BaseServlet { private static final long serialVersionUID = -4766622132710080340L; public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { return true; } public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { @@ -52,7 +48,7 @@ public class LoginServlet extends BaseServlet { if (pin == null) { context.put("error", ""); } else { - String cspin = CMS.getConfigStore().getString("preop.pin"); + String cspin = CMS.getConfigStore().getString("preop.pin"); if (cspin != null && cspin.equals(pin)) { // create session @@ -62,7 +58,7 @@ public class LoginServlet extends BaseServlet { return null; } else { context.put("error", "Login Failed"); - } + } } template = Velocity.getTemplate("admin/console/config/login.vm"); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java index a91ca979..2fcb1f2f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Locale; @@ -43,7 +42,7 @@ public class MainPageServlet extends CMSServlet { * */ private static final long serialVersionUID = 2425301522251239666L; - private static final String PROP_AUTHORITY_ID="authorityId"; + private static final String PROP_AUTHORITY_ID = "authorityId"; private String mAuthorityId = null; private String mFormPath = null; @@ -75,12 +74,12 @@ public class MainPageServlet extends CMSServlet { form = getTemplate(mFormPath, request, locale); } catch (IOException e) { CMS.debug("MainPageServlet process: cant locate the form"); -/* - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); -*/ + /* + * log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw + * new ECMSGWException( + * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + */ } process(argSet, header, ctx, request, response); @@ -90,21 +89,22 @@ public class MainPageServlet extends CMSServlet { ServletOutputStream out = response.getOutputStream(); cmsReq.setStatus(CMSRequest.SUCCESS); - response.setContentType("text/html"); - form.renderOutput(out, argSet); + response.setContentType("text/html"); + form.renderOutput(out, argSet); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } private void process(CMSTemplateParams argSet, IArgBlock header, - IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) - throws EBaseException { + IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp) + throws EBaseException { - int num = 0; + int num = 0; IArgBlock rarg = null; IConfigStore cs = CMS.getConfigStore(); int state = 0; @@ -125,8 +125,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "admin"); rarg.addStringValue("prefix", "http"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEENonSSLPort()).intValue()); + rarg.addIntegerValue("port", Integer.valueOf(CMS.getEENonSSLPort()) + .intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", adminInterface); argSet.addRepeatRecord(rarg); @@ -136,8 +136,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "ee"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getEESSLPort()).intValue()); + rarg.addIntegerValue("port", Integer + .valueOf(CMS.getEESSLPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", eeInterface); argSet.addRepeatRecord(rarg); @@ -147,8 +147,8 @@ public class MainPageServlet extends CMSServlet { rarg = CMS.createArgBlock(); rarg.addStringValue("type", "agent"); rarg.addStringValue("prefix", "https"); - rarg.addIntegerValue("port", - Integer.valueOf(CMS.getAgentPort()).intValue()); + rarg.addIntegerValue("port", Integer + .valueOf(CMS.getAgentPort()).intValue()); rarg.addStringValue("host", host); rarg.addStringValue("uri", agentInterface); argSet.addRepeatRecord(rarg); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java index 38185a33..ef9255f3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -50,19 +49,20 @@ public class ModulePanel extends WizardPanelBase { private Vector mOtherModules = null; private Hashtable mCurrModTable = new Hashtable(); private WizardServlet mServlet = null; - public ModulePanel() {} + + public ModulePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Key Store"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Key Store"); setId(id); @@ -71,7 +71,7 @@ public class ModulePanel extends WizardPanelBase { public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - cs.putBoolean("preop.ModulePanel.done",false); + cs.putBoolean("preop.ModulePanel.done", false); } public void loadCurrModTable() { @@ -87,9 +87,8 @@ public class ModulePanel extends WizardPanelBase { mCurrModTable.put(mod.getName(), mod); } // while } catch (Exception e) { - CMS.debug( - "ModulePanel: Exception caught in loadCurrModTable: " - + e.toString()); + CMS.debug("ModulePanel: Exception caught in loadCurrModTable: " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } @@ -141,15 +140,15 @@ public class ModulePanel extends WizardPanelBase { CMS.debug("ModulePanel: token nick name=" + token.getName()); CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn()); CMS.debug("ModulePanel: token is present?" + token.isPresent()); - if (!token.getName().equals("Internal Crypto Services Token") && - !token.getName().equals("NSS Generic Crypto Services")) { + if (!token.getName().equals("Internal Crypto Services Token") + && !token.getName().equals( + "NSS Generic Crypto Services")) { module.addToken(token); } else { - CMS.debug( - "ModulePanel: token " + token.getName() + CMS.debug("ModulePanel: token " + token.getName() + " not to be added"); } - + } catch (TokenException ex) { CMS.debug("ModulePanel:" + ex.toString()); } @@ -181,11 +180,11 @@ public class ModulePanel extends WizardPanelBase { if ((cn == null) || (cn.equals(""))) { break; } - + CMS.debug("ModulePanel: got from config module: " + cn); // create a Module object Module module = new Module(cn, pn, img); - + if (mCurrModTable.containsKey(cn)) { CMS.debug("ModulePanel: module found: " + cn); module.setFound(true); @@ -194,7 +193,7 @@ public class ModulePanel extends WizardPanelBase { loadModTokens(module, m); } - + CMS.debug("ModulePanel: adding module " + cn); // add module to set if (!mSupportedModules.contains(module)) { @@ -203,39 +202,41 @@ public class ModulePanel extends WizardPanelBase { }// for } catch (Exception e) { - CMS.debug( - "ModulePanel: Exception caught in loadSupportedModules(): " - + e.toString()); + CMS.debug("ModulePanel: Exception caught in loadSupportedModules(): " + + e.toString()); System.err.println("Exception caught: " + e.toString()); } } public PropertySet getUsage() { - // it a token choice. Available tokens are discovered dynamically so + // it a token choice. Available tokens are discovered dynamically so // can't be a real CHOICE PropertySet set = new PropertySet(); - - Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* default parameter */ - "module token selection"); + + Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* default parameter */ + "module token selection"); set.add("choice", tokenDesc); - + return set; } public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { - boolean s = cs.getBoolean("preop.ModulePanel.done", - false); + boolean s = cs.getBoolean("preop.ModulePanel.done", false); if (s != true) { return false; } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -248,8 +249,7 @@ public class ModulePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("ModulePanel: display()"); context.put("title", "Key Store"); @@ -272,8 +272,8 @@ public class ModulePanel extends WizardPanelBase { context.put("oms", mOtherModules); context.put("sms", mSupportedModules); // context.put("status_token", "None"); - String subpanelno = String.valueOf(getPanelNo()+1); - CMS.debug("ModulePanel subpanelno =" +subpanelno); + String subpanelno = String.valueOf(getPanelNo() + 1); + CMS.debug("ModulePanel subpanelno =" + subpanelno); context.put("subpanelno", subpanelno); context.put("panel", "admin/console/config/modulepanel.vm"); } @@ -282,17 +282,15 @@ public class ModulePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { - boolean hasErr = false; + HttpServletResponse response, Context context) throws IOException { + boolean hasErr = false; try { // get the value of the choice @@ -306,13 +304,13 @@ public class ModulePanel extends WizardPanelBase { IConfigStore config = CMS.getConfigStore(); String oldtokenname = config.getString("preop.module.token", ""); - if (!oldtokenname.equals(select)) + if (!oldtokenname.equals(select)) mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); - if (hasErr == false) { - config.putString("preop.module.token", select); - config.putBoolean("preop.ModulePanel.done", true); - } + if (hasErr == false) { + config.putString("preop.module.token", select); + config.putBoolean("preop.ModulePanel.done", true); + } config.commit(false); context.put("updateStatus", "success"); } catch (Exception e) { @@ -326,8 +324,7 @@ public class ModulePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Security Module"); context.put("panel", "admin/console/config/modulepanel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java index a0a627ee..861eee16 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -27,7 +26,6 @@ import org.apache.velocity.context.Context; import com.netscape.certsrv.apps.CMS; - public class ModuleServlet extends BaseServlet { /** @@ -36,19 +34,16 @@ public class ModuleServlet extends BaseServlet { private static final long serialVersionUID = 6518965840466227888L; /** - * Collect information on where keys are to be generated. - * Once collected, write to CS.cfg: - * "preop.module=soft" - * or - * "preop.module=hard" - * + * Collect information on where keys are to be generated. Once collected, + * write to CS.cfg: "preop.module=soft" or "preop.module=hard" + * * <ul> - * <li>http.param selection "soft" or "hard" for software token or hardware token + * <li>http.param selection "soft" or "hard" for software token or hardware + * token * </ul> */ public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; @@ -76,7 +71,7 @@ public class ModuleServlet extends BaseServlet { CMS.debug("ModuleServlet: illegal selection: " + selection); context.put("error", "failed selection"); } - + } else { CMS.debug("ModuleServlet: no selection"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java index ec3686e9..1f680b64 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -54,19 +53,19 @@ public class NamePanel extends WizardPanelBase { private Vector mCerts = null; private WizardServlet mServlet = null; - public NamePanel() {} + public NamePanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Subject Names"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Subject Names"); setId(id); @@ -79,27 +78,39 @@ public class NamePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "CA Signing Certificate's DN"); + Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "CA Signing Certificate's DN"); set.add("caDN", caDN); - Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "SSL Server Certificate's DN"); + Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "SSL Server Certificate's DN"); set.add("sslDN", sslDN); - Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "CA Subsystem Certificate's DN"); + Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "CA Subsystem Certificate's DN"); set.add("subsystemDN", subsystemDN); - Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "OCSP Signing Certificate's DN"); + Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "OCSP Signing Certificate's DN"); set.add("ocspDN", ocspDN); @@ -124,7 +135,7 @@ public class NamePanel extends WizardPanelBase { StringTokenizer st = new StringTokenizer(list, ","); while (st.hasMoreTokens()) { String t = st.nextToken(); - cs.remove("preop.cert."+t+".done"); + cs.remove("preop.cert." + t + ".done"); } try { @@ -142,7 +153,8 @@ public class NamePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -159,12 +171,11 @@ public class NamePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("NamePanel: display()"); context.put("title", "Subject Names"); - // update session id + // update session id String session_id = request.getParameter("session_id"); if (session_id != null) { CMS.debug("NamePanel setting session id."); @@ -179,16 +190,16 @@ public class NamePanel extends WizardPanelBase { String hselect = ""; String cstype = ""; try { - //if CA, at the hierarchy panel, was it root or subord? + // if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); select = config.getString("preop.subsystem.select", ""); cstype = config.getString("cs.type", ""); context.put("select", select); if (cstype.equals("CA") && hselect.equals("root")) { - CMS.debug("NamePanel ca is root"); + CMS.debug("NamePanel ca is root"); context.put("isRoot", "true"); } else { - CMS.debug("NamePanel not ca or not root"); + CMS.debug("NamePanel not ca or not root"); context.put("isRoot", "false"); } } catch (Exception e) { @@ -207,47 +218,53 @@ public class NamePanel extends WizardPanelBase { int sd_admin_port = -1; if (domaintype.equals("existing")) { host = config.getString("securitydomain.host", ""); - sd_admin_port = config.getInteger("securitydomain.httpsadminport", -1); + sd_admin_port = config.getInteger( + "securitydomain.httpsadminport", -1); count = getSubsystemCount(host, sd_admin_port, true, cstype); } while (st.hasMoreTokens()) { String certTag = st.nextToken(); - CMS.debug("NamePanel: display() about to process certTag :" + certTag); - String nn = config.getString( - PCERT_PREFIX + certTag + ".nickname"); + CMS.debug("NamePanel: display() about to process certTag :" + + certTag); + String nn = config.getString(PCERT_PREFIX + certTag + + ".nickname"); Cert c = new Cert(token, nn, certTag); - String userfriendlyname = config.getString( - PCERT_PREFIX + certTag + ".userfriendlyname"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String userfriendlyname = config.getString(PCERT_PREFIX + + certTag + ".userfriendlyname"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); c.setUserFriendlyName(userfriendlyname); - String type = config.getString(PCERT_PREFIX + certTag + ".type"); + String type = config + .getString(PCERT_PREFIX + certTag + ".type"); c.setType(type); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + + ".enable", true); c.setEnable(enable); - String cert = config.getString(subsystem +"."+certTag +".cert", ""); - String certreq = - config.getString(subsystem + "." +certTag +".certreq", ""); + String cert = config.getString(subsystem + "." + certTag + + ".cert", ""); + String certreq = config.getString(subsystem + "." + certTag + + ".certreq", ""); String dn = config.getString(PCERT_PREFIX + certTag + ".dn"); - boolean override = config.getBoolean(PCERT_PREFIX + certTag + - ".cncomponent.override", true); - //o_sd is to add o=secritydomainname - boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + - "o_securitydomain", true); - domainname = config.getString("securitydomain.name", ""); - CMS.debug("NamePanel: display() override is "+override); - CMS.debug("NamePanel: display() o_securitydomain is "+o_sd); - CMS.debug("NamePanel: display() domainname is "+domainname); + boolean override = config.getBoolean(PCERT_PREFIX + certTag + + ".cncomponent.override", true); + // o_sd is to add o=secritydomainname + boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag + + "o_securitydomain", true); + domainname = config.getString("securitydomain.name", ""); + CMS.debug("NamePanel: display() override is " + override); + CMS.debug("NamePanel: display() o_securitydomain is " + o_sd); + CMS.debug("NamePanel: display() domainname is " + domainname); boolean dnUpdated = false; try { - dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN"); + dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + + ".updatedDN"); } catch (Exception e) { } @@ -255,28 +272,36 @@ public class NamePanel extends WizardPanelBase { boolean done = config.getBoolean("preop.NamePanel.done"); c.setDN(dn); } catch (Exception e) { - String instanceId = config.getString("service.instanceID", ""); + String instanceId = config.getString("service.instanceID", + ""); if (select.equals("clone") || dnUpdated) { c.setDN(dn); - } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) { - CMS.debug("NamePanel subsystemCount = "+count); - c.setDN(dn + " "+count+ - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + } else if (count != 0 && override + && (cert.equals("") || certreq.equals(""))) { + CMS.debug("NamePanel subsystemCount = " + count); + c.setDN(dn + + " " + + count + + ((!instanceId.equals("")) ? (",OU=" + instanceId) + : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean( + PCERT_PREFIX + certTag + ".updatedDN", true); } else { - c.setDN(dn + - ((!instanceId.equals(""))? (",OU=" + instanceId):"") + - ((o_sd)? (",O=" + domainname):"")); - config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true); + c.setDN(dn + + ((!instanceId.equals("")) ? (",OU=" + instanceId) + : "") + + ((o_sd) ? (",O=" + domainname) : "")); + config.putBoolean( + PCERT_PREFIX + certTag + ".updatedDN", true); } } mCerts.addElement(c); - CMS.debug( - "NamePanel: display() added cert to mCerts: certTag " - + certTag); - config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", c.getDN()); + CMS.debug("NamePanel: display() added cert to mCerts: certTag " + + certTag); + config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", + c.getDN()); }// while } catch (EBaseException e) { CMS.debug("NamePanel: display() exception caught:" + e.toString()); @@ -302,7 +327,8 @@ public class NamePanel extends WizardPanelBase { try { config.putString("preop.ca.list", list.toString()); config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } context.put("urls", v); @@ -316,8 +342,7 @@ public class NamePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -328,30 +353,34 @@ public class NamePanel extends WizardPanelBase { if (dn == null || dn.length() == 0) { context.put("updateStatus", "validate-failure"); - throw new IOException("Empty DN for " + cert.getUserFriendlyName()); + throw new IOException("Empty DN for " + + cert.getUserFriendlyName()); } } } // while } - /* + /* * update some parameters for clones */ - public void updateCloneConfig(IConfigStore config) - throws EBaseException, IOException { + public void updateCloneConfig(IConfigStore config) throws EBaseException, + IOException { String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { String token = config.getString(PRE_CONF_CA_TOKEN); if (!token.equals("Internal Key Storage Token")) { - CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); - String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem"); + CMS.debug("NamePanel: updating configuration for KRA clone with hardware token"); + String subsystem = config.getString(PCERT_PREFIX + + "storage.subsystem"); String storageNickname = getNickname(config, "storage"); String transportNickname = getNickname(config, "transport"); config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname); - config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname); + config.putString(subsystem + ".storageUnit.nickName", token + + ":" + storageNickname); + config.putString(subsystem + ".transportUnit.nickName", token + + ":" + transportNickname); config.commit(false); } else { // software token // parameters already set @@ -359,14 +388,19 @@ public class NamePanel extends WizardPanelBase { } // audit signing cert - String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", ""); - String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", ""); - if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_tk + ":" + audit_nn); + String audit_nn = config.getString(cstype + ".audit_signing" + + ".nickname", ""); + String audit_tk = config.getString(cstype + ".audit_signing" + + ".tokenname", ""); + if (!audit_tk.equals("Internal Key Storage Token") + && !audit_tk.equals("")) { + config.putString( + "log.instance.SignedAudit.signedAuditCertNickname", + audit_tk + ":" + audit_nn); } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - audit_nn); + config.putString( + "log.instance.SignedAudit.signedAuditCertNickname", + audit_nn); } } @@ -374,9 +408,10 @@ public class NamePanel extends WizardPanelBase { * get some of the "preop" parameters to persisting parameters */ public void updateConfig(IConfigStore config, String certTag) - throws EBaseException, IOException { + throws EBaseException, IOException { String token = config.getString(PRE_CONF_CA_TOKEN); - String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); CMS.debug("NamePanel: subsystem " + subsystem); String nickname = getNickname(config, certTag); @@ -385,38 +420,46 @@ public class NamePanel extends WizardPanelBase { // should change the entire system to use the uniformed names later if (certTag.equals("signing") || certTag.equals("ocsp_signing")) { CMS.debug("NamePanel: setting signing nickname=" + nickname); - config.putString(subsystem + "." + certTag + ".cacertnickname", nickname); - config.putString(subsystem + "." + certTag + ".certnickname", nickname); + config.putString(subsystem + "." + certTag + ".cacertnickname", + nickname); + config.putString(subsystem + "." + certTag + ".certnickname", + nickname); } - // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg + // if KRA, hardware token needs param "kra.storageUnit.hardware" in + // CS.cfg String cstype = config.getString("cs.type", null); cstype = toLowerCaseSubsystemType(cstype); if (cstype.equals("kra")) { - if (!token.equals("Internal Key Storage Token")) { - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.hardware", token); - config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname); - } - } else { // software token - if (certTag.equals("storage")) { - config.putString(subsystem + ".storageUnit.nickName", nickname); - } else if (certTag.equals("transport")) { - config.putString(subsystem + ".transportUnit.nickName", nickname); - } - } + if (!token.equals("Internal Key Storage Token")) { + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.hardware", token); + config.putString(subsystem + ".storageUnit.nickName", token + + ":" + nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", + token + ":" + nickname); + } + } else { // software token + if (certTag.equals("storage")) { + config.putString(subsystem + ".storageUnit.nickName", + nickname); + } else if (certTag.equals("transport")) { + config.putString(subsystem + ".transportUnit.nickName", + nickname); + } + } } String serverCertNickname = nickname; String path = CMS.getConfigStore().getString("instanceRoot", ""); if (certTag.equals("sslserver")) { - if (!token.equals("Internal Key Storage Token")) { - serverCertNickname = token+":"+nickname; + if (!token.equals("Internal Key Storage Token")) { + serverCertNickname = token + ":" + nickname; } - File file = new File(path+"/conf/serverCertNick.conf"); - PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf")); + File file = new File(path + "/conf/serverCertNick.conf"); + PrintStream ps = new PrintStream(new FileOutputStream(path + + "/conf/serverCertNick.conf")); ps.println(serverCertNickname); ps.close(); } @@ -424,25 +467,29 @@ public class NamePanel extends WizardPanelBase { config.putString(subsystem + "." + certTag + ".nickname", nickname); config.putString(subsystem + "." + certTag + ".tokenname", token); if (certTag.equals("audit_signing")) { - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - token + ":" + nickname); - } else { - config.putString("log.instance.SignedAudit.signedAuditCertNickname", - nickname); - } + if (!token.equals("Internal Key Storage Token") + && !token.equals("")) { + config.putString( + "log.instance.SignedAudit.signedAuditCertNickname", + token + ":" + nickname); + } else { + config.putString( + "log.instance.SignedAudit.signedAuditCertNickname", + nickname); + } } /* - config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", - "SHA1withRSA"); + * config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm", + * "SHA1withRSA"); */ // for system certs verification - if (!token.equals("Internal Key Storage Token") && !token.equals("")) { + if (!token.equals("Internal Key Storage Token") && !token.equals("")) { config.putString(subsystem + ".cert." + certTag + ".nickname", - token + ":" + nickname); + token + ":" + nickname); } else { - config.putString(subsystem + ".cert." + certTag + ".nickname", nickname); + config.putString(subsystem + ".cert." + certTag + ".nickname", + nickname); } config.commit(false); @@ -453,13 +500,13 @@ public class NamePanel extends WizardPanelBase { * create and sign a cert locally (handles both "selfsign" and "local") */ public void configCert(HttpServletRequest request, - HttpServletResponse response, - Context context, Cert certObj) throws IOException { + HttpServletResponse response, Context context, Cert certObj) + throws IOException { CMS.debug("NamePanel: configCert called"); IConfigStore config = CMS.getConfigStore(); String caType = certObj.getType(); - CMS.debug("NamePanel: in configCert caType is "+ caType); + CMS.debug("NamePanel: in configCert caType is " + caType); X509CertImpl cert = null; String certTag = certObj.getCertTag(); @@ -469,31 +516,40 @@ public class NamePanel extends WizardPanelBase { String v = config.getString("preop.ca.type", ""); CMS.debug("NamePanel configCert: remote CA"); - String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, - certObj, context); + String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, + certObj, context); certObj.setRequest(pkcs10); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); config.putString(subsystem + "." + certTag + ".certreq", pkcs10); - String profileId = config.getString(PCERT_PREFIX+certTag+".profile"); + String profileId = config.getString(PCERT_PREFIX + certTag + + ".profile"); String session_id = CMS.getConfigSDSessionId(); String sd_hostname = ""; int sd_ee_port = -1; try { sd_hostname = config.getString("securitydomain.host", ""); - sd_ee_port = config.getInteger("securitydomain.httpseeport", -1); + sd_ee_port = config.getInteger( + "securitydomain.httpseeport", -1); } catch (Exception ee) { - CMS.debug("NamePanel: configCert() exception caught:"+ee.toString()); + CMS.debug("NamePanel: configCert() exception caught:" + + ee.toString()); } String sysType = config.getString("cs.type", ""); String machineName = config.getString("machineName", ""); String securePort = config.getString("service.securePort", ""); if (certTag.equals("subsystem")) { - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + + machineName + "-" + securePort + "&profileId=" + + profileId + + "&cert_request_type=pkcs10&cert_request=" + + URLEncoder.encode(pkcs10, "UTF-8") + + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, + content, response, this); if (cert == null) { - throw new IOException("Error: remote certificate is null"); + throw new IOException( + "Error: remote certificate is null"); } } else if (v.equals("sdca")) { String ca_hostname = ""; @@ -504,96 +560,105 @@ public class NamePanel extends WizardPanelBase { } catch (Exception ee) { } - String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id; - cert = CertUtil.createRemoteCert(ca_hostname, ca_port, - content, response, this); + String content = "requestor_name=" + sysType + "-" + + machineName + "-" + securePort + "&profileId=" + + profileId + + "&cert_request_type=pkcs10&cert_request=" + + URLEncoder.encode(pkcs10, "UTF-8") + + "&xmlOutput=true&sessionID=" + session_id; + cert = CertUtil.createRemoteCert(ca_hostname, ca_port, + content, response, this); if (cert == null) { - throw new IOException("Error: remote certificate is null"); + throw new IOException( + "Error: remote certificate is null"); } } else if (v.equals("otherca")) { config.putString(subsystem + "." + certTag + ".cert", "...paste certificate here..."); - } else { + } else { CMS.debug("NamePanel: no preop.ca.type is provided"); - } + } } else { // not remote CA, ie, self-signed or local ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID); if (ca == null) { String s = PCERT_PREFIX + certTag + ".type"; - CMS.debug( - "The value for " + s + CMS.debug("The value for " + s + " should be remote, nothing else."); - throw new IOException( - "The value for " + s + " should be remote"); - } - - String pubKeyType = config.getString( - PCERT_PREFIX + certTag + ".keytype"); + throw new IOException("The value for " + s + + " should be remote"); + } + + String pubKeyType = config.getString(PCERT_PREFIX + certTag + + ".keytype"); if (pubKeyType.equals("rsa")) { - String pubKeyModulus = config.getString( - PCERT_PREFIX + certTag + ".pubkey.modulus"); - String pubKeyPublicExponent = config.getString( - PCERT_PREFIX + certTag + ".pubkey.exponent"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - if (certTag.equals("signing")) { - X509Key x509key = CryptoUtil.getPublicX509Key( - CryptoUtil.string2byte(pubKeyModulus), - CryptoUtil.string2byte(pubKeyPublicExponent)); - - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { + String pubKeyModulus = config.getString(PCERT_PREFIX + + certTag + ".pubkey.modulus"); + String pubKeyPublicExponent = config.getString(PCERT_PREFIX + + certTag + ".pubkey.exponent"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); + + if (certTag.equals("signing")) { X509Key x509key = CryptoUtil.getPublicX509Key( CryptoUtil.string2byte(pubKeyModulus), CryptoUtil.string2byte(pubKeyPublicExponent)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert("...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil.getPublicX509Key( + CryptoUtil.string2byte(pubKeyModulus), + CryptoUtil + .string2byte(pubKeyPublicExponent)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else if (pubKeyType.equals("ecc")) { - String pubKeyEncoded = config.getString( - PCERT_PREFIX + certTag + ".pubkey.encoded"); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); - - if (certTag.equals("signing")) { - - X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); - cert = CertUtil.createLocalCert(config, x509key, - PCERT_PREFIX, certTag, caType, context); - } else { - String cacert = config.getString("ca.signing.cert", ""); - - if (cacert.equals("") || cacert.startsWith("...")) { - certObj.setCert( - "...certificate be generated internally..."); - config.putString(subsystem + "." + certTag + ".cert", - "...certificate be generated internally..."); - } else { - X509Key x509key = CryptoUtil.getPublicX509ECCKey( - CryptoUtil.string2byte(pubKeyEncoded)); + String pubKeyEncoded = config.getString(PCERT_PREFIX + + certTag + ".pubkey.encoded"); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); + + if (certTag.equals("signing")) { + X509Key x509key = CryptoUtil + .getPublicX509ECCKey(CryptoUtil + .string2byte(pubKeyEncoded)); cert = CertUtil.createLocalCert(config, x509key, PCERT_PREFIX, certTag, caType, context); + } else { + String cacert = config.getString("ca.signing.cert", ""); + + if (cacert.equals("") || cacert.startsWith("...")) { + certObj.setCert("...certificate be generated internally..."); + config.putString(subsystem + "." + certTag + + ".cert", + "...certificate be generated internally..."); + } else { + X509Key x509key = CryptoUtil + .getPublicX509ECCKey(CryptoUtil + .string2byte(pubKeyEncoded)); + + cert = CertUtil.createLocalCert(config, x509key, + PCERT_PREFIX, certTag, caType, context); + } } - } } else { - // invalid key type - CMS.debug("Invalid key type " + pubKeyType); + // invalid key type + CMS.debug("Invalid key type " + pubKeyType); } if (cert != null) { if (certTag.equals("subsystem")) @@ -605,9 +670,9 @@ public class NamePanel extends WizardPanelBase { byte[] certb = cert.getEncoded(); String certs = CryptoUtil.base64Encode(certb); - // certObj.setCert(certs); - String subsystem = config.getString( - PCERT_PREFIX + certTag + ".subsystem"); + // certObj.setCert(certs); + String subsystem = config.getString(PCERT_PREFIX + certTag + + ".subsystem"); config.putString(subsystem + "." + certTag + ".cert", certs); } config.commit(false); @@ -617,72 +682,76 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel configCert() exception caught:" + e.toString()); } } - + public void configCertWithTag(HttpServletRequest request, - HttpServletResponse response, - Context context, String tag) throws IOException - { - CMS.debug("NamePanel: configCertWithTag start"); - Enumeration c = mCerts.elements(); - IConfigStore config = CMS.getConfigStore(); - - while (c.hasMoreElements()) { - Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - CMS.debug("NamePanel: configCertWithTag ct=" + ct + - " tag=" +tag); - if (ct.equals(tag)) { - try { - String nickname = HttpInput.getNickname(request, ct + "_nick"); - if (nickname != null) { - CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname); - config.putString(PCERT_PREFIX + ct + ".nickname", nickname); - cert.setNickname(nickname); - config.commit(false); - } - String dn = HttpInput.getDN(request, ct); - if (dn != null) { - config.putString(PCERT_PREFIX + ct + ".dn", dn); - config.commit(false); - } - } catch (Exception e) { - CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString()); - } + HttpServletResponse response, Context context, String tag) + throws IOException { + CMS.debug("NamePanel: configCertWithTag start"); + Enumeration c = mCerts.elements(); + IConfigStore config = CMS.getConfigStore(); - configCert(request, response, context, cert); - CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); - return; + while (c.hasMoreElements()) { + Cert cert = (Cert) c.nextElement(); + String ct = cert.getCertTag(); + CMS.debug("NamePanel: configCertWithTag ct=" + ct + " tag=" + tag); + if (ct.equals(tag)) { + try { + String nickname = HttpInput.getNickname(request, ct + + "_nick"); + if (nickname != null) { + CMS.debug("configCertWithTag: Setting nickname for " + + ct + " to " + nickname); + config.putString(PCERT_PREFIX + ct + ".nickname", + nickname); + cert.setNickname(nickname); + config.commit(false); + } + String dn = HttpInput.getDN(request, ct); + if (dn != null) { + config.putString(PCERT_PREFIX + ct + ".dn", dn); + config.commit(false); + } + } catch (Exception e) { + CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + + ct + ": " + e.toString()); } - } - CMS.debug("NamePanel: configCertWithTag done"); + + configCert(request, response, context, cert); + CMS.debug("NamePanel: configCertWithTag done with tag=" + tag); + return; + } + } + CMS.debug("NamePanel: configCertWithTag done"); } - private boolean inputChanged(HttpServletRequest request) - throws IOException { - IConfigStore config = CMS.getConfigStore(); - + private boolean inputChanged(HttpServletRequest request) throws IOException { + IConfigStore config = CMS.getConfigStore(); + boolean hasChanged = false; try { Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + String ct = cert.getCertTag(); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + + ".enable", true); if (!enable) continue; - String olddn = config.getString(PCERT_PREFIX + cert.getCertTag() + ".dn", ""); + String olddn = config.getString( + PCERT_PREFIX + cert.getCertTag() + ".dn", ""); // get the dn's and put in config String dn = HttpInput.getDN(request, cert.getCertTag()); if (!olddn.equals(dn)) hasChanged = true; - String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname"); - String nick = HttpInput.getNickname(request, ct + "_nick"); - if (!oldnick.equals(nick)) - hasChanged = true; + String oldnick = config.getString(PCERT_PREFIX + ct + + ".nickname"); + String nick = HttpInput.getNickname(request, ct + "_nick"); + if (!oldnick.equals(nick)) + hasChanged = true; } } catch (Exception e) { @@ -690,44 +759,43 @@ public class NamePanel extends WizardPanelBase { return hasChanged; } - - public String getURL(HttpServletRequest request, IConfigStore config) - { + + public String getURL(HttpServletRequest request, IConfigStore config) { String index = request.getParameter("urls"); - if (index == null){ - return null; + if (index == null) { + return null; } String url = ""; if (index.startsWith("http")) { - // user may submit url directlry - url = index; + // user may submit url directlry + url = index; } else { - try { - int x = Integer.parseInt(index); - String list = config.getString("preop.ca.list", ""); - StringTokenizer tokenizer = new StringTokenizer(list, ","); - int counter = 0; - - while (tokenizer.hasMoreTokens()) { - url = tokenizer.nextToken(); - if (counter == x) { - break; + try { + int x = Integer.parseInt(index); + String list = config.getString("preop.ca.list", ""); + StringTokenizer tokenizer = new StringTokenizer(list, ","); + int counter = 0; + + while (tokenizer.hasMoreTokens()) { + url = tokenizer.nextToken(); + if (counter == x) { + break; + } + counter++; } - counter++; + } catch (Exception e) { } - } catch (Exception e) {} } - return url; + return url; } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { CMS.debug("NamePanel: in update()"); - boolean hasErr = false; + boolean hasErr = false; if (inputChanged(request)) { mServlet.cleanUpFromPanel(mServlet.getPanelNo(request)); @@ -736,12 +804,12 @@ public class NamePanel extends WizardPanelBase { return; } - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String hselect = ""; ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID); try { - //if CA, at the hierarchy panel, was it root or subord? + // if CA, at the hierarchy panel, was it root or subord? hselect = config.getString("preop.hierarchy.select", ""); String cstype = config.getString("preop.subsystem.select", ""); if (cstype.equals("clone")) { @@ -750,13 +818,14 @@ public class NamePanel extends WizardPanelBase { configCertWithTag(request, response, context, "sslserver"); String url = getURL(request, config); if (url != null && !url.equals("External CA")) { - // preop.ca.url and admin port are required for setting KRA connector - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); + // preop.ca.url and admin port are required for setting KRA + // connector + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); - URL urlx = new URL(url); - updateCloneSDCAInfo(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); + URL urlx = new URL(url); + updateCloneSDCAInfo(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); } updateCloneConfig(config); @@ -770,50 +839,51 @@ public class NamePanel extends WizardPanelBase { return; } - //if no hselect, then not CA - if (hselect.equals("") || hselect.equals("join")) { - String select = null; - String url = getURL(request, config); + // if no hselect, then not CA + if (hselect.equals("") || hselect.equals("join")) { + String select = null; + String url = getURL(request, config); - URL urlx = null; + URL urlx = null; - if (url.equals("External CA")) { - CMS.debug("NamePanel: external CA selected"); - select = "otherca"; - config.putString("preop.ca.type", "otherca"); - if (subsystem != null) { - config.putString(PCERT_PREFIX+"signing.type", "remote"); - } + if (url.equals("External CA")) { + CMS.debug("NamePanel: external CA selected"); + select = "otherca"; + config.putString("preop.ca.type", "otherca"); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + } - config.putString("preop.ca.pkcs7", ""); - config.putInteger("preop.ca.certchain.size", 0); - context.put("check_otherca", "checked"); - CMS.debug("NamePanel: update: this is the external CA."); - } else { - CMS.debug("NamePanel: local CA selected"); - select = "sdca"; - // parse URL (CA1 - https://...) - url = url.substring(url.indexOf("https")); - config.putString("preop.ca.url", url); - - urlx = new URL(url); - config.putString("preop.ca.type", "sdca"); - CMS.debug("NamePanel: update: this is a CA in the security domain."); - context.put("check_sdca", "checked"); - sdca(request, context, urlx.getHost(), - Integer.toString(urlx.getPort())); - if (subsystem != null) { - config.putString(PCERT_PREFIX + "signing.type", "remote"); - config.putString(PCERT_PREFIX + "signing.profile", - "caInstallCACert"); + config.putString("preop.ca.pkcs7", ""); + config.putInteger("preop.ca.certchain.size", 0); + context.put("check_otherca", "checked"); + CMS.debug("NamePanel: update: this is the external CA."); + } else { + CMS.debug("NamePanel: local CA selected"); + select = "sdca"; + // parse URL (CA1 - https://...) + url = url.substring(url.indexOf("https")); + config.putString("preop.ca.url", url); + + urlx = new URL(url); + config.putString("preop.ca.type", "sdca"); + CMS.debug("NamePanel: update: this is a CA in the security domain."); + context.put("check_sdca", "checked"); + sdca(request, context, urlx.getHost(), + Integer.toString(urlx.getPort())); + if (subsystem != null) { + config.putString(PCERT_PREFIX + "signing.type", "remote"); + config.putString(PCERT_PREFIX + "signing.profile", + "caInstallCACert"); + } } - } - try { - config.commit(false); - } catch (Exception e) {} + try { + config.commit(false); + } catch (Exception e) { + } - } + } try { @@ -821,20 +891,23 @@ public class NamePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); - String ct = cert.getCertTag(); + String ct = cert.getCertTag(); String tokenname = cert.getTokenname(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + + ".enable", true); if (!enable) continue; - boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false); + boolean certDone = config.getBoolean(PCERT_PREFIX + ct + + ".done", false); if (certDone) continue; // get the nicknames and put in config String nickname = HttpInput.getNickname(request, ct + "_nick"); if (nickname != null) { - CMS.debug("NamePanel: update: Setting nickname for " + ct + " to " + nickname); + CMS.debug("NamePanel: update: Setting nickname for " + ct + + " to " + nickname); config.putString(PCERT_PREFIX + ct + ".nickname", nickname); cert.setNickname(nickname); } else { @@ -850,32 +923,31 @@ public class NamePanel extends WizardPanelBase { try { configCert(request, response, context, cert); - config.putBoolean("preop.cert."+cert.getCertTag()+".done", - true); + config.putBoolean("preop.cert." + cert.getCertTag() + + ".done", true); config.commit(false); } catch (Exception e) { - CMS.debug( - "NamePanel: update() exception caught:" - + e.toString()); - hasErr = true; + CMS.debug("NamePanel: update() exception caught:" + + e.toString()); + hasErr = true; System.err.println("Exception caught: " + e.toString()); } - } // while - if (hasErr == false) { - config.putBoolean("preop.NamePanel.done", true); - config.commit(false); - } + } // while + if (hasErr == false) { + config.putBoolean("preop.NamePanel.done", true); + config.commit(false); + } } catch (Exception e) { CMS.debug("NamePanel: Exception caught: " + e.toString()); System.err.println("Exception caught: " + e.toString()); }// try - try { config.commit(false); - } catch (Exception e) {} + } catch (Exception e) { + } if (!hasErr) { context.put("updateStatus", "success"); @@ -885,8 +957,11 @@ public class NamePanel extends WizardPanelBase { CMS.debug("NamePanel: update() done"); } - private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { - CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr); + private void updateCloneSDCAInfo(HttpServletRequest request, + Context context, String hostname, String httpsPortStr) + throws IOException { + CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + + hostname + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -897,19 +972,16 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, - hostname, - httpsPortStr, - "CA" ); + https_admin_port = getSecurityDomainAdminPort(config, hostname, + httpsPortStr, "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug( - "NamePanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug("NamePanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Https Port is not valid."); } @@ -918,9 +990,11 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsadminport", https_admin_port); } - private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException { + private void sdca(HttpServletRequest request, Context context, + String hostname, String httpsPortStr) throws IOException { CMS.debug("NamePanel update: this is the CA in the security domain."); - CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr); + CMS.debug("NamePanel update: selected CA hostname=" + hostname + + " port=" + httpsPortStr); String https_admin_port = ""; IConfigStore config = CMS.getConfigStore(); @@ -934,19 +1008,16 @@ public class NamePanel extends WizardPanelBase { // Retrieve the associated HTTPS Admin port so that it // may be stored for use with ImportAdminCertPanel - https_admin_port = getSecurityDomainAdminPort( config, - hostname, - httpsPortStr, - "CA" ); + https_admin_port = getSecurityDomainAdminPort(config, hostname, + httpsPortStr, "CA"); int httpsport = -1; try { - httpsport = Integer.parseInt(httpsPortStr); + httpsport = Integer.parseInt(httpsPortStr); } catch (Exception e) { - CMS.debug( - "NamePanel update: Https port is not valid. Exception: " - + e.toString()); + CMS.debug("NamePanel update: Https port is not valid. Exception: " + + e.toString()); throw new IOException("Https Port is not valid."); } @@ -954,21 +1025,18 @@ public class NamePanel extends WizardPanelBase { config.putString("preop.ca.httpsport", httpsPortStr); config.putString("preop.ca.httpsadminport", https_admin_port); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChainUsingSecureEEPort( config, "ca", hostname, - httpsport, true, context, - certApprovalCallback ); + updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport, + true, context, certApprovalCallback); try { - CMS.debug("Importing CA chain"); - importCertChain("ca"); + CMS.debug("Importing CA chain"); + importCertChain("ca"); } catch (Exception e1) { - CMS.debug("Failed in importing CA chain"); + CMS.debug("Failed in importing CA chain"); } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { context.put("certs", mCerts); } @@ -976,11 +1044,9 @@ public class NamePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } context.put("title", "Subject Names"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index cf37fdff..8d484f4e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Enumeration; @@ -50,11 +49,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; /** - * This servlet creates a TPS user in the CA, - * and it associates TPS's server certificate to - * the user. Finally, it addes the user to the - * administrator group. This procedure will - * allows TPS to connect to the CA for certificate + * This servlet creates a TPS user in the CA, and it associates TPS's server + * certificate to the user. Finally, it addes the user to the administrator + * group. This procedure will allows TPS to connect to the CA for certificate * issuance. */ public class RegisterUser extends CMSServlet { @@ -67,9 +64,7 @@ public class RegisterUser extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private String mGroupName = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; - + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public RegisterUser() { super(); @@ -77,6 +72,7 @@ public class RegisterUser extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -88,7 +84,7 @@ public class RegisterUser extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateUpdater: processing..."); @@ -102,9 +98,9 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser authentication successful."); } catch (Exception e) { CMS.debug("RegisterUser: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -117,19 +113,19 @@ public class RegisterUser extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("RegisterUser authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -150,119 +146,112 @@ public class RegisterUser extends CMSServlet { String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+fullname;;"+ name + - "+state;;1" + - "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + + uid + + "+fullname;;" + + name + + "+state;;1" + + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; - IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); + IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; boolean foundByCert = false; X509Certificate certs[] = new X509Certificate[1]; try { - byte bCert[] = null; - X509CertImpl cert = null; - bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); - cert = new X509CertImpl(bCert); - certs[0] = (X509Certificate)cert; - - // test to see if the cert already belongs to a user - ICertUserLocator cul = ugsys.getCertUserLocator(); - com.netscape.certsrv.usrgrp.Certificates c = - new com.netscape.certsrv.usrgrp.Certificates(certs); - user = (IUser) cul.locateUser(c); + byte bCert[] = null; + X509CertImpl cert = null; + bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString)); + cert = new X509CertImpl(bCert); + certs[0] = (X509Certificate) cert; + + // test to see if the cert already belongs to a user + ICertUserLocator cul = ugsys.getCertUserLocator(); + com.netscape.certsrv.usrgrp.Certificates c = new com.netscape.certsrv.usrgrp.Certificates( + certs); + user = (IUser) cul.locateUser(c); } catch (Exception ec) { - CMS.debug("RegisterUser: exception thrown: "+ec.toString()); + CMS.debug("RegisterUser: exception thrown: " + ec.toString()); } if (user == null) { - CMS.debug("RegisterUser NOT found user by cert"); - try { - user = ugsys.getUser(uid); - CMS.debug("RegisterUser found user by uid "+uid); - } catch (Exception eee) { - } + CMS.debug("RegisterUser NOT found user by cert"); + try { + user = ugsys.getUser(uid); + CMS.debug("RegisterUser found user by uid " + uid); + } catch (Exception eee) { + } } else { - foundByCert = true; - CMS.debug("RegisterUser found user by cert"); + foundByCert = true; + CMS.debug("RegisterUser found user by cert"); } - - try { - - if (user == null) { - // create user only if such user does not exist - user = ugsys.createUser(uid); - user.setFullName(name); - user.setState("1"); - user.setUserType(""); - user.setEmail(""); - user.setPhone(""); - user.setPassword(""); - - ugsys.addUser(user); - CMS.debug("RegisterUser created user " + uid); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); - audit(auditMessage); - } - - // extract all line separators - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < certsString.length(); i++) { - if (!Character.isWhitespace(certsString.charAt(i))) { - sb.append(certsString.charAt(i)); - } - } - certsString = sb.toString(); - - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + - "+Resource;;"+ uid + - "+cert;;"+certsString; - - user.setX509Certificates(certs); - if (!foundByCert) { - ugsys.addUserCert(user); - CMS.debug("RegisterUser added user certificate"); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); - audit(auditMessage); - } else - CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + + try { + + if (user == null) { + // create user only if such user does not exist + user = ugsys.createUser(uid); + user.setFullName(name); + user.setState("1"); + user.setUserType(""); + user.setEmail(""); + user.setPhone(""); + user.setPassword(""); + + ugsys.addUser(user); + CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams); + audit(auditMessage); + } + + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;" + uid + "+cert;;" + certsString; + + user.setX509Certificates(certs); + if (!foundByCert) { + ugsys.addUserCert(user); + CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams); + audit(auditMessage); + } else + CMS.debug("RegisterUser no need to add user certificate"); + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams); audit(auditMessage); outputError(httpResp, "Error: Certificate malformed"); return; } - // add user to the group - auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + - "+Resource;;"+ mGroupName; + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + + "+Resource;;" + mGroupName; try { Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup)groups.nextElement(); + IGroup group = (IGroup) groups.nextElement(); auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams +=","; + auditParams += ","; } } @@ -273,22 +262,17 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser modified group"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, + ILogger.SUCCESS, auditParams); audit(auditMessage); } - } catch (Exception e) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - auditParams); + } catch (Exception e) { + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, auditParams); - audit(auditMessage); - } + audit(auditMessage); + } // send success status back to the requestor try { @@ -305,14 +289,22 @@ public class RegisterUser extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java index 76f5a749..d03bc313 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileInputStream; @@ -76,19 +75,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class RestoreKeyCertPanel extends WizardPanelBase { - public RestoreKeyCertPanel() {} + public RestoreKeyCertPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Import Keys and Certificates"); setId(id); @@ -99,18 +98,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase { */ public boolean shouldSkip() { CMS.debug("RestoreKeyCertPanel: should skip"); - + IConfigStore cs = CMS.getConfigStore(); // if we are root, no need to get the certificate chain. - + try { - String select = cs.getString("preop.subsystem.select",""); + String select = cs.getString("preop.subsystem.select", ""); if (select.equals("clone")) { return false; } } catch (EBaseException e) { } - + return true; } @@ -138,15 +137,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -154,13 +154,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Import Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); if (isPanelDone()) { - + try { String s = config.getString("preop.pk12.path", ""); String type = config.getString("preop.subsystem.select", ""); @@ -181,8 +180,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String tokenname = ""; try { @@ -193,15 +191,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!tokenname.equals("Internal Key Storage Token")) return; - // Path can be empty. If this case, we just want to + // Path can be empty. If this case, we just want to // get to the next panel. Customer has HSM. String s = HttpInput.getString(request, "path"); // if (s == null || s.equals("")) { - // CMS.debug("RestoreKeyCertPanel validate: path is empty"); - // throw new IOException("Path is empty"); + // CMS.debug("RestoreKeyCertPanel validate: path is empty"); + // throw new IOException("Path is empty"); // } - if (s != null && !s.equals("")) { s = HttpInput.getPassword(request, "__password"); if (s == null || s.equals("")) { @@ -216,16 +213,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException - { + HttpServletResponse response, Context context) throws IOException { IConfigStore config = CMS.getConfigStore(); String path = HttpInput.getString(request, "path"); if (path == null || path.equals("")) { - // skip to next panel + // skip to next panel config.putBoolean("preop.restorekeycert.done", true); try { - config.commit(false); + config.commit(false); } catch (EBaseException e) { } getConfigEntriesFromMaster(request, response, context); @@ -233,7 +228,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return; } String pwd = HttpInput.getPassword(request, "__password"); - + String tokenn = ""; String instanceRoot = ""; @@ -245,8 +240,9 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (tokenn.equals("Internal Key Storage Token")) { byte b[] = new byte[1000000]; - FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path); - while (fis.available() > 0) + FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + + path); + while (fis.available() > 0) fis.read(b); fis.close(); @@ -256,10 +252,11 @@ public class RestoreKeyCertPanel extends WizardPanelBase { PFX pfx = null; boolean verifypfx = false; try { - pfx = (PFX)(new PFX.Template()).decode(bis); - verifypfx = pfx.verifyAuthSafes(password, reason); + pfx = (PFX) (new PFX.Template()).decode(bis); + verifypfx = pfx.verifyAuthSafes(password, reason); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + + e.toString()); } if (verifypfx) { @@ -267,50 +264,60 @@ public class RestoreKeyCertPanel extends WizardPanelBase { AuthenticatedSafes safes = pfx.getAuthSafes(); Vector pkeyinfo_collection = new Vector(); Vector cert_collection = new Vector(); - for (int i=0; i<safes.getSize(); i++) { + for (int i = 0; i < safes.getSize(); i++) { try { - SEQUENCE scontent = safes.getSafeContentsAt(null, i); - for (int j=0; j<scontent.size(); j++) { - SafeBag bag = (SafeBag)scontent.elementAt(j); + SEQUENCE scontent = safes.getSafeContentsAt(null, i); + for (int j = 0; j < scontent.size(); j++) { + SafeBag bag = (SafeBag) scontent.elementAt(j); OBJECT_IDENTIFIER oid = bag.getBagType(); if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) { - EncryptedPrivateKeyInfo privkeyinfo = - (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent(); + EncryptedPrivateKeyInfo privkeyinfo = (EncryptedPrivateKeyInfo) bag + .getInterpretedBagContent(); PasswordConverter passConverter = new PasswordConverter(); - PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter()); + PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt( + password, new PasswordConverter()); Vector pkeyinfo_v = new Vector(); pkeyinfo_v.addElement(pkeyinfo); SET bagAttrs = bag.getBagAttributes(); - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs + .elementAt(k); OBJECT_IDENTIFIER aoid = attrs.getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); - ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + ANY ss = (ANY) val.elementAt(0); + ByteArrayInputStream bbis = new ByteArrayInputStream( + ss.getEncoded()); + BMPString sss = (BMPString) (new BMPString.Template()) + .decode(bbis); String s = sss.toString(); pkeyinfo_v.addElement(s); } } pkeyinfo_collection.addElement(pkeyinfo_v); } else if (oid.equals(SafeBag.CERT_BAG)) { - CertBag cbag = (CertBag)bag.getInterpretedBagContent(); - OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert(); + CertBag cbag = (CertBag) bag + .getInterpretedBagContent(); + OCTET_STRING str = (OCTET_STRING) cbag + .getInterpretedCert(); byte[] x509cert = str.toByteArray(); Vector cert_v = new Vector(); cert_v.addElement(x509cert); SET bagAttrs = bag.getBagAttributes(); - + if (bagAttrs != null) { - for (int k=0; k<bagAttrs.size(); k++) { - Attribute attrs = (Attribute)bagAttrs.elementAt(k); - OBJECT_IDENTIFIER aoid = attrs.getType(); + for (int k = 0; k < bagAttrs.size(); k++) { + Attribute attrs = (Attribute) bagAttrs + .elementAt(k); + OBJECT_IDENTIFIER aoid = attrs + .getType(); if (aoid.equals(SafeBag.FRIENDLY_NAME)) { SET val = attrs.getValues(); - ANY ss = (ANY)val.elementAt(0); - ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded()); - BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis); + ANY ss = (ANY) val.elementAt(0); + ByteArrayInputStream bbis = new ByteArrayInputStream( + ss.getEncoded()); + BMPString sss = (BMPString) (new BMPString.Template()) + .decode(bbis); String s = sss.toString(); cert_v.addElement(s); } @@ -321,10 +328,11 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel update: Exception=" + + e.toString()); } } - + importkeycert(pkeyinfo_collection, cert_collection); } else { context.put("updateStatus", "failure"); @@ -342,11 +350,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase { cstype = toLowerCaseSubsystemType(cstype); if (subsystemtype.equals("clone")) { - CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); + CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); boolean cloneReady = isCertdbCloned(request, context); if (!cloneReady) { CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates."); - context.put("errorString", "Make sure you have copied the certificate database over to the clone"); + context.put("errorString", + "Make sure you have copied the certificate database over to the clone"); context.put("updateStatus", "failure"); throw new IOException("Clone is not ready"); } @@ -363,7 +372,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } private void getConfigEntriesFromMaster(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { try { IConfigStore config = CMS.getConfigStore(); String cstype = ""; @@ -381,22 +390,31 @@ public class RestoreKeyCertPanel extends WizardPanelBase { int master_ee_port = -1; try { sd_hostname = config.getString("securitydomain.host", ""); - sd_port = config.getInteger("securitydomain.httpsadminport", -1); + sd_port = config + .getInteger("securitydomain.httpsadminport", -1); master_hostname = config.getString("preop.master.hostname", ""); - master_port = config.getInteger("preop.master.httpsadminport", -1); - master_ee_port = config.getInteger("preop.master.httpsport", -1); + master_port = config.getInteger("preop.master.httpsadminport", + -1); + master_ee_port = config + .getInteger("preop.master.httpsport", -1); String content = ""; if (cstype.equals("ca") || cstype.equals("kra")) { - content = "type=request&xmlOutput=true&sessionID="+session_id; + content = "type=request&xmlOutput=true&sessionID=" + + session_id; CMS.debug("http content=" + content); - updateNumberRange(master_hostname, master_ee_port, true, content, "request", response); - - content = "type=serialNo&xmlOutput=true&sessionID="+session_id; - updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response); - - content = "type=replicaId&xmlOutput=true&sessionID="+session_id; - updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response); + updateNumberRange(master_hostname, master_ee_port, true, + content, "request", response); + + content = "type=serialNo&xmlOutput=true&sessionID=" + + session_id; + updateNumberRange(master_hostname, master_ee_port, true, + content, "serialNo", response); + + content = "type=replicaId&xmlOutput=true&sessionID=" + + session_id; + updateNumberRange(master_hostname, master_ee_port, true, + content, "replicaId", response); } String list = ""; @@ -406,7 +424,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } StringBuffer c1 = new StringBuffer(); - StringBuffer s1 = new StringBuffer(); + StringBuffer s1 = new StringBuffer(); StringTokenizer tok = new StringTokenizer(list, ","); while (tok.hasMoreTokens()) { String t1 = tok.nextToken(); @@ -438,8 +456,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase { c1.append(t1); c1.append(".pubkey.encoded"); - - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append(cstype); @@ -449,21 +466,29 @@ public class RestoreKeyCertPanel extends WizardPanelBase { if (!cstype.equals("ca")) { c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type"); - } + } if (cstype.equals("ca")) { /* get ca connector details */ - if (s1.length()!=0) + if (s1.length() != 0) s1.append(","); s1.append("ca.connector.KRA"); } - content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id; - boolean success = updateConfigEntries(master_hostname, master_port, true, - "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response); + content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + + c1.toString() + + "&substores=" + + s1.toString() + + "&xmlOutput=true&sessionID=" + session_id; + boolean success = updateConfigEntries(master_hostname, + master_port, true, "/" + cstype + "/admin/" + cstype + + "/getConfigEntries", content, config, + response); if (!success) { - context.put("errorString", "Failed to get configuration entries from the master"); - throw new IOException("Failed to get configuration entries from the master"); + context.put("errorString", + "Failed to get configuration entries from the master"); + throw new IOException( + "Failed to get configuration entries from the master"); } config.putString("preop.clone.configuration", "true"); try { @@ -473,7 +498,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase { } catch (IOException eee) { throw eee; } catch (Exception eee) { - CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString()); + CMS.debug("RestoreKeyCertPanel: update exception caught:" + + eee.toString()); } } catch (IOException ee) { @@ -491,38 +517,42 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String s = st.nextToken(); if (s.equals("sslserver")) continue; - String name = "preop.master."+s+".nickname"; + String name = "preop.master." + s + ".nickname"; String nickname = cs.getString(name, ""); CryptoManager cm = CryptoManager.getInstance(); X509Certificate xcert = null; try { xcert = cm.findCertByNickname(nickname); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + + ee.toString()); } CryptoToken ct = cm.getInternalKeyStorageToken(); CryptoStore store = ct.getCryptoStore(); try { store.deleteCert(xcert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + + ee.toString()); } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString()); - } + CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + + e.toString()); + } } - private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) { - CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'"); - if (pubkey.getAlgorithm().equals("EC")) { - return org.mozilla.jss.crypto.PrivateKey.Type.EC; - } - return org.mozilla.jss.crypto.PrivateKey.Type.RSA; + private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType( + PublicKey pubkey) { + CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'"); + if (pubkey.getAlgorithm().equals("EC")) { + return org.mozilla.jss.crypto.PrivateKey.Type.EC; + } + return org.mozilla.jss.crypto.PrivateKey.Type.RSA; } - private void importkeycert(Vector pkeyinfo_collection, - Vector cert_collection) throws IOException { + private void importkeycert(Vector pkeyinfo_collection, + Vector cert_collection) throws IOException { CryptoManager cm = null; try { cm = CryptoManager.getInstance(); @@ -532,12 +562,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { // delete all existing certificates first deleteExistingCerts(); - for (int i=0; i<pkeyinfo_collection.size(); i++) { + for (int i = 0; i < pkeyinfo_collection.size(); i++) { try { - Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i); - PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0); - String nickname = (String)pkeyinfo_v.elementAt(1); - byte[] x509cert = getX509Cert(nickname, cert_collection); + Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i); + PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v + .elementAt(0); + String nickname = (String) pkeyinfo_v.elementAt(1); + byte[] x509cert = getX509Cert(nickname, cert_collection); X509Certificate cert = cm.importCACertPackage(x509cert); ByteArrayOutputStream bos = new ByteArrayOutputStream(); pkeyinfo.encode(bos); @@ -550,32 +581,37 @@ public class RestoreKeyCertPanel extends WizardPanelBase { try { store.deleteCert(cert); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + + ee.toString()); } KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); - Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); + Cipher c = token + .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD); c.initEncrypt(sk, param); byte[] encpkey = c.doFinal(pkey); - - KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + + KeyWrapper wrapper = token + .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); wrapper.initUnwrap(sk, param); - org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey); + org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate( + encpkey, getPrivateKeyType(publickey), publickey); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + + e.toString()); } } - for (int i=0; i<cert_collection.size(); i++) { + for (int i = 0; i < cert_collection.size(); i++) { try { - Vector cert_v = (Vector)cert_collection.elementAt(i); - byte[] cert = (byte[])cert_v.elementAt(0); + Vector cert_v = (Vector) cert_collection.elementAt(i); + byte[] cert = (byte[]) cert_v.elementAt(0); if (cert_v.size() > 1) { - String name = (String)cert_v.elementAt(1); + String name = (String) cert_v.elementAt(1); // we need to delete the trusted CA certificate if it is // the same as the ca signing certificate if (isCASigningCert(name)) { @@ -586,30 +622,35 @@ public class RestoreKeyCertPanel extends WizardPanelBase { CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store"); if (store instanceof PK11Store) { try { - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(certchain); } catch (Exception ee) { - CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString()); + CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + + ee.toString()); } } } } - X509Certificate xcert = cm.importUserCACertPackage(cert, name); + X509Certificate xcert = cm.importUserCACertPackage(cert, + name); if (name.startsWith("caSigningCert")) { // we need to change the trust attribute to CT - InternalCertificate icert = (InternalCertificate)xcert; - icert.setSSLTrust(InternalCertificate.TRUSTED_CA - | InternalCertificate.TRUSTED_CLIENT_CA - | InternalCertificate.VALID_CA); + InternalCertificate icert = (InternalCertificate) xcert; + icert.setSSLTrust(InternalCertificate.TRUSTED_CA + | InternalCertificate.TRUSTED_CLIENT_CA + | InternalCertificate.VALID_CA); } else if (name.startsWith("auditSigningCert")) { - InternalCertificate icert = (InternalCertificate)xcert; - icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); + InternalCertificate icert = (InternalCertificate) xcert; + icert.setObjectSigningTrust(InternalCertificate.USER + | InternalCertificate.VALID_PEER + | InternalCertificate.TRUSTED_PEER); } } else cm.importCACertPackage(cert); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + + e.toString()); } } } @@ -628,41 +669,44 @@ public class RestoreKeyCertPanel extends WizardPanelBase { return false; } - private X509Certificate getX509CertFromToken(byte[] cert) - throws IOException { + private X509Certificate getX509CertFromToken(byte[] cert) + throws IOException { try { X509CertImpl impl = new X509CertImpl(cert); String issuer_impl = impl.getIssuerDN().toString(); BigInteger serial_impl = impl.getSerialNumber(); CryptoManager cm = CryptoManager.getInstance(); X509Certificate[] permcerts = cm.getPermCerts(); - for (int i=0; i<permcerts.length; i++) { + for (int i = 0; i < permcerts.length; i++) { String issuer_p = permcerts[i].getSubjectDN().toString(); BigInteger serial_p = permcerts[i].getSerialNumber(); - if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) { + if (issuer_p.equals(issuer_impl) + && serial_p.compareTo(serial_impl) == 0) { return permcerts[i]; } } } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString()); + CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" + + e.toString()); } return null; } - private byte[] getX509Cert(String nickname, Vector cert_collection) - throws IOException { - for (int i=0; i<cert_collection.size(); i++) { - Vector v = (Vector)cert_collection.elementAt(i); - byte[] b = (byte[])v.elementAt(0); + private byte[] getX509Cert(String nickname, Vector cert_collection) + throws IOException { + for (int i = 0; i < cert_collection.size(); i++) { + Vector v = (Vector) cert_collection.elementAt(i); + byte[] b = (byte[]) v.elementAt(0); X509CertImpl impl = null; try { impl = new X509CertImpl(b); } catch (Exception e) { - CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString()); - throw new IOException( e.toString() ); + CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" + + e.toString()); + throw new IOException(e.toString()); } - Principal subjectdn = impl.getSubjectDN(); + Principal subjectdn = impl.getSubjectDN(); if (LDAPDN.equals(subjectdn.toString(), nickname)) return b; } @@ -674,17 +718,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("title", "Import Keys and Certificates"); context.put("password", ""); context.put("path", ""); context.put("panel", "admin/console/config/restorekeycertpanel.vm"); } - private boolean isCertdbCloned(HttpServletRequest request, - Context context) { + private boolean isCertdbCloned(HttpServletRequest request, Context context) { IConfigStore config = CMS.getConfigStore(); String certList = ""; try { @@ -698,13 +739,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase { String tokenname = config.getString("preop.module.token", ""); CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); - String name1 = "preop.master."+token+".nickname"; + String name1 = "preop.master." + token + ".nickname"; String nickname = config.getString(name1, ""); - if (!tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - nickname = tokenname+":"+nickname; + if (!tokenname.equals("Internal Key Storage Token") + && !tokenname.equals("internal")) + nickname = tokenname + ":" + nickname; - CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname); + CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname); X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) return false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java index 854e8f10..83d8413e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java @@ -34,19 +34,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SavePKCS12Panel extends WizardPanelBase { - public SavePKCS12Panel() {} + public SavePKCS12Panel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Save Keys and Certificates"); setId(id); @@ -60,11 +60,11 @@ public class SavePKCS12Panel extends WizardPanelBase { try { boolean enable = cs.getBoolean("preop.backupkeys.enable", false); - if (!enable) + if (!enable) return true; } catch (Exception e) { } - + return false; } @@ -77,13 +77,14 @@ public class SavePKCS12Panel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + return set; } @@ -95,8 +96,7 @@ public class SavePKCS12Panel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Save Keys and Certificates"); IConfigStore config = CMS.getConfigStore(); String subsystemtype = ""; @@ -116,15 +116,14 @@ public class SavePKCS12Panel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); context.put("updateStatus", "success"); @@ -134,9 +133,7 @@ public class SavePKCS12Panel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { context.put("title", "Save Keys and Certificates"); context.put("panel", "admin/console/config/savepkcs12panel.vm"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java index 3a5d82d1..14e52a38 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.net.URL; import java.net.URLDecoder; @@ -39,14 +38,12 @@ public class SecurityDomainLogin extends BaseServlet { private static final long serialVersionUID = -1616344299101179396L; public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { return true; } public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; try { @@ -59,9 +56,9 @@ public class SecurityDomainLogin extends BaseServlet { int index = url.indexOf("subsystem="); String subsystem = ""; if (index > 0) { - subsystem = url.substring(index+10); + subsystem = url.substring(index + 10); int index1 = subsystem.indexOf("&"); - if (index1 > 0) + if (index1 > 0) subsystem = subsystem.substring(0, index1); } context.put("sd_uid", ""); @@ -70,15 +67,16 @@ public class SecurityDomainLogin extends BaseServlet { context.put("host", u.getHost()); context.put("sdhost", CMS.getEESSLHost()); if (subsystem.equals("KRA")) { - subsystem = "DRM"; + subsystem = "DRM"; } context.put("subsystem", subsystem); // The "securitydomain.name" property ONLY resides in the "CS.cfg" // associated with the CS subsystem hosting the security domain. IConfigStore cs = CMS.getConfigStore(); String sdname = cs.getString("securitydomain.name", ""); - context.put("name", sdname); - template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm"); + context.put("name", sdname); + template = Velocity + .getTemplate("admin/console/config/securitydomainloginpanel.vm"); } catch (Exception e) { System.err.println("Exception caught: " + e.getMessage()); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java index 90a6aeb0..e43fa913 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; @@ -39,19 +38,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class SecurityDomainPanel extends WizardPanelBase { - public SecurityDomainPanel() {} + public SecurityDomainPanel() { + } /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException { + public void init(ServletConfig config, int panelno) throws ServletException { setPanelNo(panelno); setName("Security Domain"); } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Security Domain"); setId(id); @@ -72,15 +71,16 @@ public class SecurityDomainPanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -88,8 +88,7 @@ public class SecurityDomainPanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { context.put("title", "Security Domain"); IConfigStore config = CMS.getConfigStore(); String errorString = ""; @@ -99,10 +98,12 @@ public class SecurityDomainPanel extends WizardPanelBase { String systemdService = ""; try { - default_admin_url = config.getString("preop.securitydomain.admin_url", ""); + default_admin_url = config.getString( + "preop.securitydomain.admin_url", ""); name = config.getString("preop.securitydomain.name", ""); cstype = config.getString("cs.type", ""); - systemdService = config.getString("pkicreate.systemd.servicename", ""); + systemdService = config.getString("pkicreate.systemd.servicename", + ""); } catch (Exception e) { CMS.debug(e.toString()); } @@ -136,7 +137,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", default_admin_url); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/securitydomainpanel.vm"); context.put("errorString", errorString); @@ -157,18 +159,19 @@ public class SecurityDomainPanel extends WizardPanelBase { while (st.hasMoreTokens()) { count++; String n = st.nextToken(); - if (first) { //skip the hostname + if (first) { // skip the hostname first = false; continue; } if (count == numTokens) // skip the last element (e.g. com) continue; - sb.append((defaultDomain.length()==0)? "":" "); + sb.append((defaultDomain.length() == 0) ? "" : " "); sb.append(capitalize(n)); } - defaultDomain = sb.toString() + " "+ "Domain"; + defaultDomain = sb.toString() + " " + "Domain"; name = defaultDomain; - CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name); + CMS.debug("SecurityDomainPanel: defaultDomain generated:" + + name); } catch (MalformedURLException e) { errorString = "Malformed URL"; // not being able to come up with default domain name is ok @@ -176,54 +179,53 @@ public class SecurityDomainPanel extends WizardPanelBase { } context.put("sdomainName", name); - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); } catch (Exception e) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); } - - if( r != null ) { + + if (r != null) { // "default" security domain exists on local machine; // fill "sdomainURL" in with "default" security domain // as an initial "guess" - CMS.debug( "SecurityDomainPanel: pingCS returns: "+r ); - context.put( "sdomainURL", default_admin_url ); + CMS.debug("SecurityDomainPanel: pingCS returns: " + r); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - CMS.debug( "SecurityDomainPanel: pingCS no successful response" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingCS no successful response"); + context.put("sdomainURL", ""); } } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - if (! systemdService.equals("")) { - context.put( "initCommand", "/usr/bin/pkicontrol" ); - context.put( "instanceId", "ca " + systemdService ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + if (!systemdService.equals("")) { + context.put("initCommand", "/usr/bin/pkicontrol"); + context.put("instanceId", "ca " + systemdService); } else { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } } @@ -231,7 +233,7 @@ public class SecurityDomainPanel extends WizardPanelBase { if (s.length() == 0) { return s; } else { - return s.substring(0,1).toUpperCase() + s.substring(1); + return s.substring(0, 1).toUpperCase() + s.substring(1); } } @@ -239,62 +241,59 @@ public class SecurityDomainPanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { - + HttpServletResponse response, Context context) throws IOException { + String select = HttpInput.getID(request, "choice"); if (select.equals("newdomain")) { - String name = HttpInput.getSecurityDomainName(request, "sdomainName"); + String name = HttpInput.getSecurityDomainName(request, + "sdomainName"); if (name == null || name.equals("")) { initParams(request, context); context.put("updateStatus", "validate-failure"); - throw new IOException("Missing name value for the security domain"); + throw new IOException( + "Missing name value for the security domain"); } } else if (select.equals("existingdomain")) { - CMS.debug( "SecurityDomainPanel: validating " - + "SSL Admin HTTPS . . ." ); - String admin_url = HttpInput.getURL( request, "sdomainURL" ); - if( admin_url == null || admin_url.equals("") ) { - initParams( request, context ); + CMS.debug("SecurityDomainPanel: validating " + + "SSL Admin HTTPS . . ."); + String admin_url = HttpInput.getURL(request, "sdomainURL"); + if (admin_url == null || admin_url.equals("")) { + initParams(request, context); context.put("updateStatus", "validate-failure"); - throw new IOException( "Missing SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Missing SSL Admin HTTPS url value " + + "for the security domain"); } else { String r = null; try { - URL u = new URL( admin_url ); + URL u = new URL(admin_url); String hostname = u.getHost(); int admin_port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, admin_port, true, - certApprovalCallback ); - } catch( Exception e ) { - CMS.debug( "SecurityDomainPanel: exception caught: " - + e.toString() ); + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, admin_port, true, certApprovalCallback); + } catch (Exception e) { + CMS.debug("SecurityDomainPanel: exception caught: " + + e.toString()); context.put("updateStatus", "validate-failure"); - throw new IOException( "Illegal SSL Admin HTTPS url value " - + "for the security domain" ); + throw new IOException("Illegal SSL Admin HTTPS url value " + + "for the security domain"); } if (r != null) { - CMS.debug("SecurityDomainPanel: pingAdminCS returns: " - + r ); - context.put( "sdomainURL", admin_url ); + CMS.debug("SecurityDomainPanel: pingAdminCS returns: " + r); + context.put("sdomainURL", admin_url); } else { - CMS.debug( "SecurityDomainPanel: pingAdminCS " - + "no successful response for SSL Admin HTTPS" ); - context.put( "sdomainURL", "" ); + CMS.debug("SecurityDomainPanel: pingAdminCS " + + "no successful response for SSL Admin HTTPS"); + context.put("sdomainURL", ""); } } } } - public void initParams(HttpServletRequest request, Context context) - throws IOException - { + public void initParams(HttpServletRequest request, Context context) + throws IOException { IConfigStore config = CMS.getConfigStore(); try { context.put("cstype", config.getString("cs.type")); @@ -306,7 +305,7 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("check_newdomain", "checked"); context.put("check_existingdomain", ""); } else if (select.equals("existingdomain")) { - context.put("check_newdomain", ""); + context.put("check_newdomain", ""); context.put("check_existingdomain", "checked"); } @@ -325,8 +324,7 @@ public class SecurityDomainPanel extends WizardPanelBase { * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { String errorString = ""; String select = HttpInput.getID(request, "choice"); @@ -340,29 +338,28 @@ public class SecurityDomainPanel extends WizardPanelBase { if (select.equals("newdomain")) { config.putString("preop.securitydomain.select", "new"); config.putString("securitydomain.select", "new"); - config.putString("preop.securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.name", - HttpInput.getDomainName(request, "sdomainName")); - config.putString("securitydomain.host", - CMS.getEENonSSLHost()); - config.putString("securitydomain.httpport", - CMS.getEENonSSLPort()); - config.putString("securitydomain.httpsagentport", - CMS.getAgentPort()); - config.putString("securitydomain.httpseeport", - CMS.getEESSLPort()); - config.putString("securitydomain.httpsadminport", - CMS.getAdminPort()); - - // make sure the subsystem certificate is issued by the security + config.putString("preop.securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.name", + HttpInput.getDomainName(request, "sdomainName")); + config.putString("securitydomain.host", CMS.getEENonSSLHost()); + config.putString("securitydomain.httpport", CMS.getEENonSSLPort()); + config.putString("securitydomain.httpsagentport", + CMS.getAgentPort()); + config.putString("securitydomain.httpseeport", CMS.getEESSLPort()); + config.putString("securitydomain.httpsadminport", + CMS.getAdminPort()); + + // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "local"); - config.putString("preop.cert.subsystem.profile", "subsystemCert.profile"); - + config.putString("preop.cert.subsystem.profile", + "subsystemCert.profile"); + try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } String instanceRoot = ""; try { @@ -377,37 +374,38 @@ public class SecurityDomainPanel extends WizardPanelBase { // make sure the subsystem certificate is issued by the security // domain config.putString("preop.cert.subsystem.type", "remote"); - config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert"); + config.putString("preop.cert.subsystem.profile", + "caInternalAuthSubsystemCert"); String admin_url = HttpInput.getURL(request, "sdomainURL"); String hostname = ""; int admin_port = -1; - if( admin_url != null ) { + if (admin_url != null) { try { - URL admin_u = new URL( admin_url ); + URL admin_u = new URL(admin_url); hostname = admin_u.getHost(); admin_port = admin_u.getPort(); - } catch( MalformedURLException e ) { + } catch (MalformedURLException e) { errorString = "Malformed SSL Admin HTTPS URL"; context.put("updateStatus", "failure"); - throw new IOException( errorString ); + throw new IOException(errorString); } - context.put( "sdomainURL", admin_url ); - config.putString( "securitydomain.host", hostname ); - config.putInteger( "securitydomain.httpsadminport", - admin_port ); + context.put("sdomainURL", admin_url); + config.putString("securitydomain.host", hostname); + config.putInteger("securitydomain.httpsadminport", admin_port); } try { config.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - updateCertChain( config, "securitydomain", hostname, admin_port, - true, context, certApprovalCallback ); + updateCertChain(config, "securitydomain", hostname, admin_port, + true, context, certApprovalCallback); } else { CMS.debug("SecurityDomainPanel: invalid choice " + select); errorString = "Invalid choice"; @@ -425,7 +423,8 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("wizardname", config.getString("preop.wizard.name")); context.put("panelname", "Security Domain Configuration"); context.put("systemname", config.getString("preop.system.name")); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } context.put("errorString", errorString); context.put("updateStatus", "success"); @@ -435,8 +434,7 @@ public class SecurityDomainPanel extends WizardPanelBase { * If validate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore config = CMS.getConfigStore(); String default_admin_url = ""; try { @@ -445,33 +443,35 @@ public class SecurityDomainPanel extends WizardPanelBase { } try { - default_admin_url = config.getString("preop.securitydomain.admin_url", ""); - } catch (Exception e) {} + default_admin_url = config.getString( + "preop.securitydomain.admin_url", ""); + } catch (Exception e) { + } - if( default_admin_url != null ) { + if (default_admin_url != null) { String r = null; try { // check to see if "default" security domain exists // on local machine - URL u = new URL( default_admin_url ); + URL u = new URL(default_admin_url); String hostname = u.getHost(); int port = u.getPort(); - ConfigCertApprovalCallback - certApprovalCallback = new ConfigCertApprovalCallback(); - r = pingCS( hostname, port, true, certApprovalCallback ); - } catch (Exception e) {} - - if( r != null ) { + ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); + r = pingCS(hostname, port, true, certApprovalCallback); + } catch (Exception e) { + } + + if (r != null) { // "default" security domain exists on local machine; // refill "sdomainURL" in with "default" security domain // as an initial "guess" - context.put( "sdomainURL", default_admin_url ); + context.put("sdomainURL", default_admin_url); } else { // "default" security domain does NOT exist on local machine; // leave "sdomainURL" blank - context.put( "sdomainURL", "" ); + context.put("sdomainURL", ""); } } @@ -482,20 +482,21 @@ public class SecurityDomainPanel extends WizardPanelBase { context.put("https_ee_port", CMS.getEESSLPort()); context.put("https_admin_port", CMS.getAdminPort()); context.put("sdomainAdminURL", - config.getString("preop.securitydomain.admin_url")); - } catch (EBaseException e) {} + config.getString("preop.securitydomain.admin_url")); + } catch (EBaseException e) { + } // Information for "existing" Security Domain CAs String initDaemon = "pki-cad"; String instanceId = "<security_domain_instance_name>"; - String os = System.getProperty( "os.name" ); - if( os.equalsIgnoreCase( "Linux" ) ) { - context.put( "initCommand", "/sbin/service " + initDaemon ); - context.put( "instanceId", instanceId ); + String os = System.getProperty("os.name"); + if (os.equalsIgnoreCase("Linux")) { + context.put("initCommand", "/sbin/service " + initDaemon); + context.put("instanceId", instanceId); } else { - /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ - context.put( "initCommand", "/etc/init.d/" + initDaemon ); - context.put( "instanceId", instanceId ); + /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */ + context.put("initCommand", "/etc/init.d/" + initDaemon); + context.put("instanceId", instanceId); } context.put("title", "Security Domain"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java index 3d3530f2..f881ba7c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java @@ -27,8 +27,7 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable; /** * This object stores the values for IP, uid and group based on the cookie id. */ -public class SecurityDomainSessionTable - implements ISecurityDomainSessionTable { +public class SecurityDomainSessionTable implements ISecurityDomainSessionTable { private Hashtable m_sessions; private long m_timeToLive; @@ -38,8 +37,7 @@ public class SecurityDomainSessionTable m_timeToLive = timeToLive; } - public int addEntry(String sessionId, String ip, - String uid, String group) { + public int addEntry(String sessionId, String ip, String uid, String group) { Vector v = new Vector(); v.addElement(ip); v.addElement(uid); @@ -65,30 +63,30 @@ public class SecurityDomainSessionTable } public String getIP(String sessionId) { - Vector v = (Vector)m_sessions.get(sessionId); + Vector v = (Vector) m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(0); + return (String) v.elementAt(0); return null; } public String getUID(String sessionId) { - Vector v = (Vector)m_sessions.get(sessionId); + Vector v = (Vector) m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(1); + return (String) v.elementAt(1); return null; } public String getGroup(String sessionId) { - Vector v = (Vector)m_sessions.get(sessionId); + Vector v = (Vector) m_sessions.get(sessionId); if (v != null) - return (String)v.elementAt(2); + return (String) v.elementAt(2); return null; } public long getBeginTime(String sessionId) { - Vector v = (Vector)m_sessions.get(sessionId); - if (v != null) { - Long n = (Long)v.elementAt(3); + Vector v = (Vector) m_sessions.get(sessionId); + if (v != null) { + Long n = (Long) v.elementAt(3); if (n != null) return n.longValue(); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java index c3a1e325..05769dc5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java @@ -28,8 +28,7 @@ import com.netscape.certsrv.logging.ILogger; public class SessionTimer extends TimerTask { private ISecurityDomainSessionTable m_sessiontable = null; private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; public SessionTimer(ISecurityDomainSessionTable table) { super(); @@ -39,32 +38,27 @@ public class SessionTimer extends TimerTask { public void run() { Enumeration keys = m_sessiontable.getSessionIds(); while (keys.hasMoreElements()) { - String sessionId = (String)keys.nextElement(); + String sessionId = (String) keys.nextElement(); long beginTime = m_sessiontable.getBeginTime(sessionId); Date nowDate = new Date(); long nowTime = nowDate.getTime(); long timeToLive = m_sessiontable.getTimeToLive(); - if ((nowTime-beginTime) > timeToLive) { + if ((nowTime - beginTime) > timeToLive) { m_sessiontable.removeEntry(sessionId); CMS.debug("SessionTimer run: successfully remove the session id entry from the table."); - + // audit message - String auditParams = "operation;;expire_token+token;;" + sessionId; + String auditParams = "operation;;expire_token+token;;" + + sessionId; String auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - "system", - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, "system", + ILogger.SUCCESS, auditParams); - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - auditMessage); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, + auditMessage); - } } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 0e6a507a..a096963c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; @@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase { private String default_rsa_key_size; private boolean mShowSigning = false; - public SizePanel() {} + public SizePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Key Pairs"); setId(id); @@ -69,25 +69,30 @@ public class SizePanel extends WizardPanelBase { public PropertySet getUsage() { PropertySet set = new PropertySet(); - - Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, - "default,custom", null, /* no default parameter */ + + Descriptor choiceDesc = new Descriptor( + IDescriptor.CHOICE, + "default,custom", + null, /* no default parameter */ "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'."); set.add("choice", choiceDesc); - - Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */ - null, /* no default parameter */ - "Custom Key Size"); + + Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* + * no + * constraint + */ + null, /* no default parameter */ + "Custom Key Size"); set.add("custom_size", customSizeDesc); - + return set; } public void cleanUp() throws IOException { IConfigStore cs = CMS.getConfigStore(); - /* clean up if necessary*/ + /* clean up if necessary */ try { boolean done = cs.getBoolean("preop.SizePanel.done"); cs.putBoolean("preop.SizePanel.done", false); @@ -105,7 +110,8 @@ public class SizePanel extends WizardPanelBase { } else { return true; } - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } @@ -114,11 +120,10 @@ public class SizePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { CMS.debug("SizePanel: display()"); try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } @@ -134,12 +139,14 @@ public class SizePanel extends WizardPanelBase { } try { - default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); + default_ecc_curve_name = config.getString("keys.ecc.curve.default", + "nistp256"); } catch (Exception e) { } try { - default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); + default_rsa_key_size = config.getString("keys.rsa.keysize.default", + "2048"); } catch (Exception e) { } @@ -152,12 +159,12 @@ public class SizePanel extends WizardPanelBase { while (st.hasMoreTokens()) { String certTag = st.nextToken(); - String nn = config.getString( - PCERT_PREFIX + certTag + ".nickname"); + String nn = config.getString(PCERT_PREFIX + certTag + + ".nickname"); Cert c = new Cert(token, nn, certTag); - String s = config.getString( - PCERT_PREFIX + certTag + ".keysize.select", "default"); + String s = config.getString(PCERT_PREFIX + certTag + + ".keysize.select", "default"); if (s.equals("default")) { c.setKeyOption("default"); @@ -166,26 +173,25 @@ public class SizePanel extends WizardPanelBase { c.setKeyOption("custom"); } - s = config.getString( - PCERT_PREFIX + certTag + ".keysize.custom_size", - default_rsa_key_size); + s = config.getString(PCERT_PREFIX + certTag + + ".keysize.custom_size", default_rsa_key_size); c.setCustomKeysize(s); - s = config.getString( - PCERT_PREFIX + certTag + ".curvename.custom_name", - default_ecc_curve_name); + s = config.getString(PCERT_PREFIX + certTag + + ".curvename.custom_name", default_ecc_curve_name); c.setCustomCurvename(s); - boolean signingRequired = config.getBoolean( - PCERT_PREFIX + certTag + ".signing.required", - false); + boolean signingRequired = config.getBoolean(PCERT_PREFIX + + certTag + ".signing.required", false); c.setSigningRequired(signingRequired); - if (signingRequired) mShowSigning = true; + if (signingRequired) + mShowSigning = true; - String userfriendlyname = config.getString( - PCERT_PREFIX + certTag + ".userfriendlyname"); + String userfriendlyname = config.getString(PCERT_PREFIX + + certTag + ".userfriendlyname"); c.setUserFriendlyName(userfriendlyname); - boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + certTag + + ".enable", true); c.setEnable(enable); mCerts.addElement(c); }// while @@ -206,16 +212,15 @@ public class SizePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException, NumberFormatException { + HttpServletResponse response, Context context) throws IOException, + NumberFormatException { CMS.debug("SizePanel: update()"); boolean hasErr = false; IConfigStore config = CMS.getConfigStore(); @@ -236,13 +241,15 @@ public class SizePanel extends WizardPanelBase { if (select1.equals("clone")) { // preset the sslserver dn for cloning case try { - String val = config.getString("preop.cert.sslserver.dn", ""); - config.putString("preop.cert.sslserver.dn", val+",o=clone"); + String val = config + .getString("preop.cert.sslserver.dn", ""); + config.putString("preop.cert.sslserver.dn", val + + ",o=clone"); } catch (Exception ee) { } } } - + String token = ""; try { token = config.getString(PRE_CONF_CA_TOKEN, ""); @@ -251,13 +258,17 @@ public class SizePanel extends WizardPanelBase { while (c.hasMoreElements()) { Cert cert = (Cert) c.nextElement(); String ct = cert.getCertTag(); - boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); + boolean enable = config.getBoolean(PCERT_PREFIX + ct + + ".enable", true); if (!enable) continue; - String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc + String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa + // or + // ecc - String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm"); + String keyalgorithm = HttpInput.getString(request, ct + + "_keyalgorithm"); if (keyalgorithm == null) { if (keytype != null && keytype.equals("ecc")) { keyalgorithm = "SHA256withEC"; @@ -266,7 +277,8 @@ public class SizePanel extends WizardPanelBase { } } - String signingalgorithm = HttpInput.getString(request, ct + "_signingalgorithm"); + String signingalgorithm = HttpInput.getString(request, ct + + "_signingalgorithm"); if (signingalgorithm == null) { signingalgorithm = keyalgorithm; } @@ -275,114 +287,136 @@ public class SizePanel extends WizardPanelBase { if (select == null) { CMS.debug("SizePanel: " + ct + "_choice not found"); - throw new IOException( - "SizePanel: " + ct + "_choice not found"); + throw new IOException("SizePanel: " + ct + + "_choice not found"); } - CMS.debug( - "SizePanel: update() keysize choice selected:" + select); - String oldkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String oldkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String oldkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String oldsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); - String oldcurvename = - config.getString(PCERT_PREFIX + ct + ".curvename.name", ""); + CMS.debug("SizePanel: update() keysize choice selected:" + + select); + String oldkeysize = config.getString(PCERT_PREFIX + ct + + ".keysize.size", ""); + String oldkeytype = config.getString(PCERT_PREFIX + ct + + ".keytype", ""); + String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct + + ".keyalgorithm", ""); + String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct + + ".signingalgorithm", ""); + String oldcurvename = config.getString(PCERT_PREFIX + ct + + ".curvename.name", ""); if (select.equals("default")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.custom_name", - default_ecc_curve_name); - config.putString("preop.curvename.name", default_ecc_curve_name); + config.putString("preop.curvename.custom_name", + default_ecc_curve_name); + config.putString("preop.curvename.name", + default_ecc_curve_name); } else { - config.putString("preop.keysize.custom_size", - default_rsa_key_size); - config.putString("preop.keysize.size", default_rsa_key_size); + config.putString("preop.keysize.custom_size", + default_rsa_key_size); + config.putString("preop.keysize.size", + default_rsa_key_size); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", + keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", + signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "default"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct + - ".curvename.custom_name", - default_ecc_curve_name); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + + ".curvename.custom_name", + default_ecc_curve_name); + config.putString(PCERT_PREFIX + ct + ".curvename.name", + default_ecc_curve_name); } else { - config.putString(PCERT_PREFIX + ct + - ".keysize.custom_size", - default_rsa_key_size); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + + ".keysize.custom_size", default_rsa_key_size); + config.putString(PCERT_PREFIX + ct + ".keysize.size", + default_rsa_key_size); } } else if (select.equals("custom")) { // XXXrenaming these...keep for now just in case config.putString("preop.keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString("preop.curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); - config.putString("preop.curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); + config.putString( + "preop.curvename.name", + HttpInput.getString(request, ct + + "_custom_curvename")); + config.putString( + "preop.curvename.custom_name", + HttpInput.getString(request, ct + + "_custom_curvename")); } else { - config.putString("preop.keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); - config.putString("preop.keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size", keytype)); + config.putString( + "preop.keysize.size", + HttpInput.getKeySize(request, ct + + "_custom_size", keytype)); + config.putString( + "preop.keysize.custom_size", + HttpInput.getKeySize(request, ct + + "_custom_size", keytype)); } config.putString(PCERT_PREFIX + ct + ".keytype", keytype); - config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm); - config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm); + config.putString(PCERT_PREFIX + ct + ".keyalgorithm", + keyalgorithm); + config.putString(PCERT_PREFIX + ct + ".signingalgorithm", + signingalgorithm); config.putString(PCERT_PREFIX + ct + ".keysize.select", "custom"); if (keytype != null && keytype.equals("ecc")) { - config.putString(PCERT_PREFIX + ct + ".curvename.custom_name", - HttpInput.getString(request, ct + "_custom_curvename")); - config.putString(PCERT_PREFIX + ct + ".curvename.name", - HttpInput.getString(request, ct + "_custom_curvename")); + config.putString( + PCERT_PREFIX + ct + ".curvename.custom_name", + HttpInput.getString(request, ct + + "_custom_curvename")); + config.putString( + PCERT_PREFIX + ct + ".curvename.name", + HttpInput.getString(request, ct + + "_custom_curvename")); } else { - config.putString(PCERT_PREFIX + ct + ".keysize.custom_size", - HttpInput.getKeySize(request, ct + "_custom_size")); - config.putString(PCERT_PREFIX + ct + ".keysize.size", - HttpInput.getKeySize(request, ct + "_custom_size")); + config.putString( + PCERT_PREFIX + ct + ".keysize.custom_size", + HttpInput.getKeySize(request, ct + + "_custom_size")); + config.putString( + PCERT_PREFIX + ct + ".keysize.size", + HttpInput.getKeySize(request, ct + + "_custom_size")); } } else { CMS.debug("SizePanel: invalid choice " + select); throw new IOException("invalid choice " + select); } - String newkeysize = - config.getString(PCERT_PREFIX+ct+".keysize.size", ""); - String newkeytype = - config.getString(PCERT_PREFIX + ct + ".keytype", ""); - String newkeyalgorithm = - config.getString(PCERT_PREFIX + ct + ".keyalgorithm", ""); - String newsigningalgorithm = - config.getString(PCERT_PREFIX + ct + ".signingalgorithm", ""); - String newcurvename = - config.getString(PCERT_PREFIX+ct+".curvename.name", ""); - - if (!oldkeysize.equals(newkeysize) || - !oldkeytype.equals(newkeytype) || - !oldkeyalgorithm.equals(newkeyalgorithm) || - !oldsigningalgorithm.equals(newsigningalgorithm) || - !oldcurvename.equals(newcurvename)) + String newkeysize = config.getString(PCERT_PREFIX + ct + + ".keysize.size", ""); + String newkeytype = config.getString(PCERT_PREFIX + ct + + ".keytype", ""); + String newkeyalgorithm = config.getString(PCERT_PREFIX + ct + + ".keyalgorithm", ""); + String newsigningalgorithm = config.getString(PCERT_PREFIX + ct + + ".signingalgorithm", ""); + String newcurvename = config.getString(PCERT_PREFIX + ct + + ".curvename.name", ""); + + if (!oldkeysize.equals(newkeysize) + || !oldkeytype.equals(newkeytype) + || !oldkeyalgorithm.equals(newkeyalgorithm) + || !oldsigningalgorithm.equals(newsigningalgorithm) + || !oldcurvename.equals(newcurvename)) hasChanged = true; }// while try { config.commit(false); - } catch (EBaseException e) { - CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString()); + } catch (EBaseException e) { + CMS.debug("SizePanel: update() Exception caught at config commit: " + + e.toString()); } val1 = HttpInput.getID(request, "generateKeyPair"); @@ -393,19 +427,20 @@ public class SizePanel extends WizardPanelBase { context.put("updateStatus", "success"); return; } - } catch (IOException e) { + } catch (IOException e) { CMS.debug("SizePanel: update() IOException caught: " + e.toString()); context.put("updateStatus", "failure"); throw e; } catch (NumberFormatException e) { - CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString()); + CMS.debug("SizePanel: update() NumberFormatException caught: " + + e.toString()); context.put("updateStatus", "failure"); throw e; - } catch (Exception e) { + } catch (Exception e) { CMS.debug("SizePanel: update() Exception caught: " + e.toString()); } - // generate key pair + // generate key pair Enumeration c = mCerts.elements(); while (c.hasMoreElements()) { @@ -414,8 +449,9 @@ public class SizePanel extends WizardPanelBase { String friendlyName = ct; boolean enable = true; try { - enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); - friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct); + enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true); + friendlyName = config.getString(PCERT_PREFIX + ct + + ".userfriendlyname", ct); } catch (Exception e) { } @@ -423,17 +459,19 @@ public class SizePanel extends WizardPanelBase { continue; try { - String keytype = config.getString(PCERT_PREFIX + ct + ".keytype"); - String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm"); - + String keytype = config.getString(PCERT_PREFIX + ct + + ".keytype"); + String keyalgorithm = config.getString(PCERT_PREFIX + ct + + ".keyalgorithm"); + if (keytype.equals("rsa")) { - int keysize = config.getInteger( - PCERT_PREFIX + ct + ".keysize.size"); + int keysize = config.getInteger(PCERT_PREFIX + ct + + ".keysize.size"); createRSAKeyPair(token, keysize, config, ct); } else { - String curveName = config.getString( - PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name); + String curveName = config.getString(PCERT_PREFIX + ct + + ".curvename.name", default_ecc_curve_name); createECCKeyPair(token, curveName, config, ct); } config.commit(false); @@ -441,40 +479,41 @@ public class SizePanel extends WizardPanelBase { CMS.debug(e); CMS.debug("SizePanel: key generation failure: " + e.toString()); context.put("updateStatus", "failure"); - throw new IOException("key generation failure for the certificate: " + friendlyName + - ". See the logs for details."); + throw new IOException( + "key generation failure for the certificate: " + + friendlyName + ". See the logs for details."); } } // while if (hasErr == false) { - config.putBoolean("preop.SizePanel.done", true); - try { - config.commit(false); - } catch (EBaseException e) { - CMS.debug( - "SizePanel: update() Exception caught at config commit: " - + e.toString()); - } - } + config.putBoolean("preop.SizePanel.done", true); + try { + config.commit(false); + } catch (EBaseException e) { + CMS.debug("SizePanel: update() Exception caught at config commit: " + + e.toString()); + } + } CMS.debug("SizePanel: update() done"); context.put("updateStatus", "success"); } - public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { - CMS.debug("Generating ECC key pair with curvename="+ curveName + - ", token="+token); + public void createECCKeyPair(String token, String curveName, + IConfigStore config, String ct) throws NoSuchAlgorithmException, + NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { + CMS.debug("Generating ECC key pair with curvename=" + curveName + + ", token=" + token); KeyPair pair = null; /* - * default ssl server cert to ECDHE unless stated otherwise - * note: IE only supports "ECDHE", but "ECDH" is more efficient - * + * default ssl server cert to ECDHE unless stated otherwise note: IE + * only supports "ECDHE", but "ECDH" is more efficient + * * for "ECDHE", server.xml should have the following for ciphers: * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * + * * for "ECDH", server.xml should have the following for ciphers: * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA @@ -487,49 +526,45 @@ public class SizePanel extends WizardPanelBase { } // ECDHE needs "SIGN" but no "DERIVE" - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE - }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE }; // ECDH needs "DERIVE" but no any kind of "SIGN" org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = { - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, - }; + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, }; do { - if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - ECDH_usages_mask); - } else { - if (ct.equals("sslserver")) { - CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); - } - pair = CryptoUtil.generateECCKeyPair(token, curveName, - null, - usages_mask); - } - - // XXX - store curve , w - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad ECC key id " + kid); - pair = null; + if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + pair = CryptoUtil.generateECCKeyPair(token, curveName, null, + ECDH_usages_mask); + } else { + if (ct.equals("sslserver")) { + CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); + } + pair = CryptoUtil.generateECCKeyPair(token, curveName, null, + usages_mask); + } + + // XXX - store curve , w + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) + .getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil + .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad ECC key id " + kid); + pair = null; } } while (pair == null); - CMS.debug("Public key class " + pair.getPublic().getClass().getName()); + CMS.debug("Public key class " + pair.getPublic().getClass().getName()); byte encoded[] = pair.getPublic().getEncoded(); config.putString(PCERT_PREFIX + ct + ".pubkey.encoded", - CryptoUtil.byte2string(encoded)); + CryptoUtil.byte2string(encoded)); String keyAlgo = ""; try { @@ -537,35 +572,39 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) - throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException - { + public void createRSAKeyPair(String token, int keysize, + IConfigStore config, String ct) throws NoSuchAlgorithmException, + NoSuchTokenException, TokenException, + CryptoManager.NotInitializedException { /* generate key pair */ KeyPair pair = null; do { - pair = CryptoUtil.generateRSAKeyPair(token, keysize); - byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID(); - String kid = CryptoUtil.byte2string(id); - config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); - // try to locate the private key - org.mozilla.jss.crypto.PrivateKey privk = - CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid)); - if (privk == null) { - CMS.debug("Found bad RSA key id " + kid); - pair = null; + pair = CryptoUtil.generateRSAKeyPair(token, keysize); + byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()) + .getUniqueID(); + String kid = CryptoUtil.byte2string(id); + config.putString(PCERT_PREFIX + ct + ".privkey.id", kid); + // try to locate the private key + org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil + .findPrivateKeyFromID(CryptoUtil.string2byte(kid)); + if (privk == null) { + CMS.debug("Found bad RSA key id " + kid); + pair = null; } } while (pair == null); - byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray(); - byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray(); + byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus() + .toByteArray(); + byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent() + .toByteArray(); config.putString(PCERT_PREFIX + ct + ".pubkey.modulus", - CryptoUtil.byte2string(modulus)); + CryptoUtil.byte2string(modulus)); config.putString(PCERT_PREFIX + ct + ".pubkey.exponent", - CryptoUtil.byte2string(exponent)); + CryptoUtil.byte2string(exponent)); String keyAlgo = ""; try { @@ -573,41 +612,39 @@ public class SizePanel extends WizardPanelBase { } catch (Exception e1) { } - setSigningAlgorithm(ct, keyAlgo, config); + setSigningAlgorithm(ct, keyAlgo, config); } - public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) { + public void setSigningAlgorithm(String ct, String keyAlgo, + IConfigStore config) { String systemType = ""; try { - systemType = config.getString("preop.system.name"); + systemType = config.getString("preop.system.name"); } catch (Exception e1) { } if (systemType.equalsIgnoreCase("CA")) { - if (ct.equals("signing")) { - config.putString("ca.signing.defaultSigningAlgorithm", - keyAlgo); - config.putString("ca.crl.MasterCRL.signingAlgorithm", - keyAlgo); - } else if (ct.equals("ocsp_signing")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", - keyAlgo); - } + if (ct.equals("signing")) { + config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo); + config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo); + } else if (ct.equals("ocsp_signing")) { + config.putString("ca.ocsp_signing.defaultSigningAlgorithm", + keyAlgo); + } } else if (systemType.equalsIgnoreCase("OCSP")) { - if (ct.equals("signing")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", - keyAlgo); - } - } else if (systemType.equalsIgnoreCase("KRA") || - systemType.equalsIgnoreCase("DRM")) { - if (ct.equals("transport")) { + if (ct.equals("signing")) { + config.putString("ocsp.signing.defaultSigningAlgorithm", + keyAlgo); + } + } else if (systemType.equalsIgnoreCase("KRA") + || systemType.equalsIgnoreCase("DRM")) { + if (ct.equals("transport")) { config.putString("kra.transportUnit.signingAlgorithm", keyAlgo); - } + } } } public void initParams(HttpServletRequest request, Context context) - throws IOException - { + throws IOException { IConfigStore config = CMS.getConfigStore(); String s = ""; try { @@ -619,10 +656,13 @@ public class SizePanel extends WizardPanelBase { s = config.getString("preop.hierarchy.select", "root"); context.put("hselect", s); - s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); + s = config.getString("preop.ecc.algorithm.list", + "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC"); context.put("ecclist", s); - s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); + s = config + .getString("preop.rsa.algorithm.list", + "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA"); context.put("rsalist", s); s = config.getString("keys.ecc.curve.list", "nistp256"); @@ -635,7 +675,8 @@ public class SizePanel extends WizardPanelBase { context.put("subsystemtype", s); } catch (Exception e) { - CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + e); + CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + + e); } } @@ -643,10 +684,9 @@ public class SizePanel extends WizardPanelBase { * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { try { - initParams(request, context); + initParams(request, context); } catch (IOException e) { } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java index cf59e07c..b1c16d65 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java @@ -51,6 +51,7 @@ public class TokenAuthenticate extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -58,13 +59,14 @@ public class TokenAuthenticate extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IConfigStore config = CMS.getConfigStore(); + IConfigStore config = CMS.getConfigStore(); String sessionId = httpReq.getParameter("sessionID"); CMS.debug("TokenAuthentication: sessionId=" + sessionId); @@ -85,9 +87,9 @@ public class TokenAuthenticate extends CMSServlet { CMS.debug("TokenAuthentication: found session"); if (checkIP) { String hostname = table.getIP(sessionId); - if (! hostname.equals(givenHost)) { - CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" - + givenHost + " are different"); + if (!hostname.equals(givenHost)) { + CMS.debug("TokenAuthentication: hostname=" + hostname + + " and givenHost=" + givenHost + " are different"); CMS.debug("TokenAuthenticate authenticate failed, wrong hostname."); outputError(httpResp, "Error: Failed Authentication"); return; @@ -122,7 +124,15 @@ public class TokenAuthenticate extends CMSServlet { } } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java index cf699c61..b71cbb3c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateConnector extends CMSServlet { /** @@ -62,6 +60,7 @@ public class UpdateConnector extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -71,7 +70,7 @@ public class UpdateConnector extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. */ protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateConnector: processing..."); @@ -85,9 +84,9 @@ public class UpdateConnector extends CMSServlet { CMS.debug("UpdateConnector authentication successful."); } catch (Exception e) { CMS.debug("UpdateConnector: authentication failed."); - log(ILogger.LL_FAILURE, + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", - e.toString())); + e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -100,19 +99,19 @@ public class UpdateConnector extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); CMS.debug("UpdateConnector authorization successful."); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } @@ -125,33 +124,35 @@ public class UpdateConnector extends CMSServlet { Enumeration list = httpReq.getParameterNames(); while (list.hasMoreElements()) { - String name = (String)list.nextElement(); + String name = (String) list.nextElement(); String val = httpReq.getParameter(name); if (name != null && name.startsWith("ca.connector")) { - CMS.debug("Adding connector update name=" + name + " val=" + val); + CMS.debug("Adding connector update name=" + name + " val=" + + val); cs.putString(name, val); } else { - CMS.debug("Skipping connector update name=" + name + " val=" + val); + CMS.debug("Skipping connector update name=" + name + " val=" + + val); } } - - try { + + try { String nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); if (!tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + nickname = tokenname + ":" + nickname; cs.putString("ca.connector.KRA.nickName", nickname); cs.commit(false); } catch (Exception e) { } // start the connector - try { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem("ca"); - ICAService caService = (ICAService)ca.getCAService(); - IConnector kraConnector = caService.getConnector( - cs.getSubStore("ca.connector.KRA")); + try { + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem("ca"); + ICAService caService = (ICAService) ca.getCAService(); + IConnector kraConnector = caService.getConnector(cs + .getSubStore("ca.connector.KRA")); caService.setKRAConnector(kraConnector); kraConnector.start(); } catch (Exception e) { @@ -173,14 +174,22 @@ public class UpdateConnector extends CMSServlet { } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index c9fe27ef..57c58df3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -55,7 +54,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateDomainXML extends CMSServlet { /** @@ -64,10 +62,8 @@ public class UpdateDomainXML extends CMSServlet { private static final long serialVersionUID = 4059169588555717548L; private final static String SUCCESS = "0"; private final static String FAILED = "1"; - private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = - "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = - "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public UpdateDomainXML() { super(); @@ -75,6 +71,7 @@ public class UpdateDomainXML extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,20 +98,19 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to delete entry" + e.toString()); } - } catch (Exception e) { - CMS.debug("Failed to delete entry" + e.toString()); - } finally { + } catch (Exception e) { + CMS.debug("Failed to delete entry" + e.toString()); + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } private String modify_ldap(String dn, LDAPModification mod) { @@ -135,23 +131,21 @@ public class UpdateDomainXML extends CMSServlet { status = FAILED; CMS.debug("Failed to modify entry" + e.toString()); } - } catch (Exception e) { + } catch (Exception e) { CMS.debug("Failed to modify entry" + e.toString()); - } finally { + } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - private String add_to_ldap(LDAPEntry entry, String dn) { CMS.debug("UpdateDomainXML: add_to_ldap: starting"); String status = SUCCESS; @@ -172,37 +166,38 @@ public class UpdateDomainXML extends CMSServlet { conn.delete(dn); conn.add(entry); } catch (LDAPException ee) { - CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString()); + CMS.debug("UpdateDomainXML: Error when replacing existing entry " + + ee.toString()); status = FAILED; } } else { - CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString()); + CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + + e.toString()); status = FAILED; } } catch (Exception e) { CMS.debug("Failed to add entry" + e.toString()); } finally { try { - if ((conn != null) && (connFactory!= null)) { + if ((conn != null) && (connFactory != null)) { CMS.debug("Releasing ldap connection"); connFactory.returnConn(conn); } - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Error releasing the ldap connection" + e.toString()); } - } - return status; + } + return status; } - - /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -219,7 +214,7 @@ public class UpdateDomainXML extends CMSServlet { authToken = authenticate(cmsReq); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated"); return; } @@ -233,19 +228,18 @@ public class UpdateDomainXML extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, AUTH_FAILURE, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - outputError(httpResp, - AUTH_FAILURE, - "Error: Encountered problem during authorization."); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + outputError(httpResp, AUTH_FAILURE, + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -272,7 +266,7 @@ public class UpdateDomainXML extends CMSServlet { String missing = ""; if ((host == null) || host.equals("")) { missing += " host "; - } + } if ((name == null) || name.equals("")) { missing += " name "; } @@ -286,20 +280,20 @@ public class UpdateDomainXML extends CMSServlet { clone = "false"; } - if (! missing.equals("")) { - CMS.debug("UpdateDomainXML process: required parameters:" + missing + - "not provided in request"); - outputError(httpResp, "Error: required parameters: " + missing + - "not provided in request"); + if (!missing.equals("")) { + CMS.debug("UpdateDomainXML process: required parameters:" + missing + + "not provided in request"); + outputError(httpResp, "Error: required parameters: " + missing + + "not provided in request"); return; } String auditMessage = null; String auditSubjectID = auditSubjectID(); - String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+ - "+clone;;"+clone+"+type;;"+type; + String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + + sport + "+clone;;" + clone + "+type;;" + type; if (operation != null) { - auditParams += "+operation;;"+operation; + auditParams += "+operation;;" + operation; } else { auditParams += "+operation;;add"; } @@ -312,8 +306,7 @@ public class UpdateDomainXML extends CMSServlet { try { basedn = cs.getString("internaldb.basedn"); secstore = cs.getString("securitydomain.store"); - } - catch (Exception e) { + } catch (Exception e) { CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script"); } @@ -326,13 +319,14 @@ public class UpdateDomainXML extends CMSServlet { String listName = type + "List"; String cn = host + ":"; - if ((adminsport!= null) && (adminsport != "")) { + if ((adminsport != null) && (adminsport != "")) { cn += adminsport; } else { cn += sport; } - String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn; + String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + + basedn; CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn); LDAPAttributeSet attrs = null; @@ -356,69 +350,69 @@ public class UpdateDomainXML extends CMSServlet { attrs.add(new LDAPAttribute("SecureEEClientAuthPort", eecaport)); } if ((domainmgr != null) && (!domainmgr.equals(""))) { - attrs.add(new LDAPAttribute("DomainManager", domainmgr.toUpperCase())); + attrs.add(new LDAPAttribute("DomainManager", domainmgr + .toUpperCase())); } attrs.add(new LDAPAttribute("clone", clone.toUpperCase())); attrs.add(new LDAPAttribute("SubsystemName", name)); entry = new LDAPEntry(dn, attrs); - - if ((operation != null) && (operation.equals("remove"))) { - status = remove_from_ldap(dn); - String adminUserDN; - if ((agentsport != null) && (!agentsport.equals(""))) { - adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn; - } else { - adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; - } - String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + - "+resource;;"+adminUserDN; - if (status.equals(SUCCESS)) { - // remove the user for this subsystem's admin - status2 = remove_from_ldap(adminUserDN); + + if ((operation != null) && (operation.equals("remove"))) { + status = remove_from_ldap(dn); + String adminUserDN; + if ((agentsport != null) && (!agentsport.equals(""))) { + adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + + ",ou=People," + basedn; + } else { + adminUserDN = "uid=" + type + "-" + host + "-" + sport + + ",ou=People," + basedn; + } + String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + + "+resource;;" + adminUserDN; + if (status.equals(SUCCESS)) { + // remove the user for this subsystem's admin + status2 = remove_from_ldap(adminUserDN); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.SUCCESS, + userAuditParams); + audit(auditMessage); + + // remove this user from the subsystem group + userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + + "+source;;UpdateDomainXML" + + "+resource;;Subsystem Group+user;;" + + adminUserDN; + dn = "cn=Subsystem Group, ou=groups," + basedn; + LDAPModification mod = new LDAPModification( + LDAPModification.DELETE, new LDAPAttribute( + "uniqueMember", adminUserDN)); + status2 = modify_ldap(dn, mod); if (status2.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - userAuditParams); - audit(auditMessage); - - // remove this user from the subsystem group - userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + - "+source;;UpdateDomainXML" + - "+resource;;Subsystem Group+user;;"+adminUserDN; - dn = "cn=Subsystem Group, ou=groups," + basedn; - LDAPModification mod = new LDAPModification(LDAPModification.DELETE, - new LDAPAttribute("uniqueMember", adminUserDN)); - status2 = modify_ldap(dn, mod); - if (status2.equals(SUCCESS)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.SUCCESS, - userAuditParams); - } else { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - userAuditParams); - } - audit(auditMessage); - } else { // error deleting user + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.SUCCESS, + userAuditParams); + } else { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, - ILogger.FAILURE, - userAuditParams); - audit(auditMessage); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + userAuditParams); } + audit(auditMessage); + } else { // error deleting user + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, ILogger.FAILURE, + userAuditParams); + audit(auditMessage); } + } } else { - status = add_to_ldap(entry, dn); + status = add_to_ldap(entry, dn); } - } - else { + } else { // update the domain.xml file String path = CMS.getConfigStore().getString("instanceRoot", "") + "/conf/domain.xml"; @@ -430,7 +424,7 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("UpdateDomainXML: Inserting new domain info"); XMLObject parser = new XMLObject(new FileInputStream(path)); Node n = parser.getContainer(list); - int count =0; + int count = 0; if ((operation != null) && (operation.equals("remove"))) { // delete node @@ -440,15 +434,19 @@ public class UpdateDomainXML extends CMSServlet { for (int i = 0; i < len; i++) { Node nn = (Node) nodeList.item(i); - Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName"); - Vector v_host = parser.getValuesFromContainer(nn, "Host"); - Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); - if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) - && (v_adminport.elementAt(0).equals(adminsport))) { - Node parent = nn.getParentNode(); - Node remNode = parent.removeChild(nn); - count --; - break; + Vector v_name = parser.getValuesFromContainer(nn, + "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nn, + "Host"); + Vector v_adminport = parser.getValuesFromContainer(nn, + "SecureAdminPort"); + if ((v_name.elementAt(0).equals(name)) + && (v_host.elementAt(0).equals(host)) + && (v_adminport.elementAt(0).equals(adminsport))) { + Node parent = nn.getParentNode(); + Node remNode = parent.removeChild(nn); + count--; + break; } } } else { @@ -457,39 +455,44 @@ public class UpdateDomainXML extends CMSServlet { parser.addItemToContainer(parent, "SubsystemName", name); parser.addItemToContainer(parent, "Host", host); parser.addItemToContainer(parent, "SecurePort", sport); - parser.addItemToContainer(parent, "SecureAgentPort", agentsport); - parser.addItemToContainer(parent, "SecureAdminPort", adminsport); - parser.addItemToContainer(parent, "SecureEEClientAuthPort", eecaport); + parser.addItemToContainer(parent, "SecureAgentPort", + agentsport); + parser.addItemToContainer(parent, "SecureAdminPort", + adminsport); + parser.addItemToContainer(parent, "SecureEEClientAuthPort", + eecaport); parser.addItemToContainer(parent, "UnSecurePort", httpport); - parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase()); - parser.addItemToContainer(parent, "Clone", clone.toUpperCase()); - count ++; + parser.addItemToContainer(parent, "DomainManager", + domainmgr.toUpperCase()); + parser.addItemToContainer(parent, "Clone", + clone.toUpperCase()); + count++; } - //update count + // update count String countS = ""; NodeList nlist = n.getChildNodes(); Node countnode = null; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { countnode = nn; NodeList nlist1 = nn.getChildNodes(); Node nn1 = nlist1.item(0); - countS = nn1.getNodeValue(); + countS = nn1.getNodeValue(); break; } } - CMS.debug("UpdateDomainXML process: SubsystemCount="+countS); + CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS); try { - count += Integer.parseInt(countS); + count += Integer.parseInt(countS); } catch (Exception ee) { } Node nn2 = n.removeChild(countnode); - parser.addItemToContainer(n, "SubsystemCount", ""+count); + parser.addItemToContainer(n, "SubsystemCount", "" + count); // recreate domain.xml CMS.debug("UpdateDomainXML: Recreating domain.xml"); @@ -503,28 +506,24 @@ public class UpdateDomainXML extends CMSServlet { } } - + if (status.equals(SUCCESS)) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - auditSubjectID, - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, ILogger.SUCCESS, auditParams); } else { // what if already exists or already deleted auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, - auditSubjectID, - ILogger.FAILURE, - auditParams); + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, ILogger.FAILURE, auditParams); } audit(auditMessage); - if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { - status = SUCCESS; - } else { - status = FAILED; - } + if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { + status = SUCCESS; + } else { + status = FAILED; + } try { // send success status back to the requestor @@ -537,24 +536,34 @@ public class UpdateDomainXML extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString()); + CMS.debug("UpdateDomainXML: Failed to send the XML output" + + e.toString()); } } protected String securityDomainXMLtoLDAP(String xmltag) { - if (xmltag.equals("Host")) return "host"; - else return xmltag; + if (xmltag.equals("Host")) + return "host"; + else + return xmltag; } + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void setDefaultTemplates(ServletConfig sc) {} - - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java index 0a1787aa..f563c9f6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateNumberRange extends CMSServlet { /** @@ -55,8 +53,7 @@ public class UpdateNumberRange extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = - "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; public UpdateNumberRange() { super(); @@ -64,6 +61,7 @@ public class UpdateNumberRange extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -73,11 +71,13 @@ public class UpdateNumberRange extends CMSServlet { } /** - * Process the HTTP request. + * Process the HTTP request. * <ul> * <li>http.param op 'downloadBIN' - return the binary certificate chain - * <li>http.param op 'displayIND' - display pretty-print of certificate chain components + * <li>http.param op 'displayIND' - display pretty-print of certificate + * chain components * </ul> + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { @@ -96,18 +96,18 @@ public class UpdateNumberRange extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -131,13 +131,13 @@ public class UpdateNumberRange extends CMSServlet { BigInteger oneNum = new BigInteger("1"); String endNumConfig = null; String cloneNumConfig = null; - String nextEndConfig = null; + String nextEndConfig = null; int radix = 10; IRepository repo = null; if (cstype.equals("KRA")) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem( - IKeyRecoveryAuthority.ID); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(IKeyRecoveryAuthority.ID); if (type.equals("request")) { repo = kra.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -146,8 +146,8 @@ public class UpdateNumberRange extends CMSServlet { repo = kra.getReplicaRepository(); } } else { // CA - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem( - ICertificateAuthority.ID); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(ICertificateAuthority.ID); if (type.equals("request")) { repo = ca.getRequestQueue().getRequestRepository(); } else if (type.equals("serialNo")) { @@ -157,26 +157,28 @@ public class UpdateNumberRange extends CMSServlet { } } - // checkRanges for replicaID - we do this each time a replica is created. - // This needs to be done beforehand to ensure that we always have enough + // checkRanges for replicaID - we do this each time a replica is + // created. + // This needs to be done beforehand to ensure that we always have + // enough // replica numbers if (type.equals("replicaId")) { - CMS.debug("Checking replica number ranges"); - repo.checkRanges(); + CMS.debug("Checking replica number ranges"); + repo.checkRanges(); } - + if (type.equals("request")) { radix = 10; endNumConfig = "dbs.endRequestNumber"; cloneNumConfig = "dbs.requestCloneTransferNumber"; nextEndConfig = "dbs.nextEndRequestNumber"; } else if (type.equals("serialNo")) { - radix=16; + radix = 16; endNumConfig = "dbs.endSerialNumber"; cloneNumConfig = "dbs.serialCloneTransferNumber"; nextEndConfig = "dbs.nextEndSerialNumber"; } else if (type.equals("replicaId")) { - radix=10; + radix = 10; endNumConfig = "dbs.endReplicaNumber"; cloneNumConfig = "dbs.replicaCloneTransferNumber"; nextEndConfig = "dbs.nextEndReplicaNumber"; @@ -192,11 +194,11 @@ public class UpdateNumberRange extends CMSServlet { String nextEndNumStr = cs.getString(nextEndConfig, ""); BigInteger endNum2 = new BigInteger(nextEndNumStr, radix); CMS.debug("Transferring from the end of on-deck range"); - String newValStr = endNum2.subtract(decrement).toString(radix); - repo.setNextMaxSerial(newValStr); - cs.putString(nextEndConfig, newValStr); - beginNum = endNum2.subtract(decrement).add(oneNum); - endNum = endNum2; + String newValStr = endNum2.subtract(decrement).toString(radix); + repo.setNextMaxSerial(newValStr); + cs.putString(nextEndConfig, newValStr); + beginNum = endNum2.subtract(decrement).add(oneNum); + endNum = endNum2; } else { CMS.debug("Transferring from the end of the current range"); String newValStr = beginNum.subtract(oneNum).toString(radix); @@ -204,22 +206,19 @@ public class UpdateNumberRange extends CMSServlet { cs.putString(endNumConfig, newValStr); } - - if( beginNum == null ) { - CMS.debug( "UpdateNumberRange::process() - " + - "beginNum is null!" ); + if (beginNum == null) { + CMS.debug("UpdateNumberRange::process() - " + + "beginNum is null!"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, - auditSubjectID, - ILogger.FAILURE, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, ILogger.FAILURE, auditParams); audit(auditMessage); return; } // Enable serial number management in master for certs and requests if (type.equals("replicaId")) { - repo.setEnableSerialMgmt(true); + repo.setEnableSerialMgmt(true); } // insert info @@ -230,45 +229,51 @@ public class UpdateNumberRange extends CMSServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); - xmlObj.addItemToContainer(root, "beginNumber", beginNum.toString(radix)); + xmlObj.addItemToContainer(root, "beginNumber", + beginNum.toString(radix)); xmlObj.addItemToContainer(root, "endNumber", endNum.toString(radix)); byte[] cb = xmlObj.toByteArray(); outputResult(httpResp, "application/xml", cb); cs.commit(false); - auditParams += "+beginNumber;;" + beginNum.toString(radix) + - "+endNumber;;" + endNum.toString(radix); + auditParams += "+beginNumber;;" + beginNum.toString(radix) + + "+endNumber;;" + endNum.toString(radix); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, - auditSubjectID, - ILogger.SUCCESS, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, + ILogger.SUCCESS, auditParams); audit(auditMessage); } catch (Exception e) { - CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString()); + CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " + + e.toString()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, - auditSubjectID, - ILogger.FAILURE, - auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID, + ILogger.FAILURE, auditParams); audit(auditMessage); outputError(httpResp, "Error: Failed to update number range."); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java index 2339c4c7..266633cb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java @@ -40,7 +40,6 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ICMSTemplateFiller; import com.netscape.cmsutil.xml.XMLObject; - public class UpdateOCSPConfig extends CMSServlet { /** @@ -57,6 +56,7 @@ public class UpdateOCSPConfig extends CMSServlet { /** * initialize the servlet. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, - "modify"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "modify"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, "Error: Not authorized"); return; } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); outputError(httpResp, - "Error: Encountered problem during authorization."); + "Error: Encountered problem during authorization."); return; } if (authzToken == null) { @@ -107,32 +107,38 @@ public class UpdateOCSPConfig extends CMSServlet { try { nickname = cs.getString("ca.subsystem.nickname", ""); String tokenname = cs.getString("ca.subsystem.tokenname", ""); - if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) - nickname = tokenname+":"+nickname; + if (!tokenname.equals("internal") + && !tokenname.equals("Internal Key Storage Token")) + nickname = tokenname + ":" + nickname; } catch (Exception e) { } - CMS.debug("UpdateOCSPConfig process: nickname="+nickname); + CMS.debug("UpdateOCSPConfig process: nickname=" + nickname); String ocsphost = httpReq.getParameter("ocsp_host"); String ocspport = httpReq.getParameter("ocsp_port"); try { cs.putString("ca.publish.enable", "true"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", - ocsphost); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", - ocspport); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", - nickname); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", + ocsphost); + cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", + ocspport); + cs.putString( + "ca.publish.publisher.instance.OCSPPublisher.nickName", + nickname); cs.putString("ca.publish.publisher.instance.OCSPPublisher.path", - "/ocsp/agent/ocsp/addCRL"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher"); - cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true"); + "/ocsp/agent/ocsp/addCRL"); + cs.putString( + "ca.publish.publisher.instance.OCSPPublisher.pluginName", + "OCSPPublisher"); + cs.putString( + "ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", + "true"); cs.putString("ca.publish.rule.instance.ocsprule.enable", "true"); cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap"); cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule"); - cs.putString("ca.publish.rule.instance.ocsprule.publisher", - "OCSPPublisher"); + cs.putString("ca.publish.rule.instance.ocsprule.publisher", + "OCSPPublisher"); cs.putString("ca.publish.rule.instance.ocsprule.type", "crl"); cs.commit(false); // insert info @@ -147,19 +153,28 @@ public class UpdateOCSPConfig extends CMSServlet { outputResult(httpResp, "application/xml", cb); } catch (Exception e) { - CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString()); + CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + + e.toString()); outputError(httpResp, "Error: Failed to update OCSP configuration."); } } - protected void setDefaultTemplates(ServletConfig sc) {} + protected void setDefaultTemplates(ServletConfig sc) { + } - protected void renderTemplate( - CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) - throws IOException {// do nothing - } + protected void renderTemplate(CMSRequest cmsReq, String templateName, + ICMSTemplateFiller filler) throws IOException {// do nothing + } - protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript. + protected void renderResult(CMSRequest cmsReq) throws IOException {// do + // nothing, + // ie, it + // will + // not + // return + // the + // default + // javascript. } /** diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java index 7b1c9959..ff545b71 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import javax.servlet.ServletConfig; @@ -35,13 +34,14 @@ import com.netscape.cms.servlet.wizard.WizardServlet; public class WelcomePanel extends WizardPanelBase { - public WelcomePanel() {} + public WelcomePanel() { + } /** * Initializes this panel. */ - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { setPanelNo(panelno); setName("Welcome"); setId(id); @@ -52,19 +52,20 @@ public class WelcomePanel extends WizardPanelBase { cs.putBoolean("preop.welcome.done", false); } - public boolean isPanelDone() { + public boolean isPanelDone() { IConfigStore cs = CMS.getConfigStore(); try { return cs.getBoolean("preop.welcome.done"); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } return false; } public PropertySet getUsage() { PropertySet set = new PropertySet(); - + /* XXX */ - + return set; } @@ -72,25 +73,21 @@ public class WelcomePanel extends WizardPanelBase { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { IConfigStore cs = CMS.getConfigStore(); CMS.debug("WelcomePanel: display()"); context.put("title", "Welcome"); try { context.put("cstype", cs.getString("cs.type")); context.put("wizardname", cs.getString("preop.wizard.name")); - context.put("panelname", - cs.getString("preop.system.fullname") + " Configuration Wizard"); - context.put("systemname", - cs.getString("preop.system.name")); - context.put("fullsystemname", - cs.getString("preop.system.fullname")); - context.put("productname", - cs.getString("preop.product.name")); - context.put("productversion", - cs.getString("preop.product.version")); - } catch (EBaseException e) {} + context.put("panelname", cs.getString("preop.system.fullname") + + " Configuration Wizard"); + context.put("systemname", cs.getString("preop.system.name")); + context.put("fullsystemname", cs.getString("preop.system.fullname")); + context.put("productname", cs.getString("preop.product.name")); + context.put("productversion", cs.getString("preop.product.version")); + } catch (EBaseException e) { + } context.put("panel", "admin/console/config/welcomepanel.vm"); } @@ -98,27 +95,29 @@ public class WelcomePanel extends WizardPanelBase { * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { IConfigStore cs = CMS.getConfigStore(); try { cs.putBoolean("preop.welcome.done", true); cs.commit(false); - } catch (EBaseException e) {} + } catch (EBaseException e) { + } } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) {/* This should never be called */} + HttpServletResponse response, Context context) {/* + * This should never + * be called + */ + } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java index 06eb63ff..1faca0f8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,7 +24,6 @@ import org.apache.velocity.Template; import org.apache.velocity.app.Velocity; import org.apache.velocity.context.Context; - public class WelcomeServlet extends BaseServlet { /** @@ -34,8 +32,7 @@ public class WelcomeServlet extends BaseServlet { private static final long serialVersionUID = 1179761802633506502L; public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { Template template = null; diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java index a2a7d5df..570c5158 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.ConnectException; @@ -79,8 +78,8 @@ public class WizardPanelBase implements IWizardPanel { public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group"; /** - * Definition for "preop" static variables in CS.cfg - * -- "preop" config parameters should not assumed to exist after configuation + * Definition for "preop" static variables in CS.cfg -- "preop" config + * parameters should not assumed to exist after configuation */ public static final String PRE_CONF_CA_TOKEN = "preop.module.token"; @@ -95,15 +94,12 @@ public class WizardPanelBase implements IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException - { + public void init(ServletConfig config, int panelno) throws ServletException { mPanelNo = panelno; } - public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) - throws ServletException - { + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException { mPanelNo = panelno; } @@ -142,7 +138,7 @@ public class WizardPanelBase implements IWizardPanel { return set; } - + /** * Should we skip this panel? */ @@ -186,30 +182,29 @@ public class WizardPanelBase implements IWizardPanel { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context) {} + HttpServletResponse response, Context context) { + } /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException { + HttpServletResponse response, Context context) throws IOException { } /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context) throws IOException {} + HttpServletResponse response, Context context) throws IOException { + } /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context) {} + HttpServletResponse response, Context context) { + } /** * Retrieves locale based on the request. @@ -233,15 +228,17 @@ public class WizardPanelBase implements IWizardPanel { try { instanceID = config.getString("instanceId", ""); - } catch (Exception e) {} + } catch (Exception e) { + } String nickname = certTag + "Cert cert-" + instanceID; String preferredNickname = null; try { - preferredNickname = config.getString( - PCERT_PREFIX + certTag + ".nickname", null); - } catch (Exception e) {} + preferredNickname = config.getString(PCERT_PREFIX + certTag + + ".nickname", null); + } catch (Exception e) { + } if (preferredNickname != null) { nickname = preferredNickname; @@ -250,37 +247,41 @@ public class WizardPanelBase implements IWizardPanel { } public void updateDomainXML(String hostname, int port, boolean https, - String servlet, String uri) throws IOException { - CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port); + String servlet, String uri) throws IOException { + CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String nickname = ""; String tokenname = ""; try { nickname = cs.getString("preop.cert.subsystem.nickname", ""); tokenname = cs.getString("preop.module.token", ""); - } catch (Exception e) {} + } catch (Exception e) { + } - if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) { - nickname = tokenname+":"+nickname; + if (!tokenname.equals("") + && !tokenname.equals("Internal Key Storage Token") + && !tokenname.equals("internal")) { + nickname = tokenname + ":" + nickname; } CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname); CMS.debug("WizardPanelBase: start sending updateDomainXML request"); - String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); + String c = getHttpResponse(hostname, port, https, servlet, uri, + nickname); CMS.debug("WizardPanelBase: done sending updateDomainXML request"); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject obj = null; try { obj = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = obj.getValue("Status"); @@ -291,7 +292,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = obj.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString()); throw e; @@ -302,21 +303,21 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getSubsystemCount( String hostname, int https_admin_port, - boolean https, String type ) - throws IOException { + public int getSubsystemCount(String hostname, int https_admin_port, + boolean https, String type) throws IOException { CMS.debug("WizardPanelBase getSubsystemCount start"); String c = getDomainXML(hostname, https_admin_port, true); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject obj = new XMLObject(bis); - String containerName = type+"List"; + String containerName = type + "List"; Node n = obj.getContainer(containerName); NodeList nlist = n.getChildNodes(); String countS = ""; - for (int i=0; i<nlist.getLength(); i++) { - Element nn = (Element)nlist.item(i); + for (int i = 0; i < nlist.getLength(); i++) { + Element nn = (Element) nlist.item(i); String tagname = nn.getTagName(); if (tagname.equals("SubsystemCount")) { NodeList nlist1 = nn.getChildNodes(); @@ -325,7 +326,8 @@ public class WizardPanelBase implements IWizardPanel { break; } } - CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS); + CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + + countS); int num = 0; if (countS != null && !countS.equals("")) { @@ -337,7 +339,7 @@ public class WizardPanelBase implements IWizardPanel { return num; } catch (Exception e) { - CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString()); + CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString()); throw new IOException(e.toString()); } } @@ -345,23 +347,23 @@ public class WizardPanelBase implements IWizardPanel { return -1; } - public String getDomainXML( String hostname, int https_admin_port, - boolean https ) - throws IOException { + public String getDomainXML(String hostname, int https_admin_port, + boolean https) throws IOException { CMS.debug("WizardPanelBase getDomainXML start"); - String c = getHttpResponse( hostname, https_admin_port, https, - "/ca/admin/ca/getDomainXML", null, null ); + String c = getHttpResponse(hostname, https_admin_port, https, + "/ca/admin/ca/getDomainXML", null, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getDomainXML() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getDomainXML() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -371,15 +373,14 @@ public class WizardPanelBase implements IWizardPanel { if (status.equals(SUCCESS)) { String domainInfo = parser.getValue("DomainInfo"); - CMS.debug( - "WizardPanelBase getDomainXML: domainInfo=" - + domainInfo); - return domainInfo; + CMS.debug("WizardPanelBase getDomainXML: domainInfo=" + + domainInfo); + return domainInfo; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getDomainXML: " + e.toString()); throw e; @@ -392,29 +393,29 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getSubsystemCert(String host, int port, boolean https) - throws IOException { + public String getSubsystemCert(String host, int port, boolean https) + throws IOException { CMS.debug("WizardPanelBase getSubsystemCert start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/getSubsystemCert", null, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/getSubsystemCert", null, null); if (c != null) { try { - ByteArrayInputStream bis = - new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getSubsystemCert() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getSubsystemCert() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); if (status.equals(SUCCESS)) { String s = parser.getValue("Cert"); return s; } else - return null; + return null; } catch (Exception e) { } } @@ -423,87 +424,90 @@ public class WizardPanelBase implements IWizardPanel { } public void updateConnectorInfo(String host, int port, boolean https, - String content) throws IOException { + String content) throws IOException { CMS.debug("WizardPanelBase updateConnectorInfo start"); - String c = getHttpResponse(host, port, https, - "/ca/admin/ca/updateConnector", content, null); + String c = getHttpResponse(host, port, https, + "/ca/admin/ca/updateConnector", content, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConnectorInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConnectorInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase updateConnectorInfo: status=" + status); + CMS.debug("WizardPanelBase updateConnectorInfo: status=" + + status); if (!status.equals(SUCCESS)) { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); + CMS.debug("WizardPanelBase: updateConnectorInfo: " + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString()); + CMS.debug("WizardPanelBase: updateConnectorInfo: " + + e.toString()); throw new IOException(e.toString()); } } } - public String getCertChainUsingSecureAdminPort( String hostname, - int https_admin_port, - boolean https, - ConfigCertApprovalCallback - certApprovalCallback ) - throws IOException { + public String getCertChainUsingSecureAdminPort(String hostname, + int https_admin_port, boolean https, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start"); - String c = getHttpResponse( hostname, https_admin_port, https, - "/ca/admin/ca/getCertChain", null, null, - certApprovalCallback ); + String c = getHttpResponse(hostname, https_admin_port, https, + "/ca/admin/ca/getCertChain", null, null, certApprovalCallback); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + status); + CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + + status); if (status.equals(SUCCESS)) { String certchain = parser.getValue("ChainBase64"); certchain = CryptoUtil.normalizeCertStr(certchain); - CMS.debug( - "WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" - + certchain); - return certchain; + CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: certchain=" + + certchain); + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + + e.toString()); throw new IOException(e.toString()); } } @@ -511,52 +515,51 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public String getCertChainUsingSecureEEPort( String hostname, - int https_ee_port, - boolean https, - ConfigCertApprovalCallback - certApprovalCallback ) - throws IOException { + public String getCertChainUsingSecureEEPort(String hostname, + int https_ee_port, boolean https, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start"); - String c = getHttpResponse( hostname, https_ee_port, https, - "/ca/ee/ca/getCertChain", null, null, - certApprovalCallback ); + String c = getHttpResponse(hostname, https_ee_port, https, + "/ca/ee/ca/getCertChain", null, null, certApprovalCallback); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" + status); + CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" + + status); if (status.equals(SUCCESS)) { String certchain = parser.getValue("ChainBase64"); certchain = CryptoUtil.normalizeCertStr(certchain); - CMS.debug( - "WizardPanelBase getCertChainUsingSecureEEPort: certchain=" - + certchain); - return certchain; + CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: certchain=" + + certchain); + return certchain; } else { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString()); + CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + + e.toString()); throw new IOException(e.toString()); } } @@ -564,41 +567,44 @@ public class WizardPanelBase implements IWizardPanel { return null; } - public boolean updateConfigEntries(String hostname, int port, boolean https, - String servlet, String uri, IConfigStore config, - HttpServletResponse response) throws IOException { + public boolean updateConfigEntries(String hostname, int port, + boolean https, String servlet, String uri, IConfigStore config, + HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateConfigEntries start"); String c = getHttpResponse(hostname, port, https, servlet, uri, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateConfigEntries() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateConfigEntries() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); - CMS.debug("WizardPanelBase updateConfigEntries: status=" + status); + CMS.debug("WizardPanelBase updateConfigEntries: status=" + + status); if (status.equals(SUCCESS)) { String cstype = ""; try { cstype = config.getString("cs.type", ""); } catch (Exception e) { - CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString()); + CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + + e.toString()); } - - Document doc = parser.getDocument(); + + Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -606,73 +612,104 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) - v = n2.item(0).getNodeValue(); - break; + v = n2.item(0).getNodeValue(); + break; } } if (name.equals("internaldb.ldapconn.host")) { - config.putString("preop.internaldb.master.hostname", v); + config.putString( + "preop.internaldb.master.hostname", v); } else if (name.equals("internaldb.ldapconn.port")) { config.putString("preop.internaldb.master.port", v); } else if (name.equals("internaldb.ldapauth.bindDN")) { - config.putString("preop.internaldb.master.binddn", v); + config.putString("preop.internaldb.master.binddn", + v); } else if (name.equals("internaldb.basedn")) { config.putString(name, v); - config.putString("preop.internaldb.master.basedn", v); + config.putString("preop.internaldb.master.basedn", + v); } else if (name.equals("internaldb.ldapauth.password")) { - config.putString("preop.internaldb.master.bindpwd", v); - } else if (name.equals("internaldb.replication.password")) { - config.putString("preop.internaldb.master.replicationpwd", v); + config.putString("preop.internaldb.master.bindpwd", + v); + } else if (name + .equals("internaldb.replication.password")) { + config.putString( + "preop.internaldb.master.replicationpwd", v); } else if (name.equals("instanceId")) { config.putString("preop.master.instanceId", v); } else if (name.equals("cloning.cert.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString("preop.cert.signing.nickname", v); } else if (name.equals("cloning.ocsp_signing.nickname")) { - config.putString("preop.master.ocsp_signing.nickname", v); - config.putString("preop.cert.ocsp_signing.nickname", v); + config.putString( + "preop.master.ocsp_signing.nickname", v); + config.putString( + "preop.cert.ocsp_signing.nickname", v); } else if (name.equals("cloning.subsystem.nickname")) { - config.putString("preop.master.subsystem.nickname", v); + config.putString("preop.master.subsystem.nickname", + v); config.putString("preop.cert.subsystem.nickname", v); } else if (name.equals("cloning.transport.nickname")) { - config.putString("preop.master.transport.nickname", v); + config.putString("preop.master.transport.nickname", + v); config.putString("kra.transportUnit.nickName", v); config.putString("preop.cert.transport.nickname", v); } else if (name.equals("cloning.storage.nickname")) { config.putString("preop.master.storage.nickname", v); config.putString("kra.storageUnit.nickName", v); config.putString("preop.cert.storage.nickname", v); - } else if (name.equals("cloning.audit_signing.nickname")) { - config.putString("preop.master.audit_signing.nickname", v); - config.putString("preop.cert.audit_signing.nickname", v); + } else if (name + .equals("cloning.audit_signing.nickname")) { + config.putString( + "preop.master.audit_signing.nickname", v); + config.putString( + "preop.cert.audit_signing.nickname", v); config.putString(name, v); } else if (name.startsWith("cloning.ca")) { - config.putString(name.replaceFirst("cloning", "preop"), v); + config.putString( + name.replaceFirst("cloning", "preop"), v); } else if (name.equals("cloning.signing.keyalgorithm")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); if (cstype.equals("CA")) { - config.putString("ca.crl.MasterCRL.signingAlgorithm", v); - config.putString("ca.signing.defaultSigningAlgorithm", v); + config.putString( + "ca.crl.MasterCRL.signingAlgorithm", v); + config.putString( + "ca.signing.defaultSigningAlgorithm", v); } else if (cstype.equals("OCSP")) { - config.putString("ocsp.signing.defaultSigningAlgorithm", v); + config.putString( + "ocsp.signing.defaultSigningAlgorithm", + v); } - } else if (name.equals("cloning.transport.keyalgorithm")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); - config.putString("kra.transportUnit.signingAlgorithm", v); - } else if (name.equals("cloning.ocsp_signing.keyalgorithm")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); + } else if (name + .equals("cloning.transport.keyalgorithm")) { + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); + config.putString( + "kra.transportUnit.signingAlgorithm", v); + } else if (name + .equals("cloning.ocsp_signing.keyalgorithm")) { + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); if (cstype.equals("CA")) { - config.putString("ca.ocsp_signing.defaultSigningAlgorithm", v); + config.putString( + "ca.ocsp_signing.defaultSigningAlgorithm", + v); } } else if (name.startsWith("cloning")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); } else { config.putString(name, v); } @@ -686,12 +723,14 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { - CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); + CMS.debug("WizardPanelBase: updateConfigEntries: " + + e.toString()); throw e; } catch (Exception e) { - CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString()); + CMS.debug("WizardPanelBase: updateConfigEntries: " + + e.toString()); throw new IOException(e.toString()); } } @@ -707,15 +746,16 @@ public class WizardPanelBase implements IWizardPanel { if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::authenticate() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::authenticate() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -729,7 +769,7 @@ public class WizardPanelBase implements IWizardPanel { } else { String error = parser.getValue("Error"); return false; - } + } } catch (Exception e) { CMS.debug("WizardPanelBase: authenticate: " + e.toString()); throw new IOException(e.toString()); @@ -739,26 +779,27 @@ public class WizardPanelBase implements IWizardPanel { return false; } - public void updateOCSPConfig(String hostname, int port, boolean https, - String content, HttpServletResponse response) - throws IOException { + public void updateOCSPConfig(String hostname, int port, boolean https, + String content, HttpServletResponse response) throws IOException { CMS.debug("WizardPanelBase updateOCSPConfig start"); - String c = getHttpResponse(hostname, port, https, - "/ca/ee/ca/updateOCSPConfig", content, null); + String c = getHttpResponse(hostname, port, https, + "/ca/ee/ca/updateOCSPConfig", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateOCSPConfig: content is null."); - throw new IOException("The server you want to contact is not available"); + throw new IOException( + "The server you want to contact is not available"); } else { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateOCSPConfig() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateOCSPConfig() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -774,7 +815,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString()); throw e; @@ -785,11 +826,11 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateNumberRange(String hostname, int port, boolean https, - String content, String type, HttpServletResponse response) - throws IOException { - CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + - " port=" + port); + public void updateNumberRange(String hostname, int port, boolean https, + String content, String type, HttpServletResponse response) + throws IOException { + CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + + " port=" + port); IConfigStore cs = CMS.getConfigStore(); String cstype = ""; try { @@ -798,23 +839,25 @@ public class WizardPanelBase implements IWizardPanel { } cstype = toLowerCaseSubsystemType(cstype); - String c = getHttpResponse(hostname, port, https, - "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null); + String c = getHttpResponse(hostname, port, https, "/" + cstype + "/ee/" + + cstype + "/updateNumberRange", content, null); if (c == null || c.equals("")) { CMS.debug("WizardPanelBase updateNumberRange: content is null."); - throw new IOException("The server you want to contact is not available"); + throw new IOException( + "The server you want to contact is not available"); } else { - CMS.debug("content="+c); + CMS.debug("content=" + c); try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::updateNumberRange() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::updateNumberRange() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -843,7 +886,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString()); CMS.debug(e); @@ -856,24 +899,24 @@ public class WizardPanelBase implements IWizardPanel { } } - public int getPort(String hostname, int port, boolean https, - String portServlet, boolean sport) - throws IOException { + public int getPort(String hostname, int port, boolean https, + String portServlet, boolean sport) throws IOException { CMS.debug("WizardPanelBase getPort start"); String c = getHttpResponse(hostname, port, https, portServlet, "secure=" + sport, null); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getPort() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getPort() - " + "Exception=" + + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -889,7 +932,7 @@ public class WizardPanelBase implements IWizardPanel { String error = parser.getValue("Error"); throw new IOException(error); - } + } } catch (IOException e) { CMS.debug("WizardPanelBase: getPort: " + e.toString()); throw e; @@ -903,14 +946,16 @@ public class WizardPanelBase implements IWizardPanel { } public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname) throws IOException { - return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null); + String uri, String content, String clientnickname) + throws IOException { + return getHttpResponse(hostname, port, secure, uri, content, + clientnickname, null); } - public String getHttpResponse(String hostname, int port, boolean secure, - String uri, String content, String clientnickname, - SSLCertificateApprovalCallback certApprovalCallback) - throws IOException { + public String getHttpResponse(String hostname, int port, boolean secure, + String uri, String content, String clientnickname, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { HttpClient httpclient = null; String c = null; @@ -939,7 +984,8 @@ public class WizardPanelBase implements IWizardPanel { if (content != null && content.length() > 0) { String content_c = content; - httprequest.setHeader("content-length", "" + content_c.length()); + httprequest + .setHeader("content-length", "" + content_c.length()); httprequest.setContent(content_c); } HttpResponse httpresponse = httpclient.send(httprequest); @@ -947,7 +993,8 @@ public class WizardPanelBase implements IWizardPanel { c = httpresponse.getContent(); } catch (ConnectException e) { CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); - throw new IOException("The server you tried to contact is not running."); + throw new IOException( + "The server you tried to contact is not running."); } catch (Exception e) { CMS.debug("WizardPanelBase getHttpResponse: " + e.toString()); throw new IOException(e.toString()); @@ -960,56 +1007,55 @@ public class WizardPanelBase implements IWizardPanel { return c; } - public boolean isSDHostDomainMaster (IConfigStore config) { - String dm="false"; + public boolean isSDHostDomainMaster(IConfigStore config) { + String dm = "false"; try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config.getInteger("securitydomain.httpsadminport"); + int httpsadminport = config + .getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); CMS.debug("Getting DomainMaster from security domain"); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { - Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); - - Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); - - Vector v_domain_mgr = - parser.getValuesFromContainer( nodeList.item(i), - "DomainManager" ); - - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) { - dm = v_domain_mgr.elementAt( 0 ).toString(); + for (int i = 0; i < len; i++) { + Vector v_hostname = parser.getValuesFromContainer( + nodeList.item(i), "Host"); + + Vector v_https_admin_port = parser.getValuesFromContainer( + nodeList.item(i), "SecureAdminPort"); + + Vector v_domain_mgr = parser.getValuesFromContainer( + nodeList.item(i), "DomainManager"); + + if (v_hostname.elementAt(0).equals(hostname) + && v_https_admin_port.elementAt(0).equals( + Integer.toString(httpsadminport))) { + dm = v_domain_mgr.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } return dm.equalsIgnoreCase("true"); } - - public Vector getMasterUrlListFromSecurityDomain( IConfigStore config, - String type, - String portType ) { + + public Vector getMasterUrlListFromSecurityDomain(IConfigStore config, + String type, String portType) { Vector v = new Vector(); try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config.getInteger("securitydomain.httpsadminport"); + int httpsadminport = config + .getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); @@ -1026,13 +1072,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") + && !portType.equals("SecureAgentPort") + && !portType.equals("SecurePort") + && !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + "unknown port type " + + portType); return v; } @@ -1042,16 +1088,15 @@ public class WizardPanelBase implements IWizardPanel { NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("securitydomain.name", - parser.getValue("Name")); + config.putString("securitydomain.name", parser.getValue("Name")); int len = nodeList.getLength(); CMS.debug("Len " + len); for (int i = 0; i < len; i++) { - Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), - "Clone"); - String clone = (String)v_clone.elementAt(0); + Vector v_clone = parser.getValuesFromContainer( + nodeList.item(i), "Clone"); + String clone = (String) v_clone.elementAt(0); if (clone.equalsIgnoreCase("true")) continue; Vector v_name = parser.getValuesFromContainer(nodeList.item(i), @@ -1061,11 +1106,8 @@ public class WizardPanelBase implements IWizardPanel { Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - v.addElement( v_name.elementAt(0) - + " - https://" - + v_host.elementAt(0) - + ":" - + v_port.elementAt(0) ); + v.addElement(v_name.elementAt(0) + " - https://" + + v_host.elementAt(0) + ":" + v_port.elementAt(0)); } } catch (Exception e) { CMS.debug(e.toString()); @@ -1074,14 +1116,14 @@ public class WizardPanelBase implements IWizardPanel { return v; } - public Vector getUrlListFromSecurityDomain( IConfigStore config, - String type, - String portType ) { + public Vector getUrlListFromSecurityDomain(IConfigStore config, + String type, String portType) { Vector v = new Vector(); try { String hostname = config.getString("securitydomain.host"); - int httpsadminport = config.getInteger("securitydomain.httpsadminport"); + int httpsadminport = config + .getInteger("securitydomain.httpsadminport"); CMS.debug("Getting domain.xml from CA..."); String c = getDomainXML(hostname, httpsadminport, true); @@ -1098,13 +1140,13 @@ public class WizardPanelBase implements IWizardPanel { list = "TKSList"; } - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") + && !portType.equals("SecureAgentPort") + && !portType.equals("SecurePort") + && !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + "unknown port type " + + portType); return v; } @@ -1114,8 +1156,7 @@ public class WizardPanelBase implements IWizardPanel { NodeList nodeList = doc.getElementsByTagName(type); // save domain name in cfg - config.putString("securitydomain.name", - parser.getValue("Name")); + config.putString("securitydomain.name", parser.getValue("Name")); int len = nodeList.getLength(); @@ -1127,22 +1168,20 @@ public class WizardPanelBase implements IWizardPanel { "Host"); Vector v_port = parser.getValuesFromContainer(nodeList.item(i), portType); - Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); + Vector v_admin_port = parser.getValuesFromContainer( + nodeList.item(i), "SecureAdminPort"); - if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) { + if (v_host.elementAt(0).equals(hostname) + && v_admin_port.elementAt(0).equals( + new Integer(httpsadminport).toString())) { // add security domain CA to the beginning of list - v.add( 0, v_name.elementAt(0) - + " - https://" - + v_host.elementAt(0) - + ":" - + v_port.elementAt(0) ); + v.add(0, + v_name.elementAt(0) + " - https://" + + v_host.elementAt(0) + ":" + + v_port.elementAt(0)); } else { - v.addElement( v_name.elementAt(0) - + " - https://" - + v_host.elementAt(0) - + ":" - + v_port.elementAt(0) ); + v.addElement(v_name.elementAt(0) + " - https://" + + v_host.elementAt(0) + ":" + v_port.elementAt(0)); } } } catch (Exception e) { @@ -1154,155 +1193,147 @@ public class WizardPanelBase implements IWizardPanel { // Given an HTTPS Hostname and EE port, // retrieve the associated HTTPS Admin port - public String getSecurityDomainAdminPort( IConfigStore config, - String hostname, - String https_ee_port, - String cstype ) { + public String getSecurityDomainAdminPort(IConfigStore config, + String hostname, String https_ee_port, String cstype) { String https_admin_port = new String(); try { - String sd_hostname = config.getString( "securitydomain.host" ); - int sd_httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); - - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( sd_hostname, sd_httpsadminport, true ); - - CMS.debug( "Getting associated HTTPS Admin port from " + - "HTTPS Hostname '" + hostname + - "' and EE port '" + https_ee_port + "'" ); - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + String sd_hostname = config.getString("securitydomain.host"); + int sd_httpsadminport = config + .getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(sd_hostname, sd_httpsadminport, true); + + CMS.debug("Getting associated HTTPS Admin port from " + + "HTTPS Hostname '" + hostname + "' and EE port '" + + https_ee_port + "'"); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() ); + NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase()); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { - Vector v_hostname = - parser.getValuesFromContainer( nodeList.item(i), - "Host" ); - - Vector v_https_ee_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); - - Vector v_https_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); - - if( v_hostname.elementAt( 0 ).equals( hostname ) && - v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { - https_admin_port = - v_https_admin_port.elementAt( 0 ).toString(); + for (int i = 0; i < len; i++) { + Vector v_hostname = parser.getValuesFromContainer( + nodeList.item(i), "Host"); + + Vector v_https_ee_port = parser.getValuesFromContainer( + nodeList.item(i), "SecurePort"); + + Vector v_https_admin_port = parser.getValuesFromContainer( + nodeList.item(i), "SecureAdminPort"); + + if (v_hostname.elementAt(0).equals(hostname) + && v_https_ee_port.elementAt(0).equals(https_ee_port)) { + https_admin_port = v_https_admin_port.elementAt(0) + .toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( https_admin_port ); + return (https_admin_port); } - public String getSecurityDomainPort( IConfigStore config, - String portType ) { + public String getSecurityDomainPort(IConfigStore config, String portType) { String port = new String(); try { - String hostname = config.getString( "securitydomain.host" ); - int httpsadminport = - config.getInteger( "securitydomain.httpsadminport" ); - - CMS.debug( "Getting domain.xml from CA ..." ); - String c = getDomainXML( hostname, httpsadminport, true ); - - CMS.debug( "Getting " + portType + " from Security Domain ..." ); - if( !portType.equals( "UnSecurePort" ) && - !portType.equals( "SecureAgentPort" ) && - !portType.equals( "SecurePort" ) && - !portType.equals( "SecureAdminPort" ) ) { - CMS.debug( "getPortFromSecurityDomain: " + - "unknown port type " + portType ); + String hostname = config.getString("securitydomain.host"); + int httpsadminport = config + .getInteger("securitydomain.httpsadminport"); + + CMS.debug("Getting domain.xml from CA ..."); + String c = getDomainXML(hostname, httpsadminport, true); + + CMS.debug("Getting " + portType + " from Security Domain ..."); + if (!portType.equals("UnSecurePort") + && !portType.equals("SecureAgentPort") + && !portType.equals("SecurePort") + && !portType.equals("SecureAdminPort")) { + CMS.debug("getPortFromSecurityDomain: " + "unknown port type " + + portType); return ""; } - ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() ); - XMLObject parser = new XMLObject( bis ); + ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + XMLObject parser = new XMLObject(bis); Document doc = parser.getDocument(); - NodeList nodeList = doc.getElementsByTagName( "CA" ); + NodeList nodeList = doc.getElementsByTagName("CA"); int len = nodeList.getLength(); - for( int i = 0; i < len; i++ ) { - Vector v_admin_port = - parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + for (int i = 0; i < len; i++) { + Vector v_admin_port = parser.getValuesFromContainer( + nodeList.item(i), "SecureAdminPort"); Vector v_port = null; - if( portType.equals( "UnSecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "UnSecurePort" ); - } else if( portType.equals( "SecureAgentPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAgentPort" ); - } else if( portType.equals( "SecurePort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); - } else if( portType.equals( "SecureAdminPort" ) ) { - v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + if (portType.equals("UnSecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "UnSecurePort"); + } else if (portType.equals("SecureAgentPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAgentPort"); + } else if (portType.equals("SecurePort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecurePort"); + } else if (portType.equals("SecureAdminPort")) { + v_port = parser.getValuesFromContainer(nodeList.item(i), + "SecureAdminPort"); } - if( ( v_port != null ) && - ( v_admin_port.elementAt( 0 ).equals( - Integer.toString( httpsadminport ) ) ) ) { - port = v_port.elementAt( 0 ).toString(); + if ((v_port != null) + && (v_admin_port.elementAt(0).equals(Integer + .toString(httpsadminport)))) { + port = v_port.elementAt(0).toString(); break; } } } catch (Exception e) { - CMS.debug( e.toString() ); + CMS.debug(e.toString()); } - return( port ); + return (port); } - public String pingCS( String hostname, int port, boolean https, - SSLCertificateApprovalCallback certApprovalCallback ) - throws IOException { - CMS.debug( "WizardPanelBase pingCS: started" ); + public String pingCS(String hostname, int port, boolean https, + SSLCertificateApprovalCallback certApprovalCallback) + throws IOException { + CMS.debug("WizardPanelBase pingCS: started"); - String c = getHttpResponse( hostname, port, https, - "/ca/admin/ca/getStatus", - null, null, certApprovalCallback ); + String c = getHttpResponse(hostname, port, https, + "/ca/admin/ca/getStatus", null, null, certApprovalCallback); - if( c != null ) { + if (c != null) { try { - ByteArrayInputStream bis = new - ByteArrayInputStream( c.getBytes() ); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; String state = null; try { - parser = new XMLObject( bis ); - CMS.debug( "WizardPanelBase pingCS: got XML parsed" ); - state = parser.getValue( "State" ); + parser = new XMLObject(bis); + CMS.debug("WizardPanelBase pingCS: got XML parsed"); + state = parser.getValue("State"); - if( state != null ) { - CMS.debug( "WizardPanelBase pingCS: state=" + state ); + if (state != null) { + CMS.debug("WizardPanelBase pingCS: state=" + state); } } catch (Exception e) { - CMS.debug( "WizardPanelBase: pingCS: parser failed" - + e.toString() ); + CMS.debug("WizardPanelBase: pingCS: parser failed" + + e.toString()); } return state; - } catch( Exception e ) { - CMS.debug( "WizardPanelBase: pingCS: " + e.toString() ); - throw new IOException( e.toString() ); + } catch (Exception e) { + CMS.debug("WizardPanelBase: pingCS: " + e.toString()); + throw new IOException(e.toString()); } } - CMS.debug( "WizardPanelBase pingCS: stopped" ); + CMS.debug("WizardPanelBase pingCS: stopped"); return null; } @@ -1311,7 +1342,7 @@ public class WizardPanelBase implements IWizardPanel { if (s.equals("CA")) { x = "ca"; } else if (s.equals("KRA")) { - x = "kra"; + x = "kra"; } else if (s.equals("OCSP")) { x = "ocsp"; } else if (s.equals("TKS")) { @@ -1321,25 +1352,26 @@ public class WizardPanelBase implements IWizardPanel { return x; } - public void getTokenInfo(IConfigStore config, String type, String host, - int https_ee_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { + public void getTokenInfo(IConfigStore config, String type, String host, + int https_ee_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { CMS.debug("WizardPanelBase getTokenInfo start"); - String uri = "/"+type+"/ee/"+type+"/getTokenInfo"; - CMS.debug("WizardPanelBase getTokenInfo: uri="+uri); + String uri = "/" + type + "/ee/" + type + "/getTokenInfo"; + CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri); String c = getHttpResponse(host, https_ee_port, https, uri, null, null, - certApprovalCallback); + certApprovalCallback); if (c != null) { try { - ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes()); + ByteArrayInputStream bis = new ByteArrayInputStream( + c.getBytes()); XMLObject parser = null; try { parser = new XMLObject(bis); } catch (Exception e) { - CMS.debug( "WizardPanelBase::getTokenInfo() - " - + "Exception="+e.toString() ); - throw new IOException( e.toString() ); + CMS.debug("WizardPanelBase::getTokenInfo() - " + + "Exception=" + e.toString()); + throw new IOException(e.toString()); } String status = parser.getValue("Status"); @@ -1350,7 +1382,7 @@ public class WizardPanelBase implements IWizardPanel { Document doc = parser.getDocument(); NodeList list = doc.getElementsByTagName("name"); int len = list.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node n = list.item(i); NodeList nn = n.getChildNodes(); String name = nn.item(0).getNodeValue(); @@ -1358,30 +1390,35 @@ public class WizardPanelBase implements IWizardPanel { nn = parent.getChildNodes(); int len1 = nn.getLength(); String v = ""; - for (int j=0; j<len1; j++) { + for (int j = 0; j < len1; j++) { Node nv = nn.item(j); String val = nv.getNodeName(); if (val.equals("value")) { NodeList n2 = nv.getChildNodes(); if (n2.getLength() > 0) v = n2.item(0).getNodeValue(); - break; + break; } } - if (name.equals("cloning.signing.nickname")) { + if (name.equals("cloning.signing.nickname")) { config.putString("preop.master.signing.nickname", v); config.putString(type + ".cert.signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.ocsp_signing.nickname")) { - config.putString("preop.master.ocsp_signing.nickname", v); - config.putString(type + ".cert.ocsp_signing.nickname", v); + config.putString( + "preop.master.ocsp_signing.nickname", v); + config.putString(type + + ".cert.ocsp_signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.subsystem.nickname")) { - config.putString("preop.master.subsystem.nickname", v); - config.putString(type + ".cert.subsystem.nickname", v); + config.putString("preop.master.subsystem.nickname", + v); + config.putString(type + ".cert.subsystem.nickname", + v); config.putString(name, v); } else if (name.equals("cloning.transport.nickname")) { - config.putString("preop.master.transport.nickname", v); + config.putString("preop.master.transport.nickname", + v); config.putString("kra.transportUnit.nickName", v); config.putString("kra.cert.transport.nickname", v); config.putString(name, v); @@ -1390,35 +1427,45 @@ public class WizardPanelBase implements IWizardPanel { config.putString("kra.storageUnit.nickName", v); config.putString("kra.cert.storage.nickname", v); config.putString(name, v); - } else if (name.equals("cloning.audit_signing.nickname")) { - config.putString("preop.master.audit_signing.nickname", v); - config.putString(type + ".cert.audit_signing.nickname", v); + } else if (name + .equals("cloning.audit_signing.nickname")) { + config.putString( + "preop.master.audit_signing.nickname", v); + config.putString(type + + ".cert.audit_signing.nickname", v); config.putString(name, v); } else if (name.equals("cloning.module.token")) { config.putString("preop.module.token", v); } else if (name.startsWith("cloning.ca")) { - config.putString(name.replaceFirst("cloning", "preop"), v); + config.putString( + name.replaceFirst("cloning", "preop"), v); } else if (name.startsWith("cloning")) { - config.putString(name.replaceFirst("cloning", "preop.cert"), v); + config.putString( + name.replaceFirst("cloning", "preop.cert"), + v); } else { config.putString(name, v); } } // reset nicknames for system cert verification - String token = config.getString("preop.module.token", - "Internal Key Storage Token"); - if (! token.equals("Internal Key Storage Token")) { + String token = config.getString("preop.module.token", + "Internal Key Storage Token"); + if (!token.equals("Internal Key Storage Token")) { String certlist = config.getString("preop.cert.list"); StringTokenizer t1 = new StringTokenizer(certlist, ","); while (t1.hasMoreTokens()) { String tag = t1.nextToken(); - if (tag.equals("sslserver")) continue; - config.putString(type + ".cert." + tag + ".nickname", - token + ":" + - config.getString(type + ".cert." + tag + ".nickname", "")); - } + if (tag.equals("sslserver")) + continue; + config.putString( + type + ".cert." + tag + ".nickname", + token + + ":" + + config.getString(type + ".cert." + + tag + ".nickname", "")); + } } } else { String error = parser.getValue("Error"); @@ -1431,7 +1478,7 @@ public class WizardPanelBase implements IWizardPanel { CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString()); throw new IOException(e.toString()); } - } + } } public void importCertChain(String id) throws IOException { @@ -1442,31 +1489,32 @@ public class WizardPanelBase implements IWizardPanel { try { pkcs7 = config.getString(configName, ""); - } catch (Exception e) {} + } catch (Exception e) { + } if (pkcs7.length() > 0) { try { CryptoUtil.importCertificateChain(pkcs7); } catch (Exception e) { - CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString()); + CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + + e.toString()); } } } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context) throws IOException { - updateCertChain( config, name, host, https_admin_port, - https, context, null ); + int https_admin_port, boolean https, Context context) + throws IOException { + updateCertChain(config, name, host, https_admin_port, https, context, + null); } public void updateCertChain(IConfigStore config, String name, String host, - int https_admin_port, boolean https, Context context, - ConfigCertApprovalCallback certApprovalCallback) throws IOException { - String certchain = getCertChainUsingSecureAdminPort( host, - https_admin_port, - https, - certApprovalCallback ); - config.putString("preop."+name+".pkcs7", certchain); + int https_admin_port, boolean https, Context context, + ConfigCertApprovalCallback certApprovalCallback) throws IOException { + String certchain = getCertChainUsingSecureAdminPort(host, + https_admin_port, https, certApprovalCallback); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1474,8 +1522,7 @@ public class WizardPanelBase implements IWizardPanel { try { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { - context.put("errorString", - "Failed to get the certificate chain."); + context.put("errorString", "Failed to get the certificate chain."); return; } @@ -1483,7 +1530,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1491,11 +1538,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1504,16 +1551,13 @@ public class WizardPanelBase implements IWizardPanel { } } - public void updateCertChainUsingSecureEEPort( IConfigStore config, - String name, String host, - int https_ee_port, - boolean https, - Context context, - ConfigCertApprovalCallback certApprovalCallback ) throws IOException { - String certchain = getCertChainUsingSecureEEPort( host, https_ee_port, - https, - certApprovalCallback); - config.putString("preop."+name+".pkcs7", certchain); + public void updateCertChainUsingSecureEEPort(IConfigStore config, + String name, String host, int https_ee_port, boolean https, + Context context, ConfigCertApprovalCallback certApprovalCallback) + throws IOException { + String certchain = getCertChainUsingSecureEEPort(host, https_ee_port, + https, certApprovalCallback); + config.putString("preop." + name + ".pkcs7", certchain); byte[] decoded = CryptoUtil.base64Decode(certchain); java.security.cert.X509Certificate[] b_certchain = null; @@ -1521,8 +1565,7 @@ public class WizardPanelBase implements IWizardPanel { try { b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded); } catch (Exception e) { - context.put("errorString", - "Failed to get the certificate chain."); + context.put("errorString", "Failed to get the certificate chain."); return; } @@ -1530,7 +1573,7 @@ public class WizardPanelBase implements IWizardPanel { if (b_certchain != null) { size = b_certchain.length; } - config.putInteger("preop."+name+".certchain.size", size); + config.putInteger("preop." + name + ".certchain.size", size); for (int i = 0; i < size; i++) { byte[] bb = null; @@ -1538,11 +1581,11 @@ public class WizardPanelBase implements IWizardPanel { bb = b_certchain[i].getEncoded(); } catch (Exception e) { context.put("errorString", - "Failed to get the der-encoded certificate chain."); + "Failed to get the der-encoded certificate chain."); return; } - config.putString("preop."+name+".certchain." + i, - CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); + config.putString("preop." + name + ".certchain." + i, + CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb))); } try { @@ -1557,27 +1600,28 @@ public class WizardPanelBase implements IWizardPanel { CryptoToken tok = cm.getTokenByName(tokenname); CryptoStore store = tok.getCryptoStore(); String fullnickname = nickname; - if (!tokenname.equals("") && - !tokenname.equals("Internal Key Storage Token") && - !tokenname.equals("internal")) - fullnickname = tokenname+":"+nickname; + if (!tokenname.equals("") + && !tokenname.equals("Internal Key Storage Token") + && !tokenname.equals("internal")) + fullnickname = tokenname + ":" + nickname; - CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname); - org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname); + CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname); + org.mozilla.jss.crypto.X509Certificate cert = cm + .findCertByNickname(fullnickname); if (store instanceof PK11Store) { CMS.debug("WizardPanelBase deleteCert: this is pk11store"); - PK11Store pk11store = (PK11Store)store; + PK11Store pk11store = (PK11Store) store; pk11store.deleteCertOnly(cert); CMS.debug("WizardPanelBase deleteCert: cert deleted successfully"); } } catch (Exception e) { - CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString()); } } public void deleteEntries(LDAPSearchResults res, LDAPConnection conn, - String dn, String[] entries) { + String dn, String[] entries) { String[] attrs = null; LDAPSearchConstraints cons = null; String filter = "objectclass=*"; @@ -1589,29 +1633,32 @@ public class WizardPanelBase implements IWizardPanel { while (res.hasMoreElements()) { LDAPEntry entry = res.next(); String dn1 = entry.getDN(); - LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, true, cons); + LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, + true, cons); deleteEntries(res1, conn, dn1, entries); deleteEntry(conn, dn1, entries); } } } catch (Exception ee) { - CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString()); + CMS.debug("WizardPanelBase deleteEntries: Exception=" + + ee.toString()); } } public void deleteEntry(LDAPConnection conn, String dn, String[] entries) { try { - for (int i=0; i<entries.length; i++) { + for (int i = 0; i < entries.length; i++) { if (LDAPDN.equals(dn, entries[i])) { - CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted."); + CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + + dn + " is not deleted."); return; } } - CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn); + CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn); conn.delete(dn); } catch (Exception e) { - CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString()); + CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString()); } } @@ -1624,12 +1671,17 @@ public class WizardPanelBase implements IWizardPanel { int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1); int panel = getPanelNo(); String subsystem = cs.getString("cs.type", ""); - String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem; + String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + + toLowerCaseSubsystemType(subsystem) + + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + + subsystem; String encodedValue = URLEncoder.encode(urlVal, "UTF-8"); - String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue; + String sdurl = "https://" + hostname + ":" + port + + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue; response.sendRedirect(sdurl); } catch (Exception e) { - CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString()); + CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java index bbfa4b39..73f4e367 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java @@ -28,30 +28,24 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AdminRequestFilter implements Filter -{ +public class AdminRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Admin"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AdminRequestFilter */ - public AdminRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public AdminRequestFilter() { + } + + public void init(FilterConfig filterConfig) throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, - ServletResponse response, - FilterChain chain ) - throws java.io.IOException, - ServletException - { + + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws java.io.IOException, ServletException { String filterName = getClass().getName(); String scheme = null; @@ -64,32 +58,32 @@ public class AdminRequestFilter implements Filter String param_active = null; // CMS.debug("Entering the admin filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { - msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + if (!scheme.equals(HTTPS_SCHEME)) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" + + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { - msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { + msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " + + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -97,29 +91,30 @@ public class AdminRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) + && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -128,11 +123,9 @@ public class AdminRequestFilter implements Filter // CMS.debug("Exiting the admin filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java index 1ae44a64..c9c651b6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java @@ -28,30 +28,24 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AgentRequestFilter implements Filter -{ +public class AgentRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Agent"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AgentRequestFilter */ - public AgentRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public AgentRequestFilter() { + } + + public void init(FilterConfig filterConfig) throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, - ServletResponse response, - FilterChain chain ) - throws java.io.IOException, - ServletException - { + + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws java.io.IOException, ServletException { String filterName = getClass().getName(); String scheme = null; @@ -65,32 +59,32 @@ public class AgentRequestFilter implements Filter String param_active = null; // CMS.debug("Entering the agent filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { - msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + if (!scheme.equals(HTTPS_SCHEME)) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" + + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { - msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { + msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " + + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -98,29 +92,30 @@ public class AgentRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) + && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } @@ -128,11 +123,9 @@ public class AgentRequestFilter implements Filter } // CMS.debug("Exiting the Agent filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java index 8b53c6c6..023d20dd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java @@ -28,30 +28,24 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EEClientAuthRequestFilter implements Filter -{ +public class EEClientAuthRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "EE Client Auth"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new EEClientAuthRequestFilter */ - public EEClientAuthRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public EEClientAuthRequestFilter() { + } + + public void init(FilterConfig filterConfig) throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, - ServletResponse response, - FilterChain chain ) - throws java.io.IOException, - ServletException - { + + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws java.io.IOException, ServletException { String filterName = getClass().getName(); String scheme = null; @@ -64,32 +58,32 @@ public class EEClientAuthRequestFilter implements Filter String param_proxy_port = null; // CMS.debug("Entering the EECA filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { - msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + if (!scheme.equals(HTTPS_SCHEME)) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" + + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { - msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { + msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " + + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -97,41 +91,40 @@ public class EEClientAuthRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) + && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } } } - // CMS.debug("exiting the EECA filter"); + // CMS.debug("exiting the EECA filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java index f66cf087..2461f1a0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java @@ -28,8 +28,7 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EERequestFilter implements Filter -{ +public class EERequestFilter implements Filter { private static final String HTTP_SCHEME = "http"; private static final String HTTP_PORT = "http_port"; private static final String HTTP_ROLE = "EE"; @@ -40,22 +39,17 @@ public class EERequestFilter implements Filter private static final String PROXY_HTTP_PORT = "proxy_http_port"; private FilterConfig config; - + /* Create a new EERequestFilter */ - public EERequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public EERequestFilter() { + } + + public void init(FilterConfig filterConfig) throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, - ServletResponse response, - FilterChain chain ) - throws java.io.IOException, - ServletException - { + + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws java.io.IOException, ServletException { String filterName = getClass().getName(); String scheme = null; @@ -70,45 +64,43 @@ public class EERequestFilter implements Filter String param_active = null; // CMS.debug("Entering the EE filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is either "http" or "https" + // RFC 1738: verify that scheme is either "http" or "https" scheme = request.getScheme(); - if( ( ! scheme.equals( HTTP_SCHEME ) ) && - ( ! scheme.equals( HTTPS_SCHEME ) ) ) { - msg = "The scheme MUST be either '" + HTTP_SCHEME - + "' or '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); - return; + if ((!scheme.equals(HTTP_SCHEME)) && (!scheme.equals(HTTPS_SCHEME))) { + msg = "The scheme MUST be either '" + HTTP_SCHEME + "' or '" + + HTTPS_SCHEME + "', NOT '" + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + return; } // Always obtain either an "http" or an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "http" port passed in as a parameter - param_http_port = config.getInitParameter( HTTP_PORT ); - if( param_http_port == null ) { - msg = "The <param-name> '" + HTTP_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); - return; + param_http_port = config.getInitParameter(HTTP_PORT); + if (param_http_port == null) { + msg = "The <param-name> '" + HTTP_PORT + "' </param-name> " + + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + return; } // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { - msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); - return; + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { + msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " + + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + return; } param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT); @@ -119,58 +111,64 @@ public class EERequestFilter implements Filter // the request and param "http" ports; // otherwise, if the scheme is "https", compare // the request and param "https" ports - if( scheme.equals( HTTP_SCHEME ) ) { - if( ! param_http_port.equals( request_port ) ) { + if (scheme.equals(HTTP_SCHEME)) { + if (!param_http_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_http_port != null) { + if (param_proxy_http_port != null) { if (!param_proxy_http_port.equals(request_port)) { msg = "Use HTTP port '" + param_http_port - + "' or proxy port '" + param_proxy_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' or proxy port '" + + param_proxy_http_port + "' instead of '" + + request_port + "' when performing " + + HTTP_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTP port '" + param_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) + && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, + msg); return; } } } - } else if( scheme.equals( HTTPS_SCHEME ) ) { - if( ! param_https_port.equals( request_port ) ) { + } else if (scheme.equals(HTTPS_SCHEME)) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) + && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, + msg); return; } } @@ -180,11 +178,9 @@ public class EERequestFilter implements Filter } // CMS.debug("Exiting the EE filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java index 166036a9..6281050f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -43,13 +42,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * A class representing a recoverKey servlet. This servlet - * shows key information and presents a list of text boxes - * so that recovery agents can type in their identifiers - * and passwords. - * + * A class representing a recoverKey servlet. This servlet shows key information + * and presents a list of text boxes so that recovery agents can type in their + * identifiers and passwords. + * * @version $Revision$, $Date$ */ public class ConfirmRecoverBySerial extends CMSServlet { @@ -59,8 +56,7 @@ public class ConfirmRecoverBySerial extends CMSServlet { */ private static final long serialVersionUID = 2221819191344494389L; private final static String INFO = "recoverBySerial"; - private final static String TPL_FILE = - "confirmRecoverBySerial.template"; + private final static String TPL_FILE = "confirmRecoverBySerial.template"; private final static String IN_SERIALNO = "serialNumber"; private final static String OUT_SERIALNO = IN_SERIALNO; @@ -95,22 +91,20 @@ public class ConfirmRecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** - * Serves HTTP request. The format of this request is - * as follows: - * confirmRecoverBySerial? - * [serialNumber=<serialno>] + * Serves HTTP request. The format of this request is as follows: + * confirmRecoverBySerial? [serialNumber=<serialno>] */ public void process(CMSRequest cmsReq) throws EBaseException { // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. - + HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -123,9 +117,10 @@ public class ConfirmRecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -136,8 +131,7 @@ public class ConfirmRecoverBySerial extends CMSServlet { try { if (req.getParameter(IN_SERIALNO) != null) { - seqNum = Integer.parseInt( - req.getParameter(IN_SERIALNO)); + seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO)); } // make sure this page, which contains password @@ -147,8 +141,10 @@ public class ConfirmRecoverBySerial extends CMSServlet { process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue( + OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", + e.toString())); } try { @@ -157,10 +153,10 @@ public class ConfirmRecoverBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -168,21 +164,17 @@ public class ConfirmRecoverBySerial extends CMSServlet { /** * Requests for a list of agent passwords. */ - private void process(CMSTemplateParams argSet, - IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + private void process(CMSTemplateParams argSet, IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, Locale locale) { try { header.addIntegerValue(OUT_SERIALNO, seq); header.addIntegerValue(OUT_M, - mRecoveryService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + mRecoveryService.getNoOfRequiredAgents()); + header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( - Integer.toString(seq))); + Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java index 510f1ac3..de298e90 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -44,11 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display a specific Key Archival Request * <P> - * + * * @version $Revision$, $Date$ */ public class DisplayBySerial extends CMSServlet { @@ -78,7 +76,7 @@ public class DisplayBySerial extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerial.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -94,8 +92,8 @@ public class DisplayBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -103,7 +101,7 @@ public class DisplayBySerial extends CMSServlet { * <ul> * <li>http.param serialNumber serial number of the key archival request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -115,14 +113,14 @@ public class DisplayBySerial extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -137,13 +135,14 @@ public class DisplayBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -153,13 +152,14 @@ public class DisplayBySerial extends CMSServlet { try { if (req.getParameter(IN_SERIALNO) != null) { - seqNum = Integer.parseInt( - req.getParameter(IN_SERIALNO)); + seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO)); } process(argSet, header, seqNum, req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue( + OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", + e.toString())); } try { @@ -168,27 +168,23 @@ public class DisplayBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Display information about a particular key. */ - private void process(CMSTemplateParams argSet, - IArgBlock header, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + private void process(CMSTemplateParams argSet, IArgBlock header, int seq, + HttpServletRequest req, HttpServletResponse resp, Locale locale) { try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new - BigInteger(Integer.toString(seq))); + header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( + Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); } catch (EBaseException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java index 2ef78c64..f261d0d9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Locale; @@ -45,11 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Display a Specific Key Archival Request, and initiate - * key recovery process - * + * Display a Specific Key Archival Request, and initiate key recovery process + * * @version $Revision$, $Date$ */ public class DisplayBySerialForRecovery extends CMSServlet { @@ -80,7 +77,7 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "displayBySerialForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -95,17 +92,17 @@ public class DisplayBySerialForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param serialNumber request ID of key archival request - * <li>http.param publicKeyData + * <li>http.param serialNumber request ID of key archival request + * <li>http.param publicKeyData * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -117,14 +114,14 @@ public class DisplayBySerialForRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -139,13 +136,14 @@ public class DisplayBySerialForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // Note that we should try to handle all the exceptions - // instead of passing it up back to the servlet + // instead of passing it up back to the servlet // framework. IArgBlock header = CMS.createArgBlock(); @@ -156,15 +154,15 @@ public class DisplayBySerialForRecovery extends CMSServlet { try { if (req.getParameter(IN_SERIALNO) != null) { - seqNum = Integer.parseInt( - req.getParameter(IN_SERIALNO)); + seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO)); } - process(argSet, header, - req.getParameter("publicKeyData"), - seqNum, req, resp, locale[0]); + process(argSet, header, req.getParameter("publicKeyData"), seqNum, + req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue( + OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", + e.toString())); } catch (Exception e) { e.printStackTrace(); System.out.println(e.toString()); @@ -175,10 +173,10 @@ public class DisplayBySerialForRecovery extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -187,24 +185,20 @@ public class DisplayBySerialForRecovery extends CMSServlet { * Display information about a particular key. */ private synchronized void process(CMSTemplateParams argSet, - IArgBlock header, String publicKeyData, int seq, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String publicKeyData, int seq, + HttpServletRequest req, HttpServletResponse resp, Locale locale) { try { header.addIntegerValue("noOfRequiredAgents", - mService.getNoOfRequiredAgents()); - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + mService.getNoOfRequiredAgents()); + header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); + header.addStringValue("keySplitting", CMS.getConfigStore() + .getString("kra.keySplitting")); + header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); if (publicKeyData != null) { - header.addStringValue("publicKeyData", - publicKeyData); + header.addStringValue("publicKeyData", publicKeyData); } - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new - BigInteger(Integer.toString(seq))); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( + Integer.toString(seq))); KeyRecordParser.fillRecordIntoArg(rec, header); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java index d4baf181..adcb6127 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -34,11 +33,9 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Retrieve Transport Certificate used to - * wrap Private key Archival requests - * + * Retrieve Transport Certificate used to wrap Private key Archival requests + * * @version $Revision$, $Date$ */ public class DisplayTransport extends CMSServlet { @@ -67,13 +64,13 @@ public class DisplayTransport extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -86,8 +83,8 @@ public class DisplayTransport extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (Exception e) { // do nothing for now } @@ -98,31 +95,29 @@ public class DisplayTransport extends CMSServlet { } try { - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) mAuthority; + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority; ITransportKeyUnit tu = kra.getTransportKeyUnit(); - org.mozilla.jss.crypto.X509Certificate transportCert = - tu.getCertificate(); + org.mozilla.jss.crypto.X509Certificate transportCert = tu + .getCertificate(); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html"); - String content = ""; + String content = ""; content += "<HTML><PRE>"; - String mime64 = - "-----BEGIN CERTIFICATE-----\n" + - CMS.BtoA(transportCert.getEncoded()) + - "-----END CERTIFICATE-----\n"; + String mime64 = "-----BEGIN CERTIFICATE-----\n" + + CMS.BtoA(transportCert.getEncoded()) + + "-----END CERTIFICATE-----\n"; content += mime64; content += "</PRE></HTML>"; resp.setContentType("text/html"); resp.getOutputStream().write(content.getBytes()); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java index 9fbad7a6..14cc265f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * View the Key Recovery Request - * + * View the Key Recovery Request + * * @version $Revision$, $Date$ */ public class ExamineRecovery extends CMSServlet { @@ -100,8 +98,8 @@ public class ExamineRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -109,7 +107,7 @@ public class ExamineRecovery extends CMSServlet { * <ul> * <li>http.param recoveryID recovery request ID * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -123,14 +121,14 @@ public class ExamineRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -145,9 +143,10 @@ public class ExamineRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -158,96 +157,84 @@ public class ExamineRecovery extends CMSServlet { EBaseException error = null; try { - process(argSet, header, - req.getParameter("recoveryID"), - req, resp, locale[0]); + process(argSet, header, req.getParameter("recoveryID"), req, resp, + locale[0]); } catch (EBaseException e) { error = e; } catch (Exception e) { - error = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); + error = new EBaseException(CMS.getUserMessage( + "CMS_BASE_INTERNAL_ERROR", e.toString())); } /* - catch (NumberFormatException e) { - error = eBaseException( - - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * catch (NumberFormatException e) { error = eBaseException( + * + * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString( + * locale[0], BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. + * Recovers a key. The p12 will be protected by the password provided by the + * administrator. */ - private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String recoveryID, HttpServletRequest req, + HttpServletResponse resp, Locale locale) throws EBaseException { try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - header.addStringValue("keySplitting", - CMS.getConfigStore().getString("kra.keySplitting")); - Hashtable params = mService.getRecoveryParams( - recoveryID); + header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + header.addStringValue("keySplitting", CMS.getConfigStore() + .getString("kra.keySplitting")); + Hashtable params = mService.getRecoveryParams(recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } - String keyID = (String)params.get("keyID"); - header.addStringValue("serialNumber", keyID); + String keyID = (String) params.get("keyID"); + header.addStringValue("serialNumber", keyID); header.addStringValue("recoveryID", recoveryID); - IKeyRepository mKeyDB = - ((IKeyRecoveryAuthority) mAuthority).getKeyRepository(); - IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new - BigInteger(keyID)); + IKeyRepository mKeyDB = ((IKeyRecoveryAuthority) mAuthority) + .getKeyRepository(); + IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger( + keyID)); KeyRecordParser.fillRecordIntoArg(rec, header); - } catch (EBaseException e) { log(ILogger.LL_FAILURE, "Error e " + e); throw e; - } + } /* - catch (Exception e) { - header.addStringValue(OUT_ERROR, e.toString()); - } + * catch (Exception e) { header.addStringValue(OUT_ERROR, e.toString()); + * } */ } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java index 4bd4d45b..e1bb0c1a 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Check to see if a Key Recovery Request has been approved - * + * * @version $Revision$, $Date$ */ public class GetApprovalStatus extends CMSServlet { @@ -79,9 +77,9 @@ public class GetApprovalStatus extends CMSServlet { /** * initialize the servlet. This servlet uses the template files - * "getApprovalStatus.template" and "finishRecovery.template" - * to process the response. - * + * "getApprovalStatus.template" and "finishRecovery.template" to process the + * response. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -95,8 +93,8 @@ public class GetApprovalStatus extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -104,7 +102,7 @@ public class GetApprovalStatus extends CMSServlet { * <ul> * <li>http.param recoveryID request ID to check * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -117,8 +115,8 @@ public class GetApprovalStatus extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (Exception e) { // do nothing for now } @@ -147,54 +145,52 @@ public class GetApprovalStatus extends CMSServlet { Hashtable params = mService.getRecoveryParams(recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } - header.addStringValue("serialNumber", - (String) params.get("keyID")); + header.addStringValue("serialNumber", (String) params.get("keyID")); int requiredNumber = mService.getNoOfRequiredAgents(); header.addIntegerValue("noOfRequiredAgents", requiredNumber); - Vector dc = ((IKeyRecoveryAuthority) mService).getAppAgents(recoveryID); + Vector dc = ((IKeyRecoveryAuthority) mService) + .getAppAgents(recoveryID); Enumeration agents = dc.elements(); while (agents.hasMoreElements()) { IArgBlock rarg = CMS.createArgBlock(); - rarg.addStringValue("agentName", ((Credential) agents.nextElement()).getIdentifier()); + rarg.addStringValue("agentName", + ((Credential) agents.nextElement()).getIdentifier()); argSet.addRepeatRecord(rarg); } if (dc.size() >= requiredNumber) { // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); + byte pkcs12[] = ((IKeyRecoveryAuthority) mService) + .getPk12(recoveryID); if (pkcs12 != null) { rComplete = 1; - header.addStringValue(OUT_STATUS, "complete"); + header.addStringValue(OUT_STATUS, "complete"); /* - mService.destroyRecoveryParams(recoveryID); - try { - resp.setContentType("application/x-pkcs12"); - resp.getOutputStream().write(pkcs12); - return; - } catch (IOException e) { - header.addStringValue(OUT_ERROR, - MessageFormatter.getLocalizedString( - locale[0], - BaseResources.class.getName(), - BaseResources.INTERNAL_ERROR_1, - e.toString())); - } + * mService.destroyRecoveryParams(recoveryID); try { + * resp.setContentType("application/x-pkcs12"); + * resp.getOutputStream().write(pkcs12); return; } catch + * (IOException e) { header.addStringValue(OUT_ERROR, + * MessageFormatter.getLocalizedString( locale[0], + * BaseResources.class.getName(), + * BaseResources.INTERNAL_ERROR_1, e.toString())); } */ - } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + } else if (((IKeyRecoveryAuthority) mService) + .getError(recoveryID) != null) { + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService) + .getError(recoveryID)); rComplete = 1; } else { // pk12 hasn't been created yet. @@ -207,19 +203,21 @@ public class GetApprovalStatus extends CMSServlet { try { if (rComplete == 1) { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH; + mFormPath = "/" + ((IAuthority) mService).getId() + "/" + + TPL_FINISH; } else { - mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE; - } + mFormPath = "/" + ((IAuthority) mService).getId() + "/" + + TPL_FILE; + } if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } ServletOutputStream out = resp.getOutputStream(); @@ -227,10 +225,10 @@ public class GetApprovalStatus extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java index cea08af3..f9c4d588 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Locale; @@ -42,11 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Get the recovered key in PKCS#12 format - * - for asynchronous key recovery only - * + * Get the recovered key in PKCS#12 format - for asynchronous key recovery only + * */ public class GetAsyncPk12 extends CMSServlet { @@ -67,13 +64,9 @@ public class GetAsyncPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -87,7 +80,7 @@ public class GetAsyncPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishAsyncRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,8 +96,8 @@ public class GetAsyncPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -112,7 +105,7 @@ public class GetAsyncPk12 extends CMSServlet { * <ul> * <li>http.param reqID request id for recovery * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -128,14 +121,14 @@ public class GetAsyncPk12 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,9 +143,10 @@ public class GetAsyncPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -173,28 +167,26 @@ public class GetAsyncPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null ) { - CMS.debug( "GetAsyncPk12::process() - agent is null!" ); - throw new EBaseException( "agent is null" ); + if (agent == null) { + CMS.debug("GetAsyncPk12::process() - agent is null!"); + throw new EBaseException("agent is null"); } String initAgent = "undefined"; initAgent = mService.getInitAgentAsyncKeyRecovery(reqID); if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) { - log(ILogger.LL_SECURITY, - CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3", - reqID, initAgent)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC", - reqID, initAgent)); + log(ILogger.LL_SECURITY, CMS.getLogMessage( + "CMSGW_INVALID_AGENT_ASYNC_3", reqID, initAgent)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_INVALID_AGENT_ASYNC", reqID, initAgent)); } // The async recovery request must be in "approved" state - // i.e. all required # of recovery agents approved + // i.e. all required # of recovery agents approved if (mService.isApprovedAsyncKeyRecovery(reqID) != true) { CMS.debug("GetAsyncPk12::process() - # required recovery agents not met"); - throw new EBaseException( "# required recovery agents not met" ); + throw new EBaseException("# required recovery agents not met"); } String password = req.getParameter(IN_PASSWORD); @@ -202,11 +194,11 @@ public class GetAsyncPk12 extends CMSServlet { if (password == null || password.equals("")) { header.addStringValue(OUT_ERROR, "PKCS12 password not found"); - throw new EBaseException( "PKCS12 password not found" ); + throw new EBaseException("PKCS12 password not found"); } if (passwordAgain == null || !passwordAgain.equals(password)) { header.addStringValue(OUT_ERROR, "PKCS12 password not matched"); - throw new EBaseException( "PKCS12 password not matched" ); + throw new EBaseException("PKCS12 password not matched"); } // got all approval, return pk12 @@ -218,24 +210,22 @@ public class GetAsyncPk12 extends CMSServlet { resp.getOutputStream().write(pkcs12); mRenderResult = false; - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - reqID, - ""); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, ILogger.SUCCESS, reqID, ""); - audit(auditMessage); + audit(auditMessage); return; } catch (IOException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue(OUT_ERROR, CMS.getUserMessage( + locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) { - // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(reqID)); + // error in recovery process + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(reqID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -244,12 +234,10 @@ public class GetAsyncPk12 extends CMSServlet { } if ((agent != null) && (reqID != null)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - reqID, - ""); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, ILogger.FAILURE, reqID, ""); audit(auditMessage); } @@ -260,10 +248,10 @@ public class GetAsyncPk12 extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java index b3651774..284ef7bb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Get the recovered key in PKCS#12 format - * + * * @version $Revision$, $Date$ */ public class GetPk12 extends CMSServlet { @@ -66,13 +64,9 @@ public class GetPk12 extends CMSServlet { private com.netscape.certsrv.kra.IKeyService mService = null; private final static String OUT_STATUS = "status"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4"; - private final static String - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4"; private String mFormPath = null; @@ -86,7 +80,7 @@ public class GetPk12 extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "finishRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,8 +96,8 @@ public class GetPk12 extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -111,7 +105,7 @@ public class GetPk12 extends CMSServlet { * <ul> * <li>http.param recoveryID ID of request to recover * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -127,14 +121,14 @@ public class GetPk12 extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "download"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "download"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -149,9 +143,10 @@ public class GetPk12 extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -169,10 +164,10 @@ public class GetPk12 extends CMSServlet { Hashtable params = mService.getRecoveryParams(recoveryID); if (params == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID)); } // only the init DRM agent can get the pkcs12 @@ -181,29 +176,27 @@ public class GetPk12 extends CMSServlet { agent = (String) sContext.get(SessionContext.USER_ID); } - if (agent == null ) { - CMS.debug( "GetPk12::process() - agent is null!" ); - throw new EBaseException( "agent is null" ); + if (agent == null) { + CMS.debug("GetPk12::process() - agent is null!"); + throw new EBaseException("agent is null"); } - String initAgent = (String) params.get("agent"); + String initAgent = (String) params.get("agent"); if (!agent.equals(initAgent)) { log(ILogger.LL_SECURITY, - - CMS.getLogMessage("CMSGW_INVALID_AGENT_3", - recoveryID, + + CMS.getLogMessage("CMSGW_INVALID_AGENT_3", recoveryID, initAgent)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_AGENT", - agent, initAgent, recoveryID)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_INVALID_AGENT", agent, initAgent, recoveryID)); } - header.addStringValue("serialNumber", - (String) params.get("keyID")); + header.addStringValue("serialNumber", (String) params.get("keyID")); // got all approval, return pk12 - byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID); + byte pkcs12[] = ((IKeyRecoveryAuthority) mService) + .getPk12(recoveryID); if (pkcs12 != null) { mService.destroyRecoveryParams(recoveryID); @@ -212,24 +205,22 @@ public class GetPk12 extends CMSServlet { resp.getOutputStream().write(pkcs12); mRenderResult = false; - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, - agent, - ILogger.SUCCESS, - recoveryID, - ""); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS, + agent, ILogger.SUCCESS, recoveryID, ""); audit(auditMessage); return; } catch (IOException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue(OUT_ERROR, CMS.getUserMessage( + locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); } } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) { // error in recovery process - header.addStringValue(OUT_ERROR, - ((IKeyRecoveryAuthority) mService).getError(recoveryID)); + header.addStringValue(OUT_ERROR, + ((IKeyRecoveryAuthority) mService).getError(recoveryID)); } else { // pk12 hasn't been created yet. Shouldn't get here } @@ -238,12 +229,10 @@ public class GetPk12 extends CMSServlet { } if ((agent != null) && (recoveryID != null)) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, - agent, - ILogger.FAILURE, - recoveryID, - ""); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE, + agent, ILogger.FAILURE, recoveryID, ""); audit(auditMessage); } @@ -254,10 +243,10 @@ public class GetPk12 extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java index a868f47c..0acfd2ff 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java @@ -40,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Approve an asynchronous key recovery request - * + * */ public class GrantAsyncRecovery extends CMSServlet { @@ -68,8 +67,7 @@ public class GrantAsyncRecovery extends CMSServlet { private IKeyService mService = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -81,7 +79,7 @@ public class GrantAsyncRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantAsyncRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -98,8 +96,8 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** @@ -107,9 +105,9 @@ public class GrantAsyncRecovery extends CMSServlet { * <ul> * <li>http.param reqID request ID of the request to approve * <li>http.param agentID User ID of the agent approving the request - + * * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -124,14 +122,14 @@ public class GrantAsyncRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "recover"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -146,9 +144,10 @@ public class GrantAsyncRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -159,15 +158,16 @@ public class GrantAsyncRecovery extends CMSServlet { String agentID = authToken.getInString("uid"); CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID); - CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID")); + CMS.debug("GrantAsyncRecovery: process() request id=" + + req.getParameter("reqID")); try { - process(argSet, header, - req.getParameter("reqID"), - agentID, - req, resp, locale[0]); + process(argSet, header, req.getParameter("reqID"), agentID, req, + resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue( + OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", + e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -175,10 +175,10 @@ public class GrantAsyncRecovery extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -186,12 +186,13 @@ public class GrantAsyncRecovery extends CMSServlet { /** * Update agent approval list * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param reqID string containing the recovery request ID @@ -200,11 +201,9 @@ public class GrantAsyncRecovery extends CMSServlet { * @param resp HTTP servlet response * @param locale the system locale */ - private void process(CMSTemplateParams argSet, - IArgBlock header, String reqID, - String agentID, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + private void process(CMSTemplateParams argSet, IArgBlock header, + String reqID, String agentID, HttpServletRequest req, + HttpServletResponse resp, Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequestID = reqID; @@ -233,10 +232,8 @@ public class GrantAsyncRecovery extends CMSServlet { } try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); // update approving agent list mService.addAgentAsyncKeyRecovery(reqID, agentID); @@ -246,11 +243,9 @@ public class GrantAsyncRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.SUCCESS, - auditRequestID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, ILogger.SUCCESS, auditRequestID, + auditAgentID); audit(auditMessage); @@ -259,11 +254,9 @@ public class GrantAsyncRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRequestID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, ILogger.FAILURE, auditRequestID, + auditAgentID); audit(auditMessage); } catch (Exception e) { @@ -271,14 +264,11 @@ public class GrantAsyncRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRequestID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, ILogger.FAILURE, auditRequestID, + auditAgentID); audit(auditMessage); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java index 9a7238be..51d2a02d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Hashtable; import java.util.Locale; @@ -42,10 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Approve a key recovery request - * + * * @version $Revision$, $Date$ */ public class GrantRecovery extends CMSServlet { @@ -73,8 +71,7 @@ public class GrantRecovery extends CMSServlet { private IKeyService mService = null; private String mFormPath = null; - private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = - "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; + private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4"; /** * Constructs EA servlet. @@ -86,7 +83,7 @@ public class GrantRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * 'grantRecovery.template' to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -103,19 +100,19 @@ public class GrantRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> * <li>http.param recoveryID ID of the request to approve - * <li>http.param agentID User ID of the agent approving the request - * <li>http.param agentPWD Password of the agent approving the request - + * <li>http.param agentID User ID of the agent approving the request + * <li>http.param agentPWD Password of the agent approving the request + * * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -128,14 +125,14 @@ public class GrantRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "recover"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -150,9 +147,10 @@ public class GrantRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -166,14 +164,13 @@ public class GrantRecovery extends CMSServlet { agentID = req.getParameter("agentID"); } try { - process(argSet, header, - req.getParameter("recoveryID"), - agentID, - req.getParameter("agentPWD"), - req, resp, locale[0]); + process(argSet, header, req.getParameter("recoveryID"), agentID, + req.getParameter("agentPWD"), req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue( + OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", + e.toString())); } try { ServletOutputStream out = resp.getOutputStream(); @@ -181,24 +178,25 @@ public class GrantRecovery extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. + * Recovers a key. The p12 will be protected by the password provided by the + * administrator. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used * whenever DRM agents login as recovery agents to approve key recovery * requests * </ul> + * * @param argSet CMS template parameters * @param header argument block * @param recoveryID string containing the recovery ID @@ -208,11 +206,9 @@ public class GrantRecovery extends CMSServlet { * @param resp HTTP servlet response * @param locale the system locale */ - private void process(CMSTemplateParams argSet, - IArgBlock header, String recoveryID, - String agentID, String agentPWD, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + private void process(CMSTemplateParams argSet, IArgBlock header, + String recoveryID, String agentID, String agentPWD, + HttpServletRequest req, HttpServletResponse resp, Locale locale) { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRecoveryID = recoveryID; @@ -241,45 +237,35 @@ public class GrantRecovery extends CMSServlet { } try { - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); + header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); + header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); Hashtable h = mService.getRecoveryParams(recoveryID); if (h == null) { - header.addStringValue(OUT_ERROR, - "No such token found"); + header.addStringValue(OUT_ERROR, "No such token found"); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, ILogger.FAILURE, auditRecoveryID, + auditAgentID); audit(auditMessage); return; } - header.addStringValue("serialNumber", - (String) h.get("keyID")); + header.addStringValue("serialNumber", (String) h.get("keyID")); mService.addDistributedCredential(recoveryID, agentID, agentPWD); - header.addStringValue("agentID", - agentID); - header.addStringValue("recoveryID", - recoveryID); + header.addStringValue("agentID", agentID); + header.addStringValue("recoveryID", recoveryID); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.SUCCESS, - auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, ILogger.SUCCESS, auditRecoveryID, + auditAgentID); audit(auditMessage); @@ -288,11 +274,9 @@ public class GrantRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, ILogger.FAILURE, auditRecoveryID, + auditAgentID); audit(auditMessage); } catch (Exception e) { @@ -300,14 +284,11 @@ public class GrantRecovery extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, - auditSubjectID, - ILogger.FAILURE, - auditRecoveryID, - auditAgentID); + LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN, + auditSubjectID, ILogger.FAILURE, auditRecoveryID, + auditAgentID); audit(auditMessage); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java index 9ce8585f..5fa88e5e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.util.Date; import com.netscape.certsrv.apps.CMS; @@ -28,7 +27,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord; /** * Output a 'pretty print' of a Key Archival record - * + * * @version $Revision$, $Date$ */ public class KeyRecordParser { @@ -44,28 +43,23 @@ public class KeyRecordParser { public final static String OUT_RECOVERED_BY = "recoveredBy"; public final static String OUT_RECOVERED_ON = "recoveredOn"; - /** * Fills key record into argument block. */ - public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) - throws EBaseException { + public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) + throws EBaseException { if (rec == null) return; - rarg.addStringValue(OUT_STATE, - rec.getState().toString()); - rarg.addStringValue(OUT_OWNER_NAME, - rec.getOwnerName()); - rarg.addIntegerValue(OUT_SERIALNO, - rec.getSerialNumber().intValue()); - rarg.addStringValue(OUT_KEY_ALGORITHM, - rec.getAlgorithm()); - // Possible Enhancement: sun's BASE64Encode is not + rarg.addStringValue(OUT_STATE, rec.getState().toString()); + rarg.addStringValue(OUT_OWNER_NAME, rec.getOwnerName()); + rarg.addIntegerValue(OUT_SERIALNO, rec.getSerialNumber().intValue()); + rarg.addStringValue(OUT_KEY_ALGORITHM, rec.getAlgorithm()); + // Possible Enhancement: sun's BASE64Encode is not // fast. We may may to have our native implmenetation. IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); rarg.addStringValue(OUT_PUBLIC_KEY, - pp.toHexString(rec.getPublicKeyData(), 0, 20)); + pp.toHexString(rec.getPublicKeyData(), 0, 20)); Integer keySize = rec.getKeySize(); if (keySize == null) { @@ -73,17 +67,13 @@ public class KeyRecordParser { } else { rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue()); } - rarg.addStringValue(OUT_ARCHIVED_BY, - rec.getArchivedBy()); - rarg.addLongValue(OUT_ARCHIVED_ON, - rec.getCreateTime().getTime() / 1000); + rarg.addStringValue(OUT_ARCHIVED_BY, rec.getArchivedBy()); + rarg.addLongValue(OUT_ARCHIVED_ON, rec.getCreateTime().getTime() / 1000); Date dateOfRevocation[] = rec.getDateOfRevocation(); if (dateOfRevocation != null) { - rarg.addStringValue(OUT_RECOVERED_BY, - "null"); - rarg.addStringValue(OUT_RECOVERED_ON, - "null"); + rarg.addStringValue(OUT_RECOVERED_BY, "null"); + rarg.addStringValue(OUT_RECOVERED_ON, "null"); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java index edcd2bdf..484bebc5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.math.BigInteger; import java.util.Hashtable; @@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert; /** * A class representing a recoverBySerial servlet. - * + * * @version $Revision$, $Date$ */ public class RecoverBySerial extends CMSServlet { @@ -108,22 +107,17 @@ public class RecoverBySerial extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Serves HTTP request. The format of this request is as follows: - * recoverBySerial? - * [serialNumber=<number>] - * [uid#=<uid>] - * [pwd#=<password>] - * [localAgents=yes|null] - * [recoveryID=recoveryID] - * [pkcs12Password=<password of pkcs12>] - * [pkcs12PasswordAgain=<password of pkcs12>] - * [pkcs12Delivery=<delivery mechanism for pkcs12>] - * [cert=<encryption certificate>] + * recoverBySerial? [serialNumber=<number>] [uid#=<uid>] [pwd#=<password>] + * [localAgents=yes|null] [recoveryID=recoveryID] [pkcs12Password=<password + * of pkcs12>] [pkcs12PasswordAgain=<password of pkcs12>] + * [pkcs12Delivery=<delivery mechanism for pkcs12>] [cert=<encryption + * certificate>] */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -134,14 +128,14 @@ public class RecoverBySerial extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "recover"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "recover"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -156,9 +150,10 @@ public class RecoverBySerial extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -189,54 +184,53 @@ public class RecoverBySerial extends CMSServlet { ctx = SessionContext.getContext(); /* - When Recovery is first initiated, if it is in asynch mode, - no pkcs#12 password is needed. - The initiating agent uid will be recorded in the recovery - request. - Later, as approving agents submit their approvals, they will - also be listed in the request. + * When Recovery is first initiated, if it is in asynch mode, no + * pkcs#12 password is needed. The initiating agent uid will be + * recorded in the recovery request. Later, as approving agents + * submit their approvals, they will also be listed in the request. */ - if ((initAsyncRecovery != null) && - initAsyncRecovery.equalsIgnoreCase("ON")) { - process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter(IN_CERT), - req, resp, locale[0]); - - int requiredNumber = mService.getNoOfRequiredAgents(); - header.addIntegerValue("noOfRequiredAgents", requiredNumber); + if ((initAsyncRecovery != null) + && initAsyncRecovery.equalsIgnoreCase("ON")) { + process(form, argSet, header, req.getParameter(IN_SERIALNO), + req.getParameter(IN_CERT), req, resp, locale[0]); + + int requiredNumber = mService.getNoOfRequiredAgents(); + header.addIntegerValue("noOfRequiredAgents", requiredNumber); } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID != null && !recoveryID.equals("")) { - ctx.put(SessionContext.RECOVERY_ID, - req.getParameter("recoveryID")); + ctx.put(SessionContext.RECOVERY_ID, + req.getParameter("recoveryID")); + } + byte pkcs12[] = process(form, argSet, header, + req.getParameter(IN_SERIALNO), + req.getParameter("localAgents"), + req.getParameter(IN_PASSWORD), + req.getParameter(IN_PASSWORD_AGAIN), + req.getParameter(IN_CERT), + req.getParameter(IN_DELIVERY), + req.getParameter(IN_NICKNAME), req, resp, locale[0]); + + if (pkcs12 != null) { + // resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentType("application/x-pkcs12"); + // resp.setContentLength(pkcs12.length); + resp.getOutputStream().write(pkcs12); + mRenderResult = false; + return; } - byte pkcs12[] = process(form, argSet, header, - req.getParameter(IN_SERIALNO), - req.getParameter("localAgents"), - req.getParameter(IN_PASSWORD), - req.getParameter(IN_PASSWORD_AGAIN), - req.getParameter(IN_CERT), - req.getParameter(IN_DELIVERY), - req.getParameter(IN_NICKNAME), - req, resp, locale[0]); - - if (pkcs12 != null) { - //resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/x-pkcs12"); - //resp.setContentLength(pkcs12.length); - resp.getOutputStream().write(pkcs12); - mRenderResult = false; - return; - } } } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue( + OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", + e.toString())); } catch (IOException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue( + OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", + e.toString())); } finally { SessionContext.releaseContext(); } @@ -248,10 +242,10 @@ public class RecoverBySerial extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); @@ -260,10 +254,9 @@ public class RecoverBySerial extends CMSServlet { /** * Async Key Recovery - request initiation */ - private void process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String cert, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + private void process(CMSTemplate form, CMSTemplateParams argSet, + IArgBlock header, String seq, String cert, HttpServletRequest req, + HttpServletResponse resp, Locale locale) { // seq is the key id if (seq == null) { @@ -290,38 +283,35 @@ public class RecoverBySerial extends CMSServlet { SessionContext sContext = SessionContext.getContext(); try { - String reqID = mService.initAsyncKeyRecovery( - new BigInteger(seq), x509cert, - (String) sContext.get(SessionContext.USER_ID)); + String reqID = mService.initAsyncKeyRecovery(new BigInteger(seq), + x509cert, (String) sContext.get(SessionContext.USER_ID)); header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO)); header.addStringValue("requestID", reqID); } catch (EBaseException e) { - String error = - "Failed to recover key for key id " + - seq + ".\nException: " + e.toString(); + String error = "Failed to recover key for key id " + seq + + ".\nException: " + e.toString(); - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, + ILogger.LL_FAILURE, error); try { ((IKeyRecoveryAuthority) mService).createError(seq, error); } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, + ILogger.LL_FAILURE, eb.toString()); } } return; } /** - * Recovers a key. The p12 will be protected by the password - * provided by the administrator. + * Recovers a key. The p12 will be protected by the password provided by the + * administrator. */ private byte[] process(CMSTemplate form, CMSTemplateParams argSet, - IArgBlock header, String seq, String localAgents, - String password, String passwordAgain, - String cert, String delivery, String nickname, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) { + IArgBlock header, String seq, String localAgents, String password, + String passwordAgain, String cert, String delivery, + String nickname, HttpServletRequest req, HttpServletResponse resp, + Locale locale) { if (seq == null) { header.addStringValue(OUT_ERROR, "sequence number not found"); return null; @@ -360,65 +350,64 @@ public class RecoverBySerial extends CMSServlet { if (sContext != null) { agent = (String) sContext.get(SessionContext.USER_ID); } - if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { - if (localAgents == null) { - String recoveryID = req.getParameter("recoveryID"); + if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { + if (localAgents == null) { + String recoveryID = req.getParameter("recoveryID"); - if (recoveryID == null || recoveryID.equals("")) { - header.addStringValue(OUT_ERROR, "No recovery ID specified"); - return null; - } - Hashtable params = mService.createRecoveryParams(recoveryID); + if (recoveryID == null || recoveryID.equals("")) { + header.addStringValue(OUT_ERROR, + "No recovery ID specified"); + return null; + } + Hashtable params = mService + .createRecoveryParams(recoveryID); - params.put("keyID", req.getParameter(IN_SERIALNO)); + params.put("keyID", req.getParameter(IN_SERIALNO)); - header.addStringValue("recoveryID", recoveryID); + header.addStringValue("recoveryID", recoveryID); - params.put("agent", agent); + params.put("agent", agent); - // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, - SessionContext.getContext()); - - waitThread.start(); - return null; - } else { - Vector v = new Vector(); - - for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { - String uid = req.getParameter(IN_UID + i); - String pwd = req.getParameter(IN_PWD + i); + // new thread to wait for pk12 + Thread waitThread = new WaitApprovalThread(recoveryID, seq, + password, x509cert, delivery, nickname, + SessionContext.getContext()); - if (uid != null && pwd != null && !uid.equals("") && - !pwd.equals("")) { - v.addElement(new Credential(uid, pwd)); - } else { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); + waitThread.start(); + return null; + } else { + Vector v = new Vector(); + + for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) { + String uid = req.getParameter(IN_UID + i); + String pwd = req.getParameter(IN_PWD + i); + + if (uid != null && pwd != null && !uid.equals("") + && !pwd.equals("")) { + v.addElement(new Credential(uid, pwd)); + } else { + header.addStringValue(OUT_ERROR, + "Uid(s) or password(s) are not provided"); + return null; + } + } + if (v.size() != mService.getNoOfRequiredAgents()) { + header.addStringValue(OUT_ERROR, + "Uid(s) or password(s) are not provided"); return null; } + creds = new Credential[v.size()]; + v.copyInto(creds); } - if (v.size() != mService.getNoOfRequiredAgents()) { - header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided"); - return null; - } - creds = new Credential[v.size()]; - v.copyInto(creds); - } - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addIntegerValue(OUT_SERIALNO, - Integer.parseInt(seq)); - header.addStringValue(OUT_SERVICE_URL, - req.getRequestURI()); - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(seq), - creds, password, x509cert, - delivery, nickname, agent); - - return pkcs12; - } else { + header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); + header.addIntegerValue(OUT_SERIALNO, Integer.parseInt(seq)); + header.addStringValue(OUT_SERVICE_URL, req.getRequestURI()); + byte pkcs12[] = mService.doKeyRecovery(new BigInteger(seq), + creds, password, x509cert, delivery, nickname, agent); + + return pkcs12; + } else { String recoveryID = req.getParameter("recoveryID"); if (recoveryID == null || recoveryID.equals("")) { @@ -434,13 +423,13 @@ public class RecoverBySerial extends CMSServlet { params.put("agent", agent); // new thread to wait for pk12 - Thread waitThread = new WaitApprovalThread(recoveryID, - seq, password, x509cert, delivery, nickname, + Thread waitThread = new WaitApprovalThread(recoveryID, seq, + password, x509cert, delivery, nickname, SessionContext.getContext()); waitThread.start(); return null; - } + } } catch (EBaseException e) { header.addStringValue(OUT_ERROR, e.toString(locale)); } catch (Exception e) { @@ -450,8 +439,8 @@ public class RecoverBySerial extends CMSServlet { } /** - * Wait approval thread. Wait for recovery agents' approval - * exit when required number of approval received + * Wait approval thread. Wait for recovery agents' approval exit when + * required number of approval received */ final class WaitApprovalThread extends Thread { String theRecoveryID = null; @@ -462,24 +451,24 @@ public class RecoverBySerial extends CMSServlet { String theNickname = null; SessionContext theSc = null; - /** + /** * Wait approval thread constructor including thread name */ public WaitApprovalThread(String recoveryID, String seq, - String password, X509CertImpl cert, - String delivery, String nickname, SessionContext sc) { + String password, X509CertImpl cert, String delivery, + String nickname, SessionContext sc) { super(); - super.setName("waitApproval." + recoveryID + "-" + - (Thread.activeCount() + 1)); + super.setName("waitApproval." + recoveryID + "-" + + (Thread.activeCount() + 1)); theRecoveryID = recoveryID; theSeq = seq; thePassword = password; theCert = cert; theDelivery = delivery; theNickname = nickname; - theSc = sc; + theSc = sc; } - + public void run() { SessionContext.setContext(theSc); Credential creds[] = null; @@ -487,17 +476,17 @@ public class RecoverBySerial extends CMSServlet { try { creds = mService.getDistributedCredentials(theRecoveryID); } catch (EBaseException e) { - String error = - "Failed to get required approvals for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + String error = "Failed to get required approvals for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, + ILogger.LL_FAILURE, error); try { - ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); + ((IKeyRecoveryAuthority) mService).createError( + theRecoveryID, error); } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, + ILogger.LL_FAILURE, eb.toString()); } return; } @@ -505,25 +494,24 @@ public class RecoverBySerial extends CMSServlet { SessionContext sContext = SessionContext.getContext(); try { - byte pkcs12[] = mService.doKeyRecovery( - new BigInteger(theSeq), - creds, thePassword, theCert, - theDelivery, theNickname, + byte pkcs12[] = mService.doKeyRecovery(new BigInteger(theSeq), + creds, thePassword, theCert, theDelivery, theNickname, (String) sContext.get(SessionContext.USER_ID)); - ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12); + ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, + pkcs12); } catch (EBaseException e) { - String error = - "Failed to recover key for recovery id " + - theRecoveryID + ".\nException: " + e.toString(); + String error = "Failed to recover key for recovery id " + + theRecoveryID + ".\nException: " + e.toString(); - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, error); + CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, + ILogger.LL_FAILURE, error); try { - ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error); + ((IKeyRecoveryAuthority) mService).createError( + theRecoveryID, error); } catch (EBaseException eb) { - CMS.getLogger().log(ILogger.EV_SYSTEM, - ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString()); + CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA, + ILogger.LL_FAILURE, eb.toString()); } } return; @@ -531,4 +519,3 @@ public class RecoverBySerial extends CMSServlet { } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java index c0fdd02e..923ef031 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,7 +47,7 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching search criteria - * + * * @version $Revision$, $Date$ */ public class SrchKey extends CMSServlet { @@ -74,7 +73,7 @@ public class SrchKey extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -93,20 +92,20 @@ public class SrchKey extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKey.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; - /* maxReturns doesn't seem to do anything useful in this - servlet!!! */ + /* + * maxReturns doesn't seem to do anything useful in this servlet!!! + */ try { - String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + String tmp = sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -132,20 +131,20 @@ public class SrchKey extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch - * <li>http.param queryFilter ldap-style filter to search with + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param queryFilter ldap-style filter to search with * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -158,14 +157,14 @@ public class SrchKey extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -180,9 +179,10 @@ public class SrchKey extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } // process query if authentication is successful @@ -197,12 +197,10 @@ public class SrchKey extends CMSServlet { try { if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt( - req.getParameter(IN_MAXCOUNT)); + maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); } if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt( - req.getParameter(IN_SENTINEL)); + sentinel = Integer.parseInt(req.getParameter(IN_SENTINEL)); } String maxResultsStr = req.getParameter("maxResults"); @@ -212,12 +210,13 @@ public class SrchKey extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, - timeLimit, sentinel, - req.getParameter(IN_FILTER), req, resp, locale[0]); + process(argSet, header, ctx, maxCount, maxResults, timeLimit, + sentinel, req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { - header.addStringValue(OUT_ERROR, - CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString())); + header.addStringValue( + OUT_ERROR, + CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", + e.toString())); } try { @@ -226,10 +225,10 @@ public class SrchKey extends CMSServlet { resp.setContentType("text/html"); form.renderOutput(out, argSet); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } cmsReq.setStatus(CMSRequest.SUCCESS); } @@ -237,54 +236,47 @@ public class SrchKey extends CMSServlet { /** * Process the key search. */ - private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) { + private void process(CMSTemplateParams argSet, IArgBlock header, + IArgBlock ctx, int maxCount, int maxResults, int timeLimit, + int sentinel, String filter, HttpServletRequest req, + HttpServletResponse resp, Locale locale) { try { // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); + header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); + header.addStringValue(OUT_ARCHIVER, mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX - header.addStringValue(OUT_SERVICE_URL, - "/kra?"); - header.addStringValue(OUT_TEMPLATE, - TPL_FILE); - header.addStringValue(OUT_FILTER, - filter); + header.addStringValue(OUT_SERVICE_URL, "/kra?"); + header.addStringValue(OUT_TEMPLATE, TPL_FILE); + header.addStringValue(OUT_FILTER, filter); if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + + mTimeLimits); timeLimit = mTimeLimits; } CMS.debug("Start searching ... timelimit=" + timeLimit); - Enumeration e = mKeyDB.searchKeys(filter, - maxResults, timeLimit); + Enumeration e = mKeyDB.searchKeys(filter, maxResults, timeLimit); int count = 0; if (e == null) { - header.addStringValue(OUT_SENTINEL, - null); + header.addStringValue(OUT_SENTINEL, null); } else { while (e.hasMoreElements()) { - IKeyRecord rec = (IKeyRecord) - e.nextElement(); + IKeyRecord rec = (IKeyRecord) e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java index 56a1817e..c8ccfadf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java +++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.key; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -48,8 +47,8 @@ import com.netscape.cms.servlet.common.ECMSGWException; /** * Retrieve archived keys matching given public key material - * - * + * + * * @version $Revision$, $Date$ */ public class SrchKeyForRecovery extends CMSServlet { @@ -75,7 +74,7 @@ public class SrchKeyForRecovery extends CMSServlet { private final static String OUT_ERROR = "errorDetails"; private final static String OUT_ARCHIVER = "archiverName"; private final static String OUT_SERVICE_URL = "serviceURL"; - private final static String OUT_TOTAL_COUNT = "totalRecordCount"; + private final static String OUT_TOTAL_COUNT = "totalRecordCount"; private final static String OUT_TEMPLATE = "templateName"; private IKeyRepository mKeyDB = null; @@ -94,7 +93,7 @@ public class SrchKeyForRecovery extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "srchKeyForRecovery.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,10 +101,9 @@ public class SrchKeyForRecovery extends CMSServlet { mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; try { - String tmp = - sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); + String tmp = sc.getInitParameter(PROP_MAX_SEARCH_RETURNS); - if (tmp == null) + if (tmp == null) mMaxReturns = 100; else mMaxReturns = Integer.parseInt(tmp); @@ -131,20 +129,20 @@ public class SrchKeyForRecovery extends CMSServlet { /** * Returns serlvet information. */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } /** * Process the HTTP request. * <ul> - * <li>http.param maxCount maximum number of matches to show in result - * <li>http.param maxResults maximum number of matches to run in ldapsearch + * <li>http.param maxCount maximum number of matches to show in result + * <li>http.param maxResults maximum number of matches to run in ldapsearch * <li>http.param publicKeyData public key data to search on * <li>http.param querySentinel ID of first request to show - * <li>http.param timeLimit number of seconds to limit ldap search to + * <li>http.param timeLimit number of seconds to limit ldap search to * </ul> - * + * * @param cmsReq the object holding the request and response information */ @@ -157,14 +155,14 @@ public class SrchKeyForRecovery extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -179,11 +177,12 @@ public class SrchKeyForRecovery extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - + // process query if authentication is successful IArgBlock header = CMS.createArgBlock(); IArgBlock ctx = CMS.createArgBlock(); @@ -197,12 +196,10 @@ public class SrchKeyForRecovery extends CMSServlet { try { if (req.getParameter(IN_MAXCOUNT) != null) { - maxCount = Integer.parseInt( - req.getParameter(IN_MAXCOUNT)); + maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); } if (req.getParameter(IN_SENTINEL) != null) { - sentinel = Integer.parseInt( - req.getParameter(IN_SENTINEL)); + sentinel = Integer.parseInt(req.getParameter(IN_SENTINEL)); } String maxResultsStr = req.getParameter("maxResults"); @@ -212,76 +209,71 @@ public class SrchKeyForRecovery extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel, - req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]); + process(argSet, header, ctx, maxCount, maxResults, timeLimit, + sentinel, req.getParameter("publicKeyData"), + req.getParameter(IN_FILTER), req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); } /* - catch (Exception e) { - error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e); - } + * catch (Exception e) { error = new + * EBaseException(BaseResources.INTERNAL_ERROR_1, e); } */ try { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - ServletOutputStream out = resp.getOutputStream(); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + ServletOutputStream out = resp.getOutputStream(); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, - IArgBlock header, IArgBlock ctx, - int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData, - String filter, - HttpServletRequest req, HttpServletResponse resp, Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + IArgBlock ctx, int maxCount, int maxResults, int timeLimit, + int sentinel, String publicKeyData, String filter, + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { try { // Fill header - header.addStringValue(OUT_OP, - req.getParameter(OUT_OP)); - header.addStringValue(OUT_ARCHIVER, - mAuthName.toString()); + header.addStringValue(OUT_OP, req.getParameter(OUT_OP)); + header.addStringValue(OUT_ARCHIVER, mAuthName.toString()); // STRANGE: IE does not like the following: - // header.addStringValue(OUT_SERVICE_URL, - // req.getRequestURI()); + // header.addStringValue(OUT_SERVICE_URL, + // req.getRequestURI()); // XXX - header.addStringValue(OUT_SERVICE_URL, - "/kra?"); - header.addStringValue(OUT_TEMPLATE, - TPL_FILE); - header.addStringValue(OUT_FILTER, - filter); + header.addStringValue(OUT_SERVICE_URL, "/kra?"); + header.addStringValue(OUT_TEMPLATE, TPL_FILE); + header.addStringValue(OUT_FILTER, filter); if (publicKeyData != null) { - header.addStringValue("publicKeyData", - publicKeyData); + header.addStringValue("publicKeyData", publicKeyData); } if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + + mTimeLimits); timeLimit = mTimeLimits; } CMS.debug("Start searching ... timelimit=" + timeLimit); @@ -289,22 +281,20 @@ public class SrchKeyForRecovery extends CMSServlet { int count = 0; if (e == null) { - header.addStringValue(OUT_SENTINEL, - null); + header.addStringValue(OUT_SENTINEL, null); } else { while (e.hasMoreElements()) { - IKeyRecord rec = (IKeyRecord) - e.nextElement(); + IKeyRecord rec = (IKeyRecord) e.nextElement(); // rec is null when we specify maxResults // DS will return an err=4, which triggers - // a LDAPException.SIZE_LIMIT_ExCEEDED + // a LDAPException.SIZE_LIMIT_ExCEEDED // in DSSearchResults.java if (rec != null) { - IArgBlock rarg = CMS.createArgBlock(); + IArgBlock rarg = CMS.createArgBlock(); - KeyRecordParser.fillRecordIntoArg(rec, rarg); - argSet.addRepeatRecord(rarg); - count++; + KeyRecordParser.fillRecordIntoArg(rec, rarg); + argSet.addRepeatRecord(rarg); + count++; } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java index c365d0f8..f228b2da 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.X509Certificate; @@ -46,22 +45,19 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** * Configure the CA to respond to OCSP requests for a CA - * + * * @version $Revision$ $Date$ */ public class AddCAServlet extends CMSServlet { - + /** * */ private static final long serialVersionUID = 1065151608542115340L; - public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; - public static final String END_HEADER = - "-----END CERTIFICATE-----"; + public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----"; + public static final String END_HEADER = "-----END CERTIFICATE-----"; public static final BigInteger BIG_ZERO = new BigInteger("0"); public static final Long MINUS_ONE = Long.valueOf(-1); @@ -70,10 +66,8 @@ public class AddCAServlet extends CMSServlet { private String mFormPath = null; private IOCSPAuthority mOCSPAuthority = null; - private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST = - "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; - private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST = "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3"; public AddCAServlet() { super(); @@ -82,7 +76,7 @@ public class AddCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -100,19 +94,18 @@ public class AddCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert ca certificate. The format is base-64, DER - * encoded, wrapped with -----BEGIN CERTIFICATE-----, - * -----END CERTIFICATE----- strings - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when - * a CA is attempted to be added to the OCSP responder - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED - * used when an add CA request to the OCSP Responder is processed + * <li>http.param cert ca certificate. The format is base-64, DER encoded, + * wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- + * strings + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA + * is attempted to be added to the OCSP responder + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used + * when an add CA request to the OCSP Responder is processed * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -125,8 +118,8 @@ public class AddCAServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "add"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "add"); } catch (Exception e) { // do nothing for now } @@ -143,20 +136,21 @@ public class AddCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) + || auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to "+uid); + CMS.debug("AddCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } } @@ -164,47 +158,42 @@ public class AddCAServlet extends CMSServlet { if (b64 == null) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, - auditSubjectID, - ILogger.FAILURE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, auditSubjectID, + ILogger.FAILURE, ILogger.SIGNED_AUDIT_EMPTY_VALUE); - audit( auditMessage ); + audit(auditMessage); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), + "CMS_GW_MISSING_CA_CERT")); } auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim())); // record the fact that a request to add CA is made auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditCA); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, auditSubjectID, + ILogger.SUCCESS, auditCA); - audit( auditMessage ); + audit(auditMessage); if (b64.indexOf(BEGIN_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), + "CMS_GW_MISSING_CERT_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), + "CMS_GW_MISSING_CERT_FOOTER")); } IDefStore defStore = mOCSPAuthority.getDefaultStore(); @@ -215,17 +204,15 @@ public class AddCAServlet extends CMSServlet { try { X509Certificate cert = Cert.mapCert(b64); - if( cert == null ) { - CMS.debug( "AddCAServlet::process() - cert is null!" ); + if (cert == null) { + CMS.debug("AddCAServlet::process() - cert is null!"); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); - throw new EBaseException( "cert is null" ); + throw new EBaseException("cert is null"); } else { certs = new X509Certificate[1]; } @@ -239,7 +226,8 @@ public class AddCAServlet extends CMSServlet { try { // this could be a chain certs = Cert.mapCertFromPKCS7(b64); - if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) { + if (certs[0].getSubjectDN().getName() + .equals(certs[0].getIssuerDN().getName())) { leafCert = certs[certs.length - 1]; } else { leafCert = certs[0]; @@ -247,15 +235,13 @@ public class AddCAServlet extends CMSServlet { auditCASubjectDN = leafCert.getSubjectDN().getName(); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR")); } } if (certs != null && certs.length > 0) { @@ -264,32 +250,29 @@ public class AddCAServlet extends CMSServlet { // (2) store certificate (and certificate chain) into // database ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord( - leafCert.getSubjectDN().getName(), - BIG_ZERO, - MINUS_ONE, null, null); + leafCert.getSubjectDN().getName(), BIG_ZERO, MINUS_ONE, + null, null); try { - rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded()); + rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, + leafCert.getEncoded()); } catch (Exception e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); // error } defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec); - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName()); + log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + + leafCert.getSubjectDN().getName()); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditCASubjectDN); + LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, auditCASubjectDN); - audit( auditMessage ); + audit(auditMessage); } try { @@ -297,18 +280,18 @@ public class AddCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java index 029d396b..0f8ad1b4 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.security.cert.CRLException; @@ -55,10 +54,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** * Update the OCSP responder with a new CRL - * + * * @version $Revision$ $Date$ */ public class AddCRLServlet extends CMSServlet { @@ -67,19 +65,15 @@ public class AddCRLServlet extends CMSServlet { * */ private static final long serialVersionUID = 1476080474638590902L; - public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE REVOCATION LIST-----"; - public static final String END_HEADER = - "-----END CERTIFICATE REVOCATION LIST-----"; + public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE REVOCATION LIST-----"; + public static final String END_HEADER = "-----END CERTIFICATE REVOCATION LIST-----"; private final static String TPL_FILE = "addCRL.template"; private String mFormPath = null; private IOCSPAuthority mOCSPAuthority = null; - private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL = - "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; - private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION = - "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; + private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL = "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3"; + private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION = "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2"; public AddCRLServlet() { super(); @@ -88,7 +82,7 @@ public class AddCRLServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCRL.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -105,31 +99,32 @@ public class AddCRLServlet extends CMSServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param crl certificate revocation list, base-64, DER encoded - * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, - * -----END CERTIFICATE REVOCATION LIST----- strings + * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END + * CERTIFICATE REVOCATION LIST----- strings * <li>http.param noui if true, use minimal hardcoded text response * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are * retrieved by the OCSP Responder ("agent" or "EE") * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is * retrieved and validation process occurs ("agent" or "EE") * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ protected synchronized void process(CMSRequest cmsReq) - throws EBaseException { + throws EBaseException { boolean CRLFetched = false; boolean CRLValidated = false; String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE; - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("add_crl", true /* main action */); + statsSub.startTiming("add_crl", true /* main action */); } try { @@ -142,7 +137,7 @@ public class AddCRLServlet extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "add"); + mAuthzResourceName, "add"); } catch (Exception e) { // do nothing for now } @@ -152,42 +147,39 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, + ILogger.FAILURE, auditCRLNum); - audit( auditMessage ); + audit(auditMessage); return; } - if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) + || auditSubjectID.equals(ILogger.UNIDENTIFIED)) { if (authToken != null) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("AddCAServlet: auditSubjectID set to "+uid); + CMS.debug("AddCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } - } + } } log(ILogger.LL_INFO, "AddCRLServlet"); String b64 = cmsReq.getHttpReq().getParameter("crl"); - if (CMS.debugOn()) CMS.debug("AddCRLServlet: b64=" + b64); + if (CMS.debugOn()) + CMS.debug("AddCRLServlet: b64=" + b64); if (b64 == null) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, + ILogger.FAILURE, auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_CRL")); + CMS.getUserMessage("CMS_GW_MISSING_CRL")); } String nouiParm = cmsReq.getHttpReq().getParameter("noui"); @@ -208,21 +200,18 @@ public class AddCRLServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, - e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, + ILogger.FAILURE, auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -231,35 +220,31 @@ public class AddCRLServlet extends CMSServlet { if (b64.indexOf(BEGIN_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, + ILogger.FAILURE, auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CRL_HEADER")); + "CMS_GW_MISSING_CRL_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); + CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, + ILogger.FAILURE, auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException(CMS.getUserMessage(getLocale(req), - "CMS_GW_MISSING_CRL_FOOTER")); + "CMS_GW_MISSING_CRL_FOOTER")); } IDefStore defStore = mOCSPAuthority.getDefaultStore(); @@ -270,30 +255,28 @@ public class AddCRLServlet extends CMSServlet { long startTime = CMS.getCurrentDate().getTime(); CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime); if (statsSub != null) { - statsSub.startTiming("decode_crl"); + statsSub.startTiming("decode_crl"); } - crl = mapCRL1( b64 ); + crl = mapCRL1(b64); if (statsSub != null) { - statsSub.endTiming("decode_crl"); + statsSub.endTiming("decode_crl"); } long endTime = CMS.getCurrentDate().getTime(); - CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + - " diff=" + (endTime - startTime)); + CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + + " diff=" + (endTime - startTime)); // Retrieve the actual CRL number BigInteger crlNum = crl.getCRLNumber(); - if( crlNum != null ) { + if (crlNum != null) { auditCRLNum = crlNum.toString(); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.SUCCESS, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, + ILogger.SUCCESS, auditCRLNum); - audit( auditMessage ); + audit(auditMessage); // acknowledge that the CRL has been retrieved CRLFetched = true; @@ -302,121 +285,117 @@ public class AddCRLServlet extends CMSServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, + ILogger.FAILURE, auditCRLNum); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } - log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + - crl.getIssuerDN().getName()); + log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + + crl.getIssuerDN().getName()); ICRLIssuingPointRecord pt = null; try { - pt = defStore.readCRLIssuingPoint( - crl.getIssuerDN().getName()); + pt = defStore.readCRLIssuingPoint(crl.getIssuerDN().getName()); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", - crl.getIssuerDN().getName())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crl.getIssuerDN() + .getName())); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); } - log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " + - pt.getThisUpdate()); + log(ILogger.LL_INFO, + "AddCRLServlet: IssuingPoint " + pt.getThisUpdate()); // verify CRL byte caCertData[] = pt.getCACert(); if (caCertData != null) { - try { - X509CertImpl caCert = new X509CertImpl(caCertData); - CMS.debug("AddCRLServlet: start verify"); - - CryptoManager cmanager = CryptoManager.getInstance(); - org.mozilla.jss.crypto.X509Certificate jssCert = null; try { - jssCert = cmanager.importCACertPackage( - caCert.getEncoded()); - } catch (Exception e2) { - CMS.debug("AddCRLServlet: importCACertPackage " + - e2.toString()); - throw new EBaseException( e2.toString() ); - } + X509CertImpl caCert = new X509CertImpl(caCertData); + CMS.debug("AddCRLServlet: start verify"); - if (statsSub != null) { - statsSub.startTiming("verify_crl"); - } - crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); - if (statsSub != null) { - statsSub.endTiming("verify_crl"); - } - CMS.debug("AddCRLServlet: done verify"); + CryptoManager cmanager = CryptoManager.getInstance(); + org.mozilla.jss.crypto.X509Certificate jssCert = null; + try { + jssCert = cmanager.importCACertPackage(caCert + .getEncoded()); + } catch (Exception e2) { + CMS.debug("AddCRLServlet: importCACertPackage " + + e2.toString()); + throw new EBaseException(e2.toString()); + } - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.SUCCESS ); + if (statsSub != null) { + statsSub.startTiming("verify_crl"); + } + crl.verify(jssCert.getPublicKey(), "Mozilla-JSS"); + if (statsSub != null) { + statsSub.endTiming("verify_crl"); + } + CMS.debug("AddCRLServlet: done verify"); - audit( auditMessage ); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, ILogger.SUCCESS); - // acknowledge that the CRL has been validated - CRLValidated = true; - } catch (Exception e) { - CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString()); - CMS.debug(e); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", - crl.getIssuerDN().getName())); + audit(auditMessage); - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + // acknowledge that the CRL has been validated + CRLValidated = true; + } catch (Exception e) { + CMS.debug("AddCRLServlet: failed to verify CRL " + + e.toString()); + CMS.debug(e); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crl + .getIssuerDN().getName())); - audit( auditMessage ); + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, ILogger.FAILURE); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); - } + audit(auditMessage); + + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR")); + } } - if ((pt.getThisUpdate() != null) && - (pt.getThisUpdate().getTime() >= - crl.getThisUpdate().getTime())) { + if ((pt.getThisUpdate() != null) + && (pt.getThisUpdate().getTime() >= crl.getThisUpdate() + .getTime())) { // error, the uploaded CRL is older than the current CMS.debug("AddCRLServlet: no update, CRL is older"); log(ILogger.LL_INFO, - "AddCRLServlet: no update, received CRL is older " + - "than current CRL"); + "AddCRLServlet: no update, received CRL is older " + + "than current CRL"); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Sent CRL is older than the current CRL\n".getBytes()); + "error=Sent CRL is older than the current CRL\n" + .getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! return; } catch (Exception e) { @@ -424,26 +403,28 @@ public class AddCRLServlet extends CMSServlet { } else { CMS.debug("AddCRLServlet: CRL is older"); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! - throw new ECMSGWException(CMS.getUserMessage( - "CMS_GW_OLD_CRL_ERROR")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_OLD_CRL_ERROR")); } } if (crl.isDeltaCRL()) { CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported."); - log(ILogger.LL_INFO, "AddCRLServlet: no update, "+ - CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); + log(ILogger.LL_INFO, + "AddCRLServlet: no update, " + + CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); if (noUI) { try { resp.setContentType("application/text"); - resp.getOutputStream().write("status=1\n".getBytes()); + resp.getOutputStream().write("status=1\n".getBytes()); resp.getOutputStream().write( - "error=Delta CRLs are not supported.\n".getBytes()); + "error=Delta CRLs are not supported.\n" + .getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); @@ -451,7 +432,8 @@ public class AddCRLServlet extends CMSServlet { } catch (Exception e) { } } else { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED")); } } @@ -465,26 +447,25 @@ public class AddCRLServlet extends CMSServlet { IRepositoryRecord repRec = defStore.createRepositoryRecord(); - repRec.set(IRepositoryRecord.ATTR_SERIALNO, - new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); + repRec.set( + IRepositoryRecord.ATTR_SERIALNO, + new BigInteger(Long.toString(crl.getThisUpdate().getTime()))); try { - defStore.addRepository( - crl.getIssuerDN().getName(), - Long.toString(crl.getThisUpdate().getTime()), - repRec); - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " + - Long.toString(crl.getThisUpdate().getTime())); + defStore.addRepository(crl.getIssuerDN().getName(), + Long.toString(crl.getThisUpdate().getTime()), repRec); + log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " + + Long.toString(crl.getThisUpdate().getTime())); } catch (Exception e) { - CMS.debug("AddCRLServlet: add repository e=" + e.toString()); + CMS.debug("AddCRLServlet: add repository e=" + e.toString()); } - log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + - Long.toString(crl.getThisUpdate().getTime())); + log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + + Long.toString(crl.getThisUpdate().getTime())); if (defStore.waitOnCRLUpdate()) { defStore.updateCRL(crl); } else { - // when the CRL large, the thread is terminiated by the - // servlet framework before it can finish its work + // when the CRL large, the thread is terminiated by the + // servlet framework before it can finish its work UpdateCRLThread uct = new UpdateCRLThread(defStore, crl); uct.start(); @@ -496,64 +477,61 @@ public class AddCRLServlet extends CMSServlet { if (noUI) { CMS.debug("AddCRLServlet: return result noUI=true"); resp.setContentType("application/text"); - resp.getOutputStream().write("status=0".getBytes()); + resp.getOutputStream().write("status=0".getBytes()); resp.getOutputStream().flush(); cmsReq.setStatus(CMSRequest.SUCCESS); } else { CMS.debug("AddCRLServlet: return result noUI=false"); String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } } catch (IOException e) { CMS.debug("AddCRLServlet: return result error=" + e.toString()); - mOCSPAuthority.log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", - e.toString())); + mOCSPAuthority.log( + ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", + e.toString())); - // NOTE: The signed audit events - // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and - // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have - // already been logged at this point! + // NOTE: The signed audit events + // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and + // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have + // already been logged at this point! throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } - } catch( EBaseException eAudit1 ) { - if( !CRLFetched ) { + } catch (EBaseException eAudit1) { + if (!CRLFetched) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, - auditSubjectID, - ILogger.FAILURE, - auditCRLNum ); + LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID, + ILogger.FAILURE, auditCRLNum); - audit( auditMessage ); + audit(auditMessage); } else { - if( !CRLValidated ) { + if (!CRLValidated) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CRL_VALIDATION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_CRL_VALIDATION, + auditSubjectID, ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); } } throw eAudit1; } if (statsSub != null) { - statsSub.endTiming("add_crl"); + statsSub.endTiming("add_crl"); } } - public X509CRLImpl mapCRL1(String mime64) - throws IOException { + public X509CRLImpl mapCRL1(String mime64) throws IOException { mime64 = Cert.stripCRLBrackets(mime64.trim()); byte rawPub[] = CMS.AtoB(mime64); @@ -568,21 +546,19 @@ public class AddCRLServlet extends CMSServlet { } } - class UpdateCRLThread extends Thread { private IDefStore mDefStore = null; private X509CRL mCRL = null; - public UpdateCRLThread( - IDefStore defStore, X509CRL crl) { + public UpdateCRLThread(IDefStore defStore, X509CRL crl) { mDefStore = defStore; mCRL = crl; } public void run() { try { - if (!((X509CRLImpl)mCRL).areEntriesIncluded()) - mCRL = new X509CRLImpl(((X509CRLImpl)mCRL).getEncoded()); + if (!((X509CRLImpl) mCRL).areEntriesIncluded()) + mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded()); mDefStore.updateCRL(mCRL); } catch (CRLException e) { } catch (X509ExtensionException e) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java index 3e5d1f49..47236045 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.security.cert.X509CRLEntry; import java.security.cert.X509Certificate; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cmsutil.util.Cert; - /** - * Check the status of a specific certificate - * + * Check the status of a specific certificate + * * @version $Revision$ $Date$ */ public class CheckCertServlet extends CMSServlet { @@ -60,10 +58,8 @@ public class CheckCertServlet extends CMSServlet { * */ private static final long serialVersionUID = 7782198059640825050L; - public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; - public static final String END_HEADER = - "-----END CERTIFICATE-----"; + public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----"; + public static final String END_HEADER = "-----END CERTIFICATE-----"; public static final String ATTR_STATUS = "status"; public static final String ATTR_ISSUERDN = "issuerDN"; @@ -85,7 +81,7 @@ public class CheckCertServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "checkCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -102,14 +98,13 @@ public class CheckCertServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param cert certificate to check. Base64, DER encoded, wrapped - * in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings + * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in + * -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -118,8 +113,8 @@ public class CheckCertServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "validate"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "validate"); } catch (Exception e) { // do nothing for now } @@ -136,9 +131,10 @@ public class CheckCertServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -151,12 +147,14 @@ public class CheckCertServlet extends CMSServlet { if (b64.indexOf(BEGIN_HEADER) == -1) { // error - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), + "CMS_GW_MISSING_CERT_HEADER")); } if (b64.indexOf(END_HEADER) == -1) { // error - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER")); + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), + "CMS_GW_MISSING_CERT_FOOTER")); } X509Certificate cert = null; @@ -164,23 +162,27 @@ public class CheckCertServlet extends CMSServlet { try { cert = Cert.mapCert(b64); } catch (Exception e) { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR")); } if (cert == null) { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR")); } - ICRLIssuingPointRecord pt = defStore.readCRLIssuingPoint( - cert.getIssuerDN().getName()); + ICRLIssuingPointRecord pt = defStore.readCRLIssuingPoint(cert + .getIssuerDN().getName()); header.addStringValue(ATTR_ISSUERDN, cert.getIssuerDN().getName()); header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName()); - header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16)); + header.addStringValue(ATTR_SERIALNO, "0x" + + cert.getSerialNumber().toString(16)); try { - X509CRLImpl crl = null; + X509CRLImpl crl = null; - crl = new X509CRLImpl(pt.getCRL()); - X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber()); + crl = new X509CRLImpl(pt.getCRL()); + X509CRLEntry crlentry = crl.getRevokedCertificate(cert + .getSerialNumber()); if (crlentry == null) { if (defStore.isNotFoundGood()) { @@ -194,25 +196,27 @@ public class CheckCertServlet extends CMSServlet { } catch (Exception e) { header.addStringValue(ATTR_STATUS, STATUS_UNKNOWN); } - log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status " + cert.getIssuerDN().getName() + " " + cert.getSerialNumber().toString()); + log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status " + + cert.getIssuerDN().getName() + " " + + cert.getSerialNumber().toString()); try { ServletOutputStream out = resp.getOutputStream(); String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java index 704c759c..e9530c74 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.util.Locale; @@ -41,11 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Retrieve information about the number of OCSP requests the OCSP - * has serviced - * + * Retrieve information about the number of OCSP requests the OCSP has serviced + * * @version $Revision$, $Date$ */ public class GetOCSPInfo extends CMSServlet { @@ -61,9 +58,9 @@ public class GetOCSPInfo extends CMSServlet { } /** - * initialize the servlet. This servlet uses the template - * file "getOCSPInfo.template" to render the result page. - * + * initialize the servlet. This servlet uses the template file + * "getOCSPInfo.template" to render the result page. + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -79,14 +76,12 @@ public class GetOCSPInfo extends CMSServlet { } - /** - * Process the HTTP request. - * + * Process the HTTP request. + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -94,14 +89,14 @@ public class GetOCSPInfo extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -113,9 +108,10 @@ public class GetOCSPInfo extends CMSServlet { IArgBlock args = cmsReq.getHttpParams(); if (!(mAuthority instanceof IOCSPService)) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP")); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -126,10 +122,11 @@ public class GetOCSPInfo extends CMSServlet { try { form = getTemplate(mFormPath, httpReq, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); return; } @@ -147,8 +144,9 @@ public class GetOCSPInfo extends CMSServlet { header.addLongValue("totalData", ca.getOCSPTotalData()); long secs = 0; if (ca.getOCSPRequestTotalTime() != 0) { - secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime(); - } + secs = (ca.getNumOCSPRequest() * 1000) + / ca.getOCSPRequestTotalTime(); + } header.addLongValue("ReqSec", secs); try { ServletOutputStream out = httpResp.getOutputStream(); @@ -157,10 +155,10 @@ public class GetOCSPInfo extends CMSServlet { form.renderOutput(out, argSet); cmsReq.setStatus(CMSRequest.SUCCESS); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - cmsReq.setError(new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + cmsReq.setError(new ECMSGWException(CMS + .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"))); cmsReq.setStatus(CMSRequest.ERROR); } cmsReq.setStatus(CMSRequest.SUCCESS); diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java index 063d8513..d74938b8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Show the list of CA's that the OCSP responder can service - * + * * @version $Revision$ $Date$ */ public class ListCAServlet extends CMSServlet { @@ -57,10 +55,8 @@ public class ListCAServlet extends CMSServlet { * */ private static final long serialVersionUID = 3764395161795483452L; - public static final String BEGIN_HEADER = - "-----BEGIN CERTIFICATE-----"; - public static final String END_HEADER = - "-----END CERTIFICATE-----"; + public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----"; + public static final String END_HEADER = "-----END CERTIFICATE-----"; private final static String TPL_FILE = "listCAs.template"; private String mFormPath = null; @@ -73,7 +69,7 @@ public class ListCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "listCAs.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -89,11 +85,10 @@ public class ListCAServlet extends CMSServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); @@ -102,8 +97,8 @@ public class ListCAServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); } catch (Exception e) { // do nothing for now } @@ -120,9 +115,10 @@ public class ListCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -133,12 +129,12 @@ public class ListCAServlet extends CMSServlet { Enumeration recs = defStore.searchAllCRLIssuingPointRecord(100); // show the current CRL number if present - header.addStringValue("stateCount", - Integer.toString(defStore.getStateCount())); + header.addStringValue("stateCount", + Integer.toString(defStore.getStateCount())); while (recs.hasMoreElements()) { - ICRLIssuingPointRecord rec = - (ICRLIssuingPointRecord) recs.nextElement(); + ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) recs + .nextElement(); IArgBlock rarg = CMS.createArgBlock(); String thisId = rec.getId(); @@ -163,17 +159,17 @@ public class ListCAServlet extends CMSServlet { rarg.addLongValue("NumRevoked", 0); } else { if (rc.longValue() == -1) { - rarg.addStringValue("NumRevoked", "UNKNOWN"); - } else { - rarg.addLongValue("NumRevoked", rc.longValue()); + rarg.addStringValue("NumRevoked", "UNKNOWN"); + } else { + rarg.addLongValue("NumRevoked", rc.longValue()); } } BigInteger crlNumber = rec.getCRLNumber(); if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) { - rarg.addStringValue("CRLNumber", "UNKNOWN"); + rarg.addStringValue("CRLNumber", "UNKNOWN"); } else { - rarg.addStringValue("CRLNumber", crlNumber.toString()); + rarg.addStringValue("CRLNumber", crlNumber.toString()); } rarg.addLongValue("ReqCount", defStore.getReqCount(thisId)); @@ -185,18 +181,18 @@ public class ListCAServlet extends CMSServlet { String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java index cfc91975..c1f8b3d0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; @@ -47,11 +46,10 @@ import com.netscape.cmsutil.ocsp.ResponseData; import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; - /** - * Process OCSP messages, According to RFC 2560 - * See http://www.ietf.org/rfc/rfc2560.txt - * + * Process OCSP messages, According to RFC 2560 See + * http://www.ietf.org/rfc/rfc2560.txt + * * @version $Revision$ $Date$ */ public class OCSPServlet extends CMSServlet { @@ -65,7 +63,7 @@ public class OCSPServlet extends CMSServlet { public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize"; public final static String PROP_ID = "ID"; - private int m_maxRequestSize=5000; + private int m_maxRequestSize = 5000; public OCSPServlet() { super(); @@ -74,43 +72,43 @@ public class OCSPServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { super.init(sc); String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE); if (s != null) { - try { - m_maxRequestSize = Integer.parseInt(s); - } catch (Exception e) {} - } + try { + m_maxRequestSize = Integer.parseInt(s); + } catch (Exception e) { + } + } } /** - * Process the HTTP request. - * This method is invoked when the OCSP service receives a OCSP - * request. Based on RFC 2560, the request should have the OCSP - * request in the HTTP body as binary blob. - * + * Process the HTTP request. This method is invoked when the OCSP service + * receives a OCSP request. Based on RFC 2560, the request should have the + * OCSP request in the HTTP body as binary blob. + * * @param cmsReq the object holding the request and response information */ protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("ocsp", true /* main action */); + statsSub.startTiming("ocsp", true /* main action */); } IAuthToken authToken = authenticate(cmsReq); AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "submit"); } catch (Exception e) { // do nothing for now } @@ -119,12 +117,12 @@ public class OCSPServlet extends CMSServlet { cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } - + CMS.debug("Servlet Path=" + httpReq.getServletPath()); CMS.debug("RequestURI=" + httpReq.getRequestURI()); - String pathInfo = httpReq.getPathInfo(); + String pathInfo = httpReq.getPathInfo(); if (pathInfo != null && pathInfo.indexOf('%') != -1) { - pathInfo = URLDecoder.decode(pathInfo); + pathInfo = URLDecoder.decode(pathInfo); } CMS.debug("PathInfo=" + pathInfo); @@ -136,46 +134,50 @@ public class OCSPServlet extends CMSServlet { String method = httpReq.getMethod(); CMS.debug("Method=" + method); if (method != null && method.equals("POST")) { - int reqlen = httpReq.getContentLength(); - - if (reqlen == -1) { - throw new Exception("OCSPServlet: Content-Length not supplied"); - } - if (reqlen == 0) { - throw new Exception("OCSPServlet: Invalid Content-Length"); - } - if (reqlen > m_maxRequestSize) { - throw new Exception("OCSPServlet: Client sending too much OCSP request data ("+reqlen+")"); - } - - // for debugging - reqbuf = new byte[reqlen]; - int bytesread = 0; - boolean partial = false; - - while (bytesread < reqlen) { - int r = is.read(reqbuf, bytesread, reqlen - bytesread); - if (r == -1) { - throw new Exception("OCSPServlet: Client did not supply enough OCSP data"); + int reqlen = httpReq.getContentLength(); + + if (reqlen == -1) { + throw new Exception( + "OCSPServlet: Content-Length not supplied"); + } + if (reqlen == 0) { + throw new Exception("OCSPServlet: Invalid Content-Length"); + } + if (reqlen > m_maxRequestSize) { + throw new Exception( + "OCSPServlet: Client sending too much OCSP request data (" + + reqlen + ")"); } - bytesread += r; - if (partial == false) { - if (bytesread < reqlen) { - partial = true; + + // for debugging + reqbuf = new byte[reqlen]; + int bytesread = 0; + boolean partial = false; + + while (bytesread < reqlen) { + int r = is.read(reqbuf, bytesread, reqlen - bytesread); + if (r == -1) { + throw new Exception( + "OCSPServlet: Client did not supply enough OCSP data"); + } + bytesread += r; + if (partial == false) { + if (bytesread < reqlen) { + partial = true; + } } } - } - is = new ByteArrayInputStream(reqbuf); + is = new ByteArrayInputStream(reqbuf); } else { - // GET method - if ( (pathInfo == null) || - (pathInfo.equals( "" ) ) || - (pathInfo.substring(1) == null) || - (pathInfo.substring(1).equals( "" ) ) ) { - throw new Exception("OCSPServlet: OCSP request not provided in GET method"); - } - is = new ByteArrayInputStream( - com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); + // GET method + if ((pathInfo == null) || (pathInfo.equals("")) + || (pathInfo.substring(1) == null) + || (pathInfo.substring(1).equals(""))) { + throw new Exception( + "OCSPServlet: OCSP request not provided in GET method"); + } + is = new ByteArrayInputStream( + com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1))); } // (1) retrieve OCSP request @@ -183,22 +185,20 @@ public class OCSPServlet extends CMSServlet { OCSPResponse response = null; try { - OCSPRequest.Template reqTemplate = - new OCSPRequest.Template(); + OCSPRequest.Template reqTemplate = new OCSPRequest.Template(); - if ( (is == null) || - (is.toString().equals( "" ) ) ) { - throw new Exception( "OCSPServlet: OCSP request is " - + "empty or malformed"); + if ((is == null) || (is.toString().equals(""))) { + throw new Exception("OCSPServlet: OCSP request is " + + "empty or malformed"); } ocspReq = (OCSPRequest) reqTemplate.decode(is); - if ( (ocspReq == null) || - (ocspReq.toString().equals( "" ) ) ) { - throw new Exception( "OCSPServlet: Decoded OCSP request " - + "is empty or malformed"); + if ((ocspReq == null) || (ocspReq.toString().equals(""))) { + throw new Exception("OCSPServlet: Decoded OCSP request " + + "is empty or malformed"); } response = ((IOCSPService) mAuthority).validate(ocspReq); - } catch (Exception e) {; + } catch (Exception e) { + ; CMS.debug("OCSPServlet: " + e.toString()); } @@ -216,48 +216,54 @@ public class OCSPServlet extends CMSServlet { // we can validate the response if (CMS.debugOn()) { CMS.debug("OCSPServlet: OCSP Request:"); - CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq))); + CMS.debug("OCSPServlet: " + + CMS.BtoA(ASN1Util.encode(ocspReq))); TBSRequest tbsReq = ocspReq.getTBSRequest(); for (int i = 0; i < tbsReq.getRequestCount(); i++) { - com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i); - CMS.debug("Serial Number: " + req.getCertID().getSerialNumber()); + com.netscape.cmsutil.ocsp.Request req = tbsReq + .getRequestAt(i); + CMS.debug("Serial Number: " + + req.getCertID().getSerialNumber()); } CMS.debug("OCSPServlet: OCSP Response Size:"); - CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length)); + CMS.debug("OCSPServlet: " + + Integer.toString(respbytes.length)); CMS.debug("OCSPServlet: OCSP Response Data:"); CMS.debug("OCSPServlet: " + CMS.BtoA(respbytes)); ResponseBytes rbytes = response.getResponseBytes(); if (rbytes == null) { CMS.debug("Response bytes is null"); } else if (rbytes.getObjectIdentifier().equals( - ResponseBytes.OCSP_BASIC)) { - BasicOCSPResponse basicRes = (BasicOCSPResponse) - BasicOCSPResponse.getTemplate().decode( - new ByteArrayInputStream(rbytes.getResponse().toByteArray())); + ResponseBytes.OCSP_BASIC)) { + BasicOCSPResponse basicRes = (BasicOCSPResponse) BasicOCSPResponse + .getTemplate().decode( + new ByteArrayInputStream(rbytes + .getResponse().toByteArray())); if (basicRes == null) { CMS.debug("Basic Res is null"); } else { ResponseData data = basicRes.getResponseData(); for (int i = 0; i < data.getResponseCount(); i++) { SingleResponse res = data.getResponseAt(i); - CMS.debug("Serial Number: " + - res.getCertID().getSerialNumber() + - " Status: " + - res.getCertStatus().getClass().getName()); + CMS.debug("Serial Number: " + + res.getCertID().getSerialNumber() + + " Status: " + + res.getCertStatus().getClass() + .getName()); } } } } httpResp.setContentType("application/ocsp-response"); - + httpResp.setContentLength(respbytes.length); OutputStream ooss = httpResp.getOutputStream(); ooss.write(respbytes); ooss.flush(); if (statsSub != null) { - statsSub.endTiming("ocsp"); + statsSub.endTiming("ocsp"); } mRenderResult = false; diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java index 3ec72bb8..6a639e2f 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.ocsp; - import java.io.IOException; import java.util.Locale; @@ -41,11 +40,11 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Configure the CA to no longer respond to OCSP requests for a CA - * - * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $ + * + * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep + * 2010) $ */ public class RemoveCAServlet extends CMSServlet { @@ -57,13 +56,10 @@ public class RemoveCAServlet extends CMSServlet { private String mFormPath = null; private IOCSPAuthority mOCSPAuthority = null; - private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; - private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST = "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3"; - private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; + private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3"; public RemoveCAServlet() { super(); @@ -72,7 +68,7 @@ public class RemoveCAServlet extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "addCA.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -90,18 +86,19 @@ public class RemoveCAServlet extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param ca id. The format is string. - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when - * a CA is attempted to be removed from the OCSP responder - * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS - * and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when - * a remove CA request to the OCSP Responder is processed successfully or not. + * <li>http.param ca id. The format is string. + * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a + * CA is attempted to be removed from the OCSP responder + * <li>signed.audit + * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and + * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used + * when a remove CA request to the OCSP Responder is processed successfully + * or not. * </ul> - * + * * @param cmsReq the object holding the request and response information */ - protected void process(CMSRequest cmsReq) - throws EBaseException { + protected void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); HttpServletResponse resp = cmsReq.getHttpResp(); String auditMessage = null; @@ -114,8 +111,8 @@ public class RemoveCAServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "add"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "add"); } catch (Exception e) { // do nothing for now } @@ -132,89 +129,87 @@ public class RemoveCAServlet extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); IArgBlock fixed = CMS.createArgBlock(); CMSTemplateParams argSet = new CMSTemplateParams(header, fixed); - if (auditSubjectID.equals(ILogger.NONROLEUSER) || - auditSubjectID.equals(ILogger.UNIDENTIFIED)) { + if (auditSubjectID.equals(ILogger.NONROLEUSER) + || auditSubjectID.equals(ILogger.UNIDENTIFIED)) { String uid = authToken.getInString(IAuthToken.USER_ID); if (uid != null) { - CMS.debug("RemoveCAServlet: auditSubjectID set to "+uid); + CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid); auditSubjectID = uid; } } - String caID = cmsReq.getHttpReq().getParameter("caID"); - + String caID = cmsReq.getHttpReq().getParameter("caID"); - if (caID == null) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, - ILogger.FAILURE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + if (caID == null) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, ILogger.FAILURE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); - throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID")); - } + throw new ECMSGWException(CMS.getUserMessage(getLocale(req), + "CMS_GW_MISSING_CA_ID")); + } - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - caID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST, auditSubjectID, + ILogger.SUCCESS, caID); - audit( auditMessage ); + audit(auditMessage); - IDefStore defStore = mOCSPAuthority.getDefaultStore(); + IDefStore defStore = mOCSPAuthority.getDefaultStore(); - try { - defStore.deleteCRLIssuingPointRecord(caID); + try { + defStore.deleteCRLIssuingPointRecord(caID); - } catch (EBaseException e) { + } catch (EBaseException e) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, - auditSubjectID, - ILogger.FAILURE, - caID); - audit( auditMessage ); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE, + auditSubjectID, ILogger.FAILURE, caID); + audit(auditMessage); - CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID); - throw new EBaseException(e.toString()); + CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + + caID); + throw new EBaseException(e.toString()); } - CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID); + CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + + caID); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, - auditSubjectID, - ILogger.SUCCESS, - caID); - audit( auditMessage ); + LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS, + auditSubjectID, ILogger.SUCCESS, caID); + audit(auditMessage); try { ServletOutputStream out = resp.getOutputStream(); String error = null; String xmlOutput = req.getParameter("xml"); - if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); - } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); - } + if (xmlOutput != null && xmlOutput.equals("true")) { + outputXML(resp, argSet); + } else { + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java index 1e44dad1..2d3f1874 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Process CMC messages according to RFC 2797 - * See http://www.ietf.org/rfc/rfc2797.txt - * + * Process CMC messages according to RFC 2797 See + * http://www.ietf.org/rfc/rfc2797.txt + * * @version $Revision$, $Date$ */ public class CMCProcessor extends PKIProcessor { @@ -87,56 +85,56 @@ public class CMCProcessor extends PKIProcessor { super(); } - public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) { + public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, + boolean doEnforcePop) { super(cmsReq, servlet); enforcePop = doEnforcePop; } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { } - public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + public X509CertInfo[] fillCertInfoArray(String protocolString, + IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!"); String cmc = protocolString; try { byte[] cmcBlob = CMS.AtoB(cmc); - ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); + ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(cmcBlob); - org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo + .getTemplate().decode(cmcBlobIn); - if - (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent()) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); + if (!cmcReq.getContentType().equals( + org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) + || !cmcReq.hasContent()) + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); - SignedData cmcFullReq = (SignedData) - cmcReq.getInterpretedContent(); + SignedData cmcFullReq = (SignedData) cmcReq.getInterpretedContent(); EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); - if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { + if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) + || !ci.hasContent()) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); + ByteArrayInputStream s = new ByteArrayInputStream( + content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); SEQUENCE reqSequence = pkiData.getReqSequence(); @@ -144,10 +142,11 @@ public class CMCProcessor extends PKIProcessor { int numReqs = reqSequence.size(); X509CertInfo[] certInfoArray = new X509CertInfo[numReqs]; String[] reqIdArray = new String[numReqs]; - + for (int i = 0; i < numReqs; i++) { // decode message. - TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i); + TaggedRequest taggedRequest = (TaggedRequest) reqSequence + .elementAt(i); TaggedRequest.Type type = taggedRequest.getType(); @@ -157,35 +156,37 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(p10Id); - CertificationRequest p10 = - tcr.getCertificationRequest(); + CertificationRequest p10 = tcr.getCertificationRequest(); // transfer to sun class ByteArrayOutputStream ostream = new ByteArrayOutputStream(); p10.encode(ostream); - PKCS10Processor pkcs10Processor = new PKCS10Processor(mRequest, mServlet); + PKCS10Processor pkcs10Processor = new PKCS10Processor( + mRequest, mServlet); try { PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); - //xxx do we need to do anything else? + // xxx do we need to do anything else? X509CertInfo certInfo = CMS.getDefaultX509CertInfo(); - pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams); + pkcs10Processor.fillCertInfo(pkcs10, certInfo, + authToken, httpParams); - /* fillPKCS10(pkcs10,certInfo, - authToken, httpParams); + /* + * fillPKCS10(pkcs10,certInfo, authToken, httpParams); */ certInfoArray[i] = certInfo; } catch (Exception e) { - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_PKCS10_ERROR", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_PKCS10_ERROR", e.toString())); } } else if (type.equals(TaggedRequest.CRMF)) { - CRMFProcessor crmfProc = new CRMFProcessor(mRequest, mServlet, enforcePop); + CRMFProcessor crmfProc = new CRMFProcessor(mRequest, + mServlet, enforcePop); CertReqMsg crm = taggedRequest.getCrm(); CertRequest certReq = crm.getCertReq(); @@ -195,10 +196,12 @@ public class CMCProcessor extends PKIProcessor { reqIdArray[i] = String.valueOf(srcId); - certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); + certInfoArray[i] = crmfProc.processIndividualRequest(crm, + authToken, httpParams); } else { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT")); } } @@ -208,13 +211,11 @@ public class CMCProcessor extends PKIProcessor { Hashtable digs = new Hashtable(); for (int i = 0; i < numDig; i++) { - AlgorithmIdentifier dai = - (AlgorithmIdentifier) dais.elementAt(i); - String name = - DigestAlgorithm.fromOID(dai.getOID()).toString(); + AlgorithmIdentifier dai = (AlgorithmIdentifier) dais + .elementAt(i); + String name = DigestAlgorithm.fromOID(dai.getOID()).toString(); - MessageDigest md = - MessageDigest.getInstance(name); + MessageDigest md = MessageDigest.getInstance(name); byte[] digest = md.digest(content.toByteArray()); @@ -225,9 +226,8 @@ public class CMCProcessor extends PKIProcessor { int numSis = sis.size(); for (int i = 0; i < numSis; i++) { - org.mozilla.jss.pkix.cms.SignerInfo si = - (org.mozilla.jss.pkix.cms.SignerInfo) - sis.elementAt(i); + org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis + .elementAt(i); String name = si.getDigestAlgorithm().toString(); byte[] digest = (byte[]) digs.get(name); @@ -243,9 +243,10 @@ public class CMCProcessor extends PKIProcessor { SignerIdentifier sid = si.getSignerIdentifier(); - if - (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { - IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber(); + if (sid.getType().equals( + SignerIdentifier.ISSUER_AND_SERIALNUMBER)) { + IssuerAndSerialNumber issuerAndSerialNumber = sid + .getIssuerAndSerialNumber(); // find from the certs in the signedData X509Certificate cert = null; @@ -254,21 +255,23 @@ public class CMCProcessor extends PKIProcessor { int numCerts = certs.size(); for (int j = 0; j < numCerts; j++) { - Certificate certJss = - (Certificate) certs.elementAt(j); - CertificateInfo certI = - certJss.getInfo(); + Certificate certJss = (Certificate) certs + .elementAt(j); + CertificateInfo certI = certJss.getInfo(); Name issuer = certI.getIssuer(); byte[] issuerB = ASN1Util.encode(issuer); INTEGER sn = certI.getSerialNumber(); - if ( - new String(issuerB).equals(new - String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) - && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) { - ByteArrayOutputStream os = new - ByteArrayOutputStream(); + if (new String(issuerB) + .equals(new String(ASN1Util + .encode(issuerAndSerialNumber + .getIssuer()))) + && sn.toString().equals( + issuerAndSerialNumber + .getSerialNumber() + .toString())) { + ByteArrayOutputStream os = new ByteArrayOutputStream(); certJss.encode(os); cert = new X509CertImpl(os.toByteArray()); @@ -295,8 +298,7 @@ public class CMCProcessor extends PKIProcessor { keyType = PrivateKey.DSA; } else { } - PK11PubKey pubK = - PK11PubKey.fromRaw(keyType, + PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); @@ -309,21 +311,25 @@ public class CMCProcessor extends PKIProcessor { PublicKey signKey = null; while (signKey == null && j < numReqs) { - X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)).get(CertificateX509Key.KEY); + X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j] + .get(X509CertInfo.KEY)) + .get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(subjectKeyInfo.getEncoded()); byte[] skib = md.digest(); - if (new String(skib).equals(new String(ski.toByteArray()))) { + if (new String(skib).equals(new String(ski + .toByteArray()))) { signKey = subjectKeyInfo; } j++; } if (signKey == null) { - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", - "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); + throw new ECMSGWException( + CMS.getUserMessage( + "CMS_GW_CMC_ERROR", + "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request.")); } else { PrivateKey.Type keyType = null; String alg = signKey.getAlgorithm(); @@ -334,8 +340,7 @@ public class CMCProcessor extends PKIProcessor { keyType = PrivateKey.DSA; } else { } - PK11PubKey pubK = PK11PubKey.fromRaw( - keyType, + PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey()); si.verify(digest, id, pubK); @@ -351,8 +356,8 @@ public class CMCProcessor extends PKIProcessor { int numControls = controls.size(); for (int i = 0; i < numControls; i++) { - TaggedAttribute control = - (TaggedAttribute) controls.elementAt(i); + TaggedAttribute control = (TaggedAttribute) controls + .elementAt(i); OBJECT_IDENTIFIER type = control.getType(); SET values = control.getValues(); int numVals = values.size(); @@ -363,10 +368,9 @@ public class CMCProcessor extends PKIProcessor { if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { - ANY val = (ANY) - values.elementAt(j); - INTEGER transId = (INTEGER) ((ANY) val).decodeWith( - INTEGER.getTemplate()); + ANY val = (ANY) values.elementAt(j); + INTEGER transId = (INTEGER) ((ANY) val) + .decodeWith(INTEGER.getTemplate()); if (transId != null) { vals[j] = transId.toString(); @@ -374,17 +378,15 @@ public class CMCProcessor extends PKIProcessor { } if (vals != null) req.setExtData(IRequest.CMC_TRANSID, vals); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { String[] vals = null; if (numVals > 0) vals = new String[numVals]; for (int j = 0; j < numVals; j++) { - ANY val = (ANY) - values.elementAt(j); - OCTET_STRING nonce = (OCTET_STRING) - ((ANY) val).decodeWith(OCTET_STRING.getTemplate()); + ANY val = (ANY) values.elementAt(j); + OCTET_STRING nonce = (OCTET_STRING) ((ANY) val) + .decodeWith(OCTET_STRING.getTemplate()); if (nonce != null) { vals[j] = new String(nonce.toByteArray()); @@ -409,27 +411,31 @@ public class CMCProcessor extends PKIProcessor { return certInfoArray; } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); } catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); - }catch (Exception e) { + CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString())); + CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR")); + } catch (Exception e) { + throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", + e.toString())); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java index 27648758..99b4c2b3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * Process CRMF requests, according to RFC 2511 - * See http://www.ietf.org/rfc/rfc2511.txt - * + * Process CRMF requests, according to RFC 2511 See + * http://www.ietf.org/rfc/rfc2511.txt + * * @version $Revision$, $Date$ */ public class CRMFProcessor extends PKIProcessor { @@ -69,37 +67,36 @@ public class CRMFProcessor extends PKIProcessor { private boolean enforcePop = false; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = - "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; public CRMFProcessor() { super(); } - public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) { + public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, + boolean doEnforcePop) { super(cmsReq, servlet); enforcePop = doEnforcePop; mRequest = cmsReq; } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } /** * Verify Proof of Possession (POP) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof * of possession is checked during certificate enrollment * </ul> + * * @param certReqMsg the certificate request message * @exception EBaseException an error has occurred */ - private void verifyPOP(CertReqMsg certReqMsg) - throws EBaseException { + private void verifyPOP(CertReqMsg certReqMsg) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -118,59 +115,55 @@ public class CRMFProcessor extends PKIProcessor { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.SUCCESS ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, ILogger.SUCCESS); - audit( auditMessage ); + audit(auditMessage); } catch (Exception e) { CMS.debug("CRMFProcessor: Failed POP verify!"); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); + CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY")); } } } else { if (enforcePop == true) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); throw new ECMSGWException( - CMS.getLogMessage("CMSGW_ERROR_NO_POP")); + CMS.getLogMessage("CMSGW_ERROR_NO_POP")); } } - } catch( EBaseException eAudit1 ) { + } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, - auditSubjectID, - ILogger.FAILURE ); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, + ILogger.FAILURE); - audit( auditMessage ); + audit(auditMessage); } } - public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { CMS.debug("CRMFProcessor::processIndividualRequest!"); try { @@ -196,38 +189,39 @@ public class CRMFProcessor extends PKIProcessor { // field suggested notBefore and notAfter in CRMF // Tech Support #383184 - if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) { - CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null + || certTemplate.getNotAfter() != null) { + CertificateValidity certValidity = new CertificateValidity( + certTemplate.getNotBefore(), certTemplate.getNotAfter()); certInfo.set(X509CertInfo.VALIDITY, certValidity); } if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = - new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + subject)); + } else if (authToken == null + || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // No subject name - error! log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } // get extensions CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); } catch (CertificateException e) { extensions = null; } catch (IOException e) { @@ -242,35 +236,32 @@ public class CRMFProcessor extends PKIProcessor { int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = - certTemplate.extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = certTemplate + .extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = - jssext.getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext + .getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = - new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = - jssext.getExtnValue(); - ByteArrayOutputStream jssvalueout = - new ByteArrayOutputStream(); + ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext + .getExtnValue(); + ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = - new Extension(oid, isCritical, extValue); + Extension ext = new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } @@ -282,8 +273,8 @@ public class CRMFProcessor extends PKIProcessor { // to have the control of the subject name // formulation. // -- CRMFfillCert - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { + if (authToken != null + && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) { // if authenticated override subect name, validity and // extensions if any from authtoken. fillCertInfoFromAuthToken(certInfo, authToken); @@ -300,31 +291,34 @@ public class CRMFProcessor extends PKIProcessor { } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); - } /* catch (InvalidBERException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); - throw new ECMSGWException( - CMSGWResources.ERROR_CRMF_TO_CERTINFO); - } */ catch (InvalidKeyException e) { + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + } /* + * catch (InvalidBERException e) { log(ILogger.LL_FAILURE, + * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString())); + * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO); + * } + */catch (InvalidKeyException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } - public X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + public X509CertInfo[] fillCertInfoArray(String protocolString, + IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { CMS.debug("CRMFProcessor.fillCertInfoArray!"); @@ -332,11 +326,10 @@ public class CRMFProcessor extends PKIProcessor { try { byte[] crmfBlob = CMS.AtoB(crmf); - ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(crmfBlob); + ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob); - SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn); + SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( + new CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs]; @@ -344,31 +337,33 @@ public class CRMFProcessor extends PKIProcessor { for (int i = 0; i < nummsgs; i++) { // decode message. CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i); - + CertRequest certReq = certReqMsg.getCertReq(); INTEGER certReqId = certReq.getCertReqId(); int srcId = certReqId.intValue(); req.setExtData(IRequest.CRMF_REQID, String.valueOf(srcId)); - certInfoArray[i] = processIndividualRequest(certReqMsg, authToken, httpParams); + certInfoArray[i] = processIndividualRequest(certReqMsg, + authToken, httpParams); } - //do_testbed_hack(nummsgs, certInfoArray, httpParams); + // do_testbed_hack(nummsgs, certInfoArray, httpParams); return certInfoArray; } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } catch (InvalidBERException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); + CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java index d021f653..6ecb87c8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java @@ -17,19 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import com.netscape.certsrv.base.EBaseException; import com.netscape.cms.servlet.common.CMSRequest; - /** * This represents the request parser. - * + * * @version $Revision$, $Date$ */ public interface IPKIProcessor { - public void process(CMSRequest cmsReq) - throws EBaseException; + public void process(CMSRequest cmsReq) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java index cc035033..c78e0b7b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -37,11 +36,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * KeyGenProcess parses Certificate request matching the - * KEYGEN tag format used by Netscape Communicator 4.x - * + * KeyGenProcess parses Certificate request matching the KEYGEN tag format used + * by Netscape Communicator 4.x + * * @version $Revision$, $Date$ */ public class KeyGenProcessor extends PKIProcessor { @@ -55,14 +53,11 @@ public class KeyGenProcessor extends PKIProcessor { } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { CMS.debug("KeyGenProcessor: fillCertInfo"); @@ -72,28 +67,30 @@ public class KeyGenProcessor extends PKIProcessor { KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo( PKIProcessor.SUBJECT_KEYGEN_INFO, null); - + // fill key X509Key key = null; key = keyGenInfo.getSPKI(); if (key == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); + CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO")); } try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - "Could not set key into certInfo from keygen. Error " + e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + "Could not set key into certInfo from keygen. Error " + e); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString())); } String authMgr = mServlet.getAuthMgr(); @@ -106,12 +103,13 @@ public class KeyGenProcessor extends PKIProcessor { if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { // allow special case for agent gateway in admin enroll // and bulk issuance. - if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && - !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { + if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) + && !authMgr + .equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN")); } fillCertInfoFromForm(certInfo, httpParams); } else { diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java index 53d38455..19e343e6 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; @@ -46,12 +45,10 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** - * PKCS10Processor process Certificate Requests in - * PKCS10 format, as defined here: - * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html - * + * PKCS10Processor process Certificate Requests in PKCS10 format, as defined + * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html + * * @version $Revision$, $Date$ */ public class PKCS10Processor extends PKIProcessor { @@ -61,7 +58,7 @@ public class PKCS10Processor extends PKIProcessor { private final String USE_INTERNAL_PKCS10 = "internal"; public PKCS10Processor() { - + super(); } @@ -70,25 +67,20 @@ public class PKCS10Processor extends PKIProcessor { } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - public void fillCertInfo( - PKCS10 pkcs10, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(PKCS10 pkcs10, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { mPkcs10 = pkcs10; - - fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); + + fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); } - public void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + public void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { PKCS10 p10 = null; @@ -99,12 +91,13 @@ public class PKCS10Processor extends PKIProcessor { } else if (protocolString.equals(USE_INTERNAL_PKCS10)) { p10 = mPkcs10; } else { - CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" ); - throw new EBaseException( "p10 is null" ); + CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!"); + throw new EBaseException("p10 is null"); } if (mServlet == null) { - EBaseException ex = new ECMSGWException("Servlet property of PKCS10Processor is null."); + EBaseException ex = new ECMSGWException( + "Servlet property of PKCS10Processor is null."); throw ex; @@ -114,22 +107,24 @@ public class PKCS10Processor extends PKIProcessor { X509Key key = p10.getSubjectPublicKeyInfo(); if (key == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10")); } CertificateX509Key certKey = new CertificateX509Key(key); try { certInfo.set(X509CertInfo.KEY, certKey); } catch (CertificateException e) { - EBaseException ex = new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + EBaseException ex = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; } catch (IOException e) { - EBaseException ex = new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + EBaseException ex = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); log(ILogger.LL_FAILURE, ex.toString()); throw ex; @@ -139,33 +134,34 @@ public class PKCS10Processor extends PKIProcessor { if (subject != null) { try { - certInfo.set(X509CertInfo.SUBJECT, - new CertificateSubjectName(subject)); - log(ILogger.LL_INFO, - "Setting subject name " + subject + " from p10."); + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + subject)); + log(ILogger.LL_INFO, "Setting subject name " + subject + + " from p10."); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in X500 name parsing, // this will catch it. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString())); } - } else if (authToken == null || - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { + } else if (authToken == null + || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); + CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10")); } // fill extensions from pkcs 10 attributes if any. @@ -176,45 +172,49 @@ public class PKCS10Processor extends PKIProcessor { PKCS10Attributes p10Attrs = p10.getAttributes(); if (p10Attrs != null) { - PKCS10Attribute p10Attr = (PKCS10Attribute) - (p10Attrs.getAttribute(CertificateExtensions.NAME)); - - if (p10Attr != null && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { - Extensions exts0 = (Extensions) - (p10Attr.getAttributeValue()); + PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs + .getAttribute(CertificateExtensions.NAME)); + + if (p10Attr != null + && p10Attr.getAttributeId().equals( + PKCS9Attribute.EXTENSION_REQUEST_OID)) { + Extensions exts0 = (Extensions) (p10Attr + .getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); byte[] extB = extOut.toByteArray(); DerInputStream extIn = new DerInputStream(extB); - CertificateExtensions exts = new CertificateExtensions(extIn); + CertificateExtensions exts = new CertificateExtensions( + extIn); if (exts != null) { certInfo.set(X509CertInfo.EXTENSIONS, exts); } } } - CMS.debug( - "PKCS10Processor: Seted cert extensions from pkcs10. "); + CMS.debug("PKCS10Processor: Seted cert extensions from pkcs10. "); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } catch (Exception e) { // if anything bad happens in extensions parsing, // this will catch it. log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); + CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", + e.toString())); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString())); } // override pkcs10 attributes with authtoken attributes @@ -222,9 +222,9 @@ public class PKCS10Processor extends PKIProcessor { // adminEnroll is an exception String authMgr = mServlet.getAuthMgr(); - if (authToken != null && - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null && - !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { + if (authToken != null + && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null + && !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { fillCertInfoFromAuthToken(certInfo, authToken); } @@ -233,12 +233,11 @@ public class PKCS10Processor extends PKIProcessor { // from the http parameters. if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) { fillValidityFromForm(certInfo, httpParams); - } - + } + } - private PKCS10 getPKCS10(IArgBlock httpParams) - throws EBaseException { + private PKCS10 getPKCS10(IArgBlock httpParams) throws EBaseException { PKCS10 pkcs10 = null; @@ -246,17 +245,20 @@ public class PKCS10Processor extends PKIProcessor { // support Enterprise 3.5.1 server where CERT_TYPE=csrCertType // instead of certType - certType = httpParams.getValueAsString(PKIProcessor.OLD_CERT_TYPE, null); + certType = httpParams + .getValueAsString(PKIProcessor.OLD_CERT_TYPE, null); if (certType == null) { - certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, "client"); + certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, + "client"); } else { // some policies may rely on the fact that // CERT_TYPE is set. So for 3.5.1 or eariler - // we need to set CERT_TYPE but not here. + // we need to set CERT_TYPE but not here. } if (certType.equals("client")) { // coming from MSIE - String p10b64 = httpParams.getValueAsString(PKIProcessor.PKCS10_REQUEST, null); + String p10b64 = httpParams.getValueAsString( + PKIProcessor.PKCS10_REQUEST, null); if (p10b64 != null) { try { @@ -266,18 +268,20 @@ public class PKCS10Processor extends PKIProcessor { } catch (Exception e) { // ok, if the above fails, it could // be a PKCS10 with header - pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); + pkcs10 = httpParams.getValueAsPKCS10( + PKIProcessor.PKCS10_REQUEST, false, null); // e.printStackTrace(); } } - //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); + // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null); } else { try { // coming from server cut & paste blob. - pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null); - }catch (Exception ex) { + pkcs10 = httpParams.getValueAsPKCS10( + PKIProcessor.PKCS10_REQUEST, false, null); + } catch (Exception ex) { ex.printStackTrace(); } } @@ -286,4 +290,4 @@ public class PKCS10Processor extends PKIProcessor { } -} +} diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java index 625808d7..b81b6831 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java +++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.processors; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Date; @@ -42,10 +41,9 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Process Certificate Requests - * + * * @version $Revision$, $Date$ */ public class PKIProcessor implements IPKIProcessor { @@ -57,7 +55,7 @@ public class PKIProcessor implements IPKIProcessor { public static final String PKCS10_REQUEST = "pkcs10Request"; public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo"; - protected CMSRequest mRequest = null; + protected CMSRequest mRequest = null; protected HttpServletRequest httpReq = null; protected String mServletId = null; @@ -83,31 +81,27 @@ public class PKIProcessor implements IPKIProcessor { } - public void process(CMSRequest cmsReq) - throws EBaseException { + public void process(CMSRequest cmsReq) throws EBaseException { } - protected void fillCertInfo( - String protocolString, X509CertInfo certInfo, - IAuthToken authToken, IArgBlock httpParams) - throws EBaseException { + protected void fillCertInfo(String protocolString, X509CertInfo certInfo, + IAuthToken authToken, IArgBlock httpParams) throws EBaseException { } - protected X509CertInfo[] fillCertInfoArray( - String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req) - throws EBaseException { + protected X509CertInfo[] fillCertInfoArray(String protocolString, + IAuthToken authToken, IArgBlock httpParams, IRequest req) + throws EBaseException { return null; } /** - * fill subject name, validity, extensions from authoken if any, - * overriding what was in pkcs10. - * fill subject name, extensions from http input if not authenticated. - * requests not authenticated will need to be approved by an agent. + * fill subject name, validity, extensions from authoken if any, overriding + * what was in pkcs10. fill subject name, extensions from http input if not + * authenticated. requests not authenticated will need to be approved by an + * agent. */ - public static void fillCertInfoFromAuthToken( - X509CertInfo certInfo, IAuthToken authToken) - throws EBaseException { + public static void fillCertInfoFromAuthToken(X509CertInfo certInfo, + IAuthToken authToken) throws EBaseException { // override subject, validity and extensions from auth token // CA determines algorithm, version and issuer. // take key from keygen, cmc, pkcs10 or crmf. @@ -115,61 +109,62 @@ public class PKIProcessor implements IPKIProcessor { CMS.debug("PKIProcessor: fillCertInfoFromAuthToken"); // subject name. try { - String subjectname = - authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT); + String subjectname = authToken + .getInString(AuthToken.TOKEN_CERT_SUBJECT); if (subjectname != null) { - CertificateSubjectName certSubject = (CertificateSubjectName) - new CertificateSubjectName(new X500Name(subjectname)); + CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName( + new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - log(ILogger.LL_INFO, - "cert subject set to " + certSubject + " from authtoken"); + log(ILogger.LL_INFO, "cert subject set to " + certSubject + + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", - e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } // validity try { CertificateValidity validity = null; - Date notBefore = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); - Date notAfter = - authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); + Date notBefore = authToken + .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE); + Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER); if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + log(ILogger.LL_INFO, "cert validity set to " + validity + + " from authtoken"); } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); + CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR")); } // extensions try { - CertificateExtensions extensions = - authToken.getInCertExts(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = authToken + .getInCertExts(X509CertInfo.EXTENSIONS); if (extensions != null) { certInfo.set(X509CertInfo.EXTENSIONS, extensions); @@ -177,73 +172,78 @@ public class PKIProcessor implements IPKIProcessor { } } catch (CertificateException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } catch (IOException e) { log(ILogger.LL_WARN, - CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); + CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR")); } } /** - * fill subject name, extension from form. - * this is done for unauthenticated requests. - * unauthenticated requests must be approved by agents so these will - * all be seen by and agent. + * fill subject name, extension from form. this is done for unauthenticated + * requests. unauthenticated requests must be approved by agents so these + * will all be seen by and agent. */ - public static void fillCertInfoFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + public static void fillCertInfoFromForm(X509CertInfo certInfo, + IArgBlock httpParams) throws EBaseException { CMS.debug("PKIProcessor: fillCertInfoFromForm"); // subject name. try { - String subject = httpParams.getValueAsString(PKIProcessor.SUBJECT_NAME, null); + String subject = httpParams.getValueAsString( + PKIProcessor.SUBJECT_NAME, null); if (subject == null) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); + CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM")); } X500Name x500name = new X500Name(subject); - certInfo.set( - X509CertInfo.SUBJECT, new CertificateSubjectName(x500name)); + certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName( + x500name)); fillValidityFromForm(certInfo, httpParams); } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IllegalArgumentException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); + CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS")); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); + CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR")); } // requested extensions. // let polcies form extensions from http input. } - public static void fillValidityFromForm( - X509CertInfo certInfo, IArgBlock httpParams) - throws EBaseException { + public static void fillValidityFromForm(X509CertInfo certInfo, + IArgBlock httpParams) throws EBaseException { CMS.debug("PKIProcessor: fillValidityFromForm!"); try { - String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null); - String notValidAfterStr = httpParams.getValueAsString("notValidAfter", null); + String notValidBeforeStr = httpParams.getValueAsString( + "notValidBefore", null); + String notValidAfterStr = httpParams.getValueAsString( + "notValidAfter", null); if (notValidBeforeStr != null && notValidAfterStr != null) { long notValidBefore = 0; @@ -266,44 +266,46 @@ public class PKIProcessor implements IPKIProcessor { if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - log(ILogger.LL_INFO, - "cert validity set to " + validity + " from authtoken"); + log(ILogger.LL_INFO, "cert validity set to " + validity + + " from authtoken"); } } } } catch (CertificateException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString())); + CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); + CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR")); } } /** * log according to authority category. */ - public static void log(int event, int level, String msg) { + public static void log(int event, int level, String msg) { CMS.getLogger().log(event, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } public static void log(int level, String msg) { CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "PKIProcessor " + ": " + msg); + "PKIProcessor " + ": " + msg); } /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -314,21 +316,17 @@ public class PKIProcessor implements IPKIProcessor { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, - null, - ILogger.S_SIGNED_AUDIT, - ILogger.LL_SECURITY, - msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, + ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, - * and is called to obtain the "SubjectID" for - * a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, and is called to + * obtain the "SubjectID" for a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -343,8 +341,7 @@ public class PKIProcessor implements IPKIProcessor { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) - auditContext.get(SessionContext.USER_ID); + subjectID = (String) auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -358,4 +355,3 @@ public class PKIProcessor implements IPKIProcessor { return subjectID; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java index da24d2c2..4ac119dc 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Toggle the approval state of a profile - * + * * @version $Revision$, $Date$ */ public class ProfileApproveServlet extends ProfileServlet { @@ -59,10 +57,9 @@ public class ProfileApproveServlet extends ProfileServlet { */ private static final long serialVersionUID = 3956879326742839550L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; - private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = - "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; + private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4"; private final static String OP_APPROVE = "approve"; private final static String OP_DISAPPROVE = "disapprove"; @@ -73,7 +70,7 @@ public class ProfileApproveServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -84,13 +81,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Process the HTTP request. * <P> - * + * * <ul> * <li>http.param profileId the id of the profile to change * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an * agent approves/disapproves a cert profile set by the administrator for * automatic approval * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -126,20 +124,18 @@ public class ProfileApproveServlet extends ProfileServlet { auditSubjectID = auditSubjectID(); CMS.debug(e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -150,30 +146,28 @@ public class ProfileApproveServlet extends ProfileServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "approve"); + mAuthzResourceName, "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -193,17 +187,15 @@ public class ProfileApproveServlet extends ProfileServlet { if (ps == null) { CMS.debug("ProfileApproveServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -214,20 +206,18 @@ public class ProfileApproveServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + - " not found"); + CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -236,20 +226,18 @@ public class ProfileApproveServlet extends ProfileServlet { IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileApproveServlet: Request Queue of " + - mAuthorityId + " not found"); + CMS.debug("ProfileApproveServlet: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -265,60 +253,54 @@ public class ProfileApproveServlet extends ProfileServlet { try { if (ps.isProfileEnable(profileId)) { - if (ps.checkOwner()) { - if (ps.getProfileEnableBy(profileId).equals(userid)) { - ps.disableProfile(profileId); - } else { - // only enableBy can disable profile - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_OWNER")); - outputTemplate(request, response, args); - - // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( + if (ps.checkOwner()) { + if (ps.getProfileEnableBy(profileId).equals(userid)) { + ps.disableProfile(profileId); + } else { + // only enableBy can disable profile + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage( + locale, "CMS_PROFILE_NOT_OWNER")); + outputTemplate(request, response, args); + + // store a message in the signed audit log file + auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + auditSubjectID, ILogger.FAILURE, + auditProfileID, auditProfileOp); - audit(auditMessage); + audit(auditMessage); - return; + return; + } + } else { + ps.disableProfile(profileId); } - } else { - ps.disableProfile(profileId); - } } else { ps.enableProfile(profileId, userid); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.SUCCESS, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.SUCCESS, auditProfileID, + auditProfileOp); audit(auditMessage); } catch (EProfileException e) { // profile not enabled - CMS.debug("ProfileApproveServlet: profile not error " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not error " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + auditSubjectID, ILogger.FAILURE, auditProfileID, + auditProfileOp); audit(auditMessage); @@ -327,37 +309,34 @@ public class ProfileApproveServlet extends ProfileServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - auditSubjectID, - ILogger.FAILURE, - auditProfileID, - auditProfileOp); + LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID, + ILogger.FAILURE, auditProfileID, auditProfileOp); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; // } catch( ServletException eAudit2 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, - // auditSubjectID, - // ILogger.FAILURE, - // auditProfileID, - // auditProfileOp ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, + // auditSubjectID, + // ILogger.FAILURE, + // auditProfileID, + // auditProfileOp ); // - // audit( auditMessage ); + // audit( auditMessage ); // - // // rethrow the specific exception to be handled later - // throw eAudit2; + // // rethrow the specific exception to be handled later + // throw eAudit2; } try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileApproveServlet: profile not found " + - e.toString()); + CMS.debug("ProfileApproveServlet: profile not found " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -385,14 +364,13 @@ public class ProfileApproveServlet extends ProfileServlet { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(setId, id); + IProfilePolicy policy = (IProfilePolicy) profile + .getProfilePolicy(setId, id); // (3) query all the profile policies // (4) default plugins convert request parameters - // into string http parameters - handlePolicy(list, response, locale, - id, policy); + // into string http parameters + handlePolicy(list, response, locale, id, policy); } ArgSet setArg = new ArgSet(); @@ -403,8 +381,8 @@ public class ProfileApproveServlet extends ProfileServlet { args.set(ARG_POLICY_SET_LIST, setlist); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + args.set(ARG_PROFILE_IS_ENABLED, + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); @@ -413,8 +391,8 @@ public class ProfileApproveServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); @@ -434,19 +412,19 @@ public class ProfileApproveServlet extends ProfileServlet { String defName = (String) defNames.nextElement(); IDescriptor defDesc = def.getValueDescriptor(locale, defName); if (defDesc == null) { - CMS.debug("defName=" + defName); + CMS.debug("defName=" + defName); } else { - String defSyntax = defDesc.getSyntax(); - String defConstraint = defDesc.getConstraint(); - String defValueName = defDesc.getDescription(locale); - String defValue = null; - - defset.set(ARG_DEF_ID, defName); - defset.set(ARG_DEF_SYNTAX, defSyntax); - defset.set(ARG_DEF_CONSTRAINT, defConstraint); - defset.set(ARG_DEF_NAME, defValueName); - defset.set(ARG_DEF_VAL, defValue); - deflist.add(defset); + String defSyntax = defDesc.getSyntax(); + String defConstraint = defDesc.getConstraint(); + String defValueName = defDesc.getDescription(locale); + String defValue = null; + + defset.set(ARG_DEF_ID, defName); + defset.set(ARG_DEF_SYNTAX, defSyntax); + defset.set(ARG_DEF_CONSTRAINT, defConstraint); + defset.set(ARG_DEF_NAME, defValueName); + defset.set(ARG_DEF_VAL, defValue); + deflist.add(defset); } } } @@ -463,11 +441,11 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile ID - * - * This method is called to obtain the "ProfileID" for - * a signed audit log message. + * + * This method is called to obtain the "ProfileID" for a signed audit log + * message. * <P> - * + * * @param req HTTP request * @return id string containing the signed audit log message ProfileID */ @@ -493,14 +471,14 @@ public class ProfileApproveServlet extends ProfileServlet { /** * Signed Audit Log Profile Operation - * - * This method is called to obtain the "Profile Operation" for - * a signed audit log message. + * + * This method is called to obtain the "Profile Operation" for a signed + * audit log message. * <P> - * + * * @param req HTTP request - * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, - * or SIGNED_AUDIT_EMPTY_VALUE + * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or + * SIGNED_AUDIT_EMPTY_VALUE */ private String auditProfileOp(HttpServletRequest req) { // if no signed audit object exists, bail @@ -508,13 +486,12 @@ public class ProfileApproveServlet extends ProfileServlet { return null; } - if (mProfileSubId == null || - mProfileSubId.equals("")) { + if (mProfileSubId == null || mProfileSubId.equals("")) { mProfileSubId = IProfileSubsystem.ID; } - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) CMS + .getSubsystem(mProfileSubId); if (ps == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -533,4 +510,3 @@ public class ProfileApproveServlet extends ProfileServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java index 4da41f7a..ded3dff8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -38,10 +37,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * List all enabled profiles. - * + * * @version $Revision$, $Date$ */ public class ProfileListServlet extends ProfileServlet { @@ -53,7 +51,7 @@ public class ProfileListServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileListServlet() { super(); @@ -62,7 +60,7 @@ public class ProfileListServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -72,7 +70,7 @@ public class ProfileListServlet extends ProfileServlet { /** * Process the HTTP request. - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -89,20 +87,20 @@ public class ProfileListServlet extends ProfileServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; } @@ -114,18 +112,18 @@ public class ProfileListServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileListServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) CMS + .getSubsystem(mProfileSubId); if (ps == null) { - CMS.debug("ProfileListServlet: ProfileSubsystem " + - mProfileSubId + " not found"); + CMS.debug("ProfileListServlet: ProfileSubsystem " + mProfileSubId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; - } + } ArgList list = new ArgList(); Enumeration e = ps.getProfileIds(); @@ -139,13 +137,13 @@ public class ProfileListServlet extends ProfileServlet { profile = ps.getProfile(id); } catch (EBaseException e1) { // skip bad profile - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped) " + e1.toString()); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped) " + e1.toString()); continue; } if (profile == null) { - CMS.debug("ProfileListServlet: profile " + id + - " not found (skipped)"); + CMS.debug("ProfileListServlet: profile " + id + + " not found (skipped)"); continue; } @@ -155,16 +153,16 @@ public class ProfileListServlet extends ProfileServlet { ArgSet profileArgs = new ArgSet(); profileArgs.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(id))); + Boolean.toString(ps.isProfileEnable(id))); profileArgs.set(ARG_PROFILE_ENABLED_BY, - ps.getProfileEnableBy(id)); + ps.getProfileEnableBy(id)); profileArgs.set(ARG_PROFILE_ID, id); - profileArgs.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + profileArgs.set(ARG_PROFILE_IS_VISIBLE, + Boolean.toString(profile.isVisible())); profileArgs.set(ARG_PROFILE_NAME, name); profileArgs.set(ARG_PROFILE_DESC, desc); list.add(profileArgs); - + } } args.set(ARG_RECORD, list); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java index a159c0f2..073d2cfb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; @@ -63,10 +62,9 @@ import com.netscape.certsrv.template.ArgSet; import com.netscape.certsrv.util.IStatsSubsystem; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet approves profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileProcessServlet extends ProfileServlet { @@ -78,10 +76,8 @@ public class ProfileProcessServlet extends ProfileServlet { private String mAuthorityId = null; private Nonces mNonces = null; - private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = - "requestNotes"; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = "requestNotes"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileProcessServlet() { } @@ -103,9 +99,9 @@ public class ProfileProcessServlet extends ProfileServlet { HttpServletRequest request = cmsReq.getHttpReq(); HttpServletResponse response = cmsReq.getHttpResp(); - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("approval", true /* main action */); + statsSub.startTiming("approval", true /* main action */); } IAuthToken authToken = null; @@ -119,13 +115,14 @@ public class ProfileProcessServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProfileProcessServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -134,23 +131,23 @@ public class ProfileProcessServlet extends ProfileServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "approve"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "approve"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -164,18 +161,19 @@ public class ProfileProcessServlet extends ProfileServlet { X509Certificate cert2 = getSSLClientCertificate(request); if (cert1 == null) { CMS.debug("ProfileProcessServlet: Unknown nonce"); - } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) { + } else if (cert1 != null && cert2 != null + && cert1.equals(cert2)) { nonceVerified = true; mNonces.removeNonce(nonce); } } else { CMS.debug("ProfileProcessServlet: Missing nonce"); } - CMS.debug("ProfileProcessServlet: nonceVerified="+nonceVerified); + CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified); if (!nonceVerified) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { statsSub.endTiming("approval"); @@ -193,17 +191,17 @@ public class ProfileProcessServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) CMS + .getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileProcessServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -212,28 +210,28 @@ public class ProfileProcessServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId + - " not found"); + CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileProcessServlet: Request Queue of " + - mAuthorityId + " not found"); + CMS.debug("ProfileProcessServlet: Request Queue of " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -243,11 +241,11 @@ public class ProfileProcessServlet extends ProfileServlet { if (requestId == null || requestId.equals("")) { CMS.debug("ProfileProcessServlet: Request Id not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_REQUEST_ID_NOT_FOUND")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -259,8 +257,8 @@ public class ProfileProcessServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileProcessServlet: request not found requestId=" + - requestId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -268,12 +266,12 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_REQUEST_NOT_FOUND", requestId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - // check if the request is in one of the terminal states + // check if the request is in one of the terminal states if (!req.getRequestStatus().equals(RequestStatus.PENDING)) { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, @@ -281,7 +279,7 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_REQUEST_ID, requestId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -292,11 +290,11 @@ public class ProfileProcessServlet extends ProfileServlet { if (profileId == null || profileId.equals("")) { CMS.debug("ProfileProcessServlet: Profile Id not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_ID_NOT_FOUND")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -305,24 +303,23 @@ public class ProfileProcessServlet extends ProfileServlet { if (op == null) { CMS.debug("ProfileProcessServlet: No op found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_OP_NOT_FOUND")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileProcessServlet: profile not found " + - " " + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileProcessServlet: profile not found " + " " + + " profileId=" + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -330,7 +327,7 @@ public class ProfileProcessServlet extends ProfileServlet { "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -344,16 +341,15 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_ID_NOT_ENABLED")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_ENABLED")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } - args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); @@ -361,21 +357,23 @@ public class ProfileProcessServlet extends ProfileServlet { if (op.equals("assign")) { String owner = req.getRequestOwner(); - // assigned owner + // assigned owner if (owner != null && owner.length() > 0) { if (!grantPermission(req, authToken)) { CMS.debug("ProfileProcessServlet: Permission not granted to assign request."); args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); - args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); + args.set(ARG_REQUEST_STATUS, req.getRequestStatus() + .toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } @@ -387,13 +385,16 @@ public class ProfileProcessServlet extends ProfileServlet { checkProfileVersion(profile, req, locale); updateValues(request, req, queue, profile, locale); updateNotes(request, req); - approveRequest(request, args, req, queue, profile, locale); + approveRequest(request, args, req, queue, profile, + locale); } else if (op.equals("reject")) { updateNotes(request, req); - rejectRequest(request, args, req, queue, profile, locale); + rejectRequest(request, args, req, queue, profile, + locale); } else if (op.equals("cancel")) { updateNotes(request, req); - cancelRequest(request, args, req, queue, profile, locale); + cancelRequest(request, args, req, queue, profile, + locale); } else if (op.equals("update")) { checkProfileVersion(profile, req, locale); updateValues(request, req, queue, profile, locale); @@ -401,27 +402,30 @@ public class ProfileProcessServlet extends ProfileServlet { } else if (op.equals("validate")) { updateValues(request, req, queue, profile, locale); } else if (op.equals("unassign")) { - unassignRequest(request, args, req, queue, profile, locale); + unassignRequest(request, args, req, queue, profile, + locale); } } else { CMS.debug("ProfileProcessServlet: Permission not granted to approve/reject/cancel/update/validate/unassign request."); args.set(ARG_OP, op); args.set(ARG_REQUEST_ID, req.getRequestId().toString()); - args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); + args.set(ARG_REQUEST_STATUS, req.getRequestStatus() + .toString()); args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_PROFILE_ID, profileId); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_DENY_OPERATION")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } // commit request to the storage - if (!op.equals("validate")) { + if (!op.equals("validate")) { try { if (op.equals("approve")) { queue.markAsServiced(req); @@ -429,43 +433,47 @@ public class ProfileProcessServlet extends ProfileServlet { queue.updateRequest(req); } } catch (EBaseException e) { - CMS.debug("ProfileProcessServlet: Request commit error " + - e.toString()); + CMS.debug("ProfileProcessServlet: Request commit error " + + e.toString()); // save request to disk args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } return; } } } catch (ERejectException e) { - CMS.debug("ProfileProcessServlet: execution rejected " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution rejected " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_REJECTED", e.toString())); + args.set( + ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED", + e.toString())); } catch (EDeferException e) { - CMS.debug("ProfileProcessServlet: execution defered " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution defered " + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_DEFERRED", e.toString())); + args.set( + ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED", + e.toString())); } catch (EPropertyException e) { - CMS.debug("ProfileProcessServlet: execution error " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_PROPERTY_ERROR", e.toString())); + args.set( + ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR", + e.toString())); } catch (EProfileException e) { - CMS.debug("ProfileProcessServlet: execution error " + - e.toString()); + CMS.debug("ProfileProcessServlet: execution error " + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } args.set(ARG_OP, op); @@ -475,15 +483,15 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); outputTemplate(request, response, args); if (statsSub != null) { - statsSub.endTiming("approval"); + statsSub.endTiming("approval"); } } - + public boolean grantPermission(IRequest req, IAuthToken token) { try { - boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable", - false); + boolean enable = CMS.getConfigStore().getBoolean( + "request.assignee.enable", false); if (!enable) return true; String owner = req.getRequestOwner(); @@ -496,32 +504,32 @@ public class ProfileProcessServlet extends ProfileServlet { return true; } catch (Exception e) { } - + return false; } /** - * Check if the request creation time is older than the profile - * lastModified attribute. + * Check if the request creation time is older than the profile lastModified + * attribute. */ - protected void checkProfileVersion(IProfile profile, IRequest req, - Locale locale) throws EProfileException { + protected void checkProfileVersion(IProfile profile, IRequest req, + Locale locale) throws EProfileException { IConfigStore profileConfig = profile.getConfigStore(); if (profileConfig != null) { String lastModified = null; try { - lastModified = profileConfig.getString("lastModified",""); + lastModified = profileConfig.getString("lastModified", ""); } catch (EBaseException e) { - CMS.debug(e.toString()); - throw new EProfileException( e.toString() ); + CMS.debug(e.toString()); + throw new EProfileException(e.toString()); } if (!lastModified.equals("")) { Date profileModifiedAt = new Date(Long.parseLong(lastModified)); - CMS.debug("ProfileProcessServlet: Profile Last Modified=" + - profileModifiedAt); + CMS.debug("ProfileProcessServlet: Profile Last Modified=" + + profileModifiedAt); Date reqCreatedAt = req.getCreationTime(); - CMS.debug("ProfileProcessServlet: Request Created At=" + - reqCreatedAt); + CMS.debug("ProfileProcessServlet: Request Created At=" + + reqCreatedAt); if (profileModifiedAt.after(reqCreatedAt)) { CMS.debug("Profile Newer Than Request"); throw new ERejectException("Profile Newer Than Request"); @@ -531,18 +539,16 @@ public class ProfileProcessServlet extends ProfileServlet { } protected void assignRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String id = auditSubjectID(); req.setRequestOwner(id); } protected void unassignRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { req.setRequestOwner(""); } @@ -552,13 +558,14 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * cancellation) + * cancellation) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -566,12 +573,11 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void cancelRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -582,25 +588,22 @@ public class ProfileProcessServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_CANCELLATION, - auditInfoValue); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, + ILogger.SUCCESS, auditRequesterID, + ILogger.SIGNED_AUDIT_CANCELLATION, auditInfoValue); audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_CANCELLATION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_CANCELLATION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -609,13 +612,14 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * rejection) + * rejection) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -623,12 +627,11 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ protected void rejectRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + IRequest req, IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -639,25 +642,22 @@ public class ProfileProcessServlet extends ProfileServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - auditInfoValue); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID, + ILogger.SUCCESS, auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, auditInfoValue); audit(auditMessage); // } catch( EProfileException eAudit1 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - // auditSubjectID, - // ILogger.FAILURE, - // auditRequesterID, - // ILogger.SIGNED_AUDIT_REJECTION, - // auditInfoValue ); + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + // auditSubjectID, + // ILogger.FAILURE, + // auditRequesterID, + // ILogger.SIGNED_AUDIT_REJECTION, + // auditInfoValue ); // - // audit( auditMessage ); + // audit( auditMessage ); // } } @@ -666,13 +666,14 @@ public class ProfileProcessServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - a manual "agent" profile based cert - * acceptance) + * acceptance) * <P> * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param request the servlet request * @param args argument set * @param req the certificate request @@ -680,12 +681,11 @@ public class ProfileProcessServlet extends ProfileServlet { * @param profile this profile * @param locale the system locale * @exception EProfileException an error related to this profile has - * occurred + * occurred */ - protected void approveRequest(ServletRequest request, ArgSet args, - IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws EProfileException { + protected void approveRequest(ServletRequest request, ArgSet args, + IRequest req, IRequestQueue queue, IProfile profile, Locale locale) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(req); @@ -700,42 +700,40 @@ public class ProfileProcessServlet extends ProfileServlet { if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile.getProfileOutput( - outputId); + IProfileOutput profileOutput = profile + .getProfileOutput(outputId); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); - String outputName = (String) - outputNames.nextElement(); - IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, - outputName); + String outputName = (String) outputNames + .nextElement(); + IDescriptor outputDesc = profileOutput + .getValueDescriptor(locale, outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); - String outputConstraint = - outputDesc.getConstraint(); - String outputValueName = - outputDesc.getDescription(locale); + String outputConstraint = outputDesc + .getConstraint(); + String outputValueName = outputDesc + .getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue( - outputName, - locale, req); + outputName, locale, req); } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet: " + - e.toString()); + CMS.debug("ProfileSubmitServlet: " + + e.toString()); } outputset.set(ARG_OUTPUT_ID, outputName); outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax); outputset.set(ARG_OUTPUT_CONSTRAINT, - outputConstraint); + outputConstraint); outputset.set(ARG_OUTPUT_NAME, outputValueName); outputset.set(ARG_OUTPUT_VAL, outputValue); outputlist.add(outputset); @@ -746,42 +744,37 @@ public class ProfileProcessServlet extends ProfileServlet { args.set(ARG_OUTPUT_LIST, outputlist); // retrieve the certificate - X509CertImpl theCert = req.getExtDataInCert( - IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl theCert = req + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue(theCert)); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue(theCert)); audit(auditMessage); } catch (EProfileException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute."); throw new EProfileException(eAudit1.toString()); - } } - protected void updateValues(ServletRequest request, IRequest req, - IRequestQueue queue, IProfile profile, Locale locale) - throws ERejectException, EDeferException, EPropertyException { + protected void updateValues(ServletRequest request, IRequest req, + IRequestQueue queue, IProfile profile, Locale locale) + throws ERejectException, EDeferException, EPropertyException { String profileSetId = req.getExtDataInString("profileSetId"); Enumeration policies = profile.getProfilePolicies(profileSetId); @@ -813,17 +806,16 @@ public class ProfileProcessServlet extends ProfileServlet { } } - protected void validate(Locale locale, int count, - IProfilePolicy policy, IRequest req, ServletRequest request) - throws ERejectException, EDeferException { + protected void validate(Locale locale, int count, IProfilePolicy policy, + IRequest req, ServletRequest request) throws ERejectException, + EDeferException { IPolicyConstraint con = policy.getConstraint(); con.validate(req); } - protected void setValue(Locale locale, int count, - IProfilePolicy policy, IRequest req, ServletRequest request) - throws EPropertyException { + protected void setValue(Locale locale, int count, IProfilePolicy policy, + IRequest req, ServletRequest request) throws EPropertyException { // handle default policy IPolicyDefault def = policy.getDefault(); Enumeration defNames = def.getValueNames(); @@ -838,11 +830,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -868,11 +860,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Value - * - * This method is called to obtain the "reason" for - * a signed audit log message. + * + * This method is called to obtain the "reason" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return reason string containing the signed audit log message reason */ @@ -886,8 +878,8 @@ public class ProfileProcessServlet extends ProfileServlet { if (request != null) { // overwrite "reason" if and only if "info" != null - String info = - request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); + String info = request + .getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON); if (info != null) { reason = info.trim(); @@ -904,11 +896,11 @@ public class ProfileProcessServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -941,7 +933,7 @@ public class ProfileProcessServlet extends ProfileServlet { // extract all line separators from the "base64Data" StringBuffer sb = new StringBuffer(); for (int i = 0; i < base64Data.length(); i++) { - if (!Character.isWhitespace(base64Data.charAt(i))) { + if (!Character.isWhitespace(base64Data.charAt(i))) { sb.append(base64Data.charAt(i)); } } @@ -961,4 +953,3 @@ public class ProfileProcessServlet extends ProfileServlet { } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java index 00840dd8..433dfdd7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; import java.util.Random; @@ -54,10 +53,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet allows reviewing of profile-based request. - * + * * @version $Revision$, $Date$ */ public class ProfileReviewServlet extends ProfileServlet { @@ -69,7 +67,7 @@ public class ProfileReviewServlet extends ProfileServlet { private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; private Random mRandom = null; private Nonces mNonces = null; @@ -79,7 +77,7 @@ public class ProfileReviewServlet extends ProfileServlet { /** * initialize the servlet. This servlet uses the template file * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -101,7 +99,7 @@ public class ProfileReviewServlet extends ProfileServlet { * <ul> * <li>http.param requestId the ID of the profile to review * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -120,32 +118,33 @@ public class ProfileReviewServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ReviewReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); return; - } + } } AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; } @@ -157,14 +156,14 @@ public class ProfileReviewServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) CMS + .getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileReviewServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -173,22 +172,22 @@ public class ProfileReviewServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId + - " not found"); + CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileReviewServlet: Request Queue of " + - mAuthorityId + " not found"); + CMS.debug("ProfileReviewServlet: Request Queue of " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -201,8 +200,8 @@ public class ProfileReviewServlet extends ProfileServlet { req = queue.findRequest(new RequestId(requestId)); } catch (EBaseException e) { // request not found - CMS.debug("ProfileReviewServlet: request not found requestId=" + - requestId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: request not found requestId=" + + requestId + " " + e.toString()); } if (req == null) { args.set(ARG_ERROR_CODE, "1"); @@ -214,16 +213,17 @@ public class ProfileReviewServlet extends ProfileServlet { String profileId = req.getExtDataInString("profileId"); - CMS.debug("ProfileReviewServlet: requestId=" + - requestId + " profileId=" + profileId); + CMS.debug("ProfileReviewServlet: requestId=" + requestId + + " profileId=" + profileId); IProfile profile = null; try { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileReviewServlet: profile not found requestId=" + - requestId + " profileId=" + profileId + " " + e.toString()); + CMS.debug("ProfileReviewServlet: profile not found requestId=" + + requestId + " profileId=" + profileId + " " + + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -232,27 +232,26 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + String profileSetId = req.getExtDataInString("profileSetId"); CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId); - Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)? - profile.getProfilePolicyIds(profileSetId): null; + Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ? profile + .getProfilePolicyIds(profileSetId) : null; int count = 0; ArgList list = new ArgList(); if (policyIds != null) { - while (policyIds.hasMoreElements()) { + while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(req.getExtDataInString("profileSetId"), - id); + IProfilePolicy policy = (IProfilePolicy) profile + .getProfilePolicy( + req.getExtDataInString("profileSetId"), id); // (3) query all the profile policies // (4) default plugins convert request parameters into string - // http parameters - handlePolicy(list, response, locale, - id, policy, req); + // http parameters + handlePolicy(list, response, locale, id, policy, req); count++; } } @@ -269,34 +268,33 @@ public class ProfileReviewServlet extends ProfileServlet { args.set(ARG_REQUEST_TYPE, req.getRequestType()); args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString()); if (req.getRequestOwner() == null) { - args.set(ARG_REQUEST_OWNER, ""); + args.set(ARG_REQUEST_OWNER, ""); } else { - args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); + args.set(ARG_REQUEST_OWNER, req.getRequestOwner()); } args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString()); - args.set(ARG_REQUEST_MODIFICATION_TIME, - req.getModificationTime().toString()); + args.set(ARG_REQUEST_MODIFICATION_TIME, req.getModificationTime() + .toString()); args.set(ARG_PROFILE_ID, profileId); - args.set(ARG_PROFILE_APPROVED_BY, - req.getExtDataInString("profileApprovedBy")); + args.set(ARG_PROFILE_APPROVED_BY, + req.getExtDataInString("profileApprovedBy")); args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId")); if (profile.isVisible()) { - args.set(ARG_PROFILE_IS_VISIBLE, "true"); + args.set(ARG_PROFILE_IS_VISIBLE, "true"); } else { - args.set(ARG_PROFILE_IS_VISIBLE, "false"); + args.set(ARG_PROFILE_IS_VISIBLE, "false"); } args.set(ARG_PROFILE_NAME, profile.getName(locale)); args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_REMOTE_HOST, - req.getExtDataInString("profileRemoteHost")); - args.set(ARG_PROFILE_REMOTE_ADDR, - req.getExtDataInString("profileRemoteAddr")); + args.set(ARG_PROFILE_REMOTE_HOST, + req.getExtDataInString("profileRemoteHost")); + args.set(ARG_PROFILE_REMOTE_ADDR, + req.getExtDataInString("profileRemoteAddr")); if (req.getExtDataInString("requestNotes") == null) { args.set(ARG_REQUEST_NOTES, ""); } else { - args.set(ARG_REQUEST_NOTES, - req.getExtDataInString("requestNotes")); + args.set(ARG_REQUEST_NOTES, req.getExtDataInString("requestNotes")); } args.set(ARG_RECORD, list); @@ -322,17 +320,20 @@ public class ProfileReviewServlet extends ProfileServlet { ArgSet inputset = new ArgSet(); String inputName = (String) inputNames.nextElement(); - IDescriptor inputDesc = profileInput.getValueDescriptor(locale, inputName); + IDescriptor inputDesc = profileInput + .getValueDescriptor(locale, inputName); if (inputDesc == null) continue; String inputSyntax = inputDesc.getSyntax(); String inputConstraint = inputDesc.getConstraint(); - String inputValueName = inputDesc.getDescription(locale); + String inputValueName = inputDesc + .getDescription(locale); String inputValue = null; try { - inputValue = profileInput.getValue(inputName, locale, req); + inputValue = profileInput.getValue(inputName, + locale, req); } catch (EBaseException e) { CMS.debug("ProfileReviewServlet: " + e.toString()); } @@ -357,32 +358,31 @@ public class ProfileReviewServlet extends ProfileServlet { if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile.getProfileOutput(outputId - ); + IProfileOutput profileOutput = profile + .getProfileOutput(outputId); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); - String outputName = (String) outputNames.nextElement - (); - IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); + String outputName = (String) outputNames.nextElement(); + IDescriptor outputDesc = profileOutput + .getValueDescriptor(locale, outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = outputDesc.getConstraint(); - String outputValueName = outputDesc.getDescription(locale); + String outputValueName = outputDesc + .getDescription(locale); String outputValue = null; try { outputValue = profileOutput.getValue(outputName, - locale, req); + locale, req); } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet: " + e.toString( - )); + CMS.debug("ProfileSubmitServlet: " + e.toString()); } outputset.set(ARG_OUTPUT_ID, outputName); @@ -401,9 +401,8 @@ public class ProfileReviewServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy, - IRequest req) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy, IRequest req) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java index 813af8f6..92aedb85 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.util.Enumeration; import java.util.Locale; @@ -48,10 +47,9 @@ import com.netscape.certsrv.template.ArgList; import com.netscape.certsrv.template.ArgSet; import com.netscape.cms.servlet.common.CMSRequest; - /** * Retrieve detailed information of a particular profile. - * + * * @version $Revision$, $Date$ */ public class ProfileSelectServlet extends ProfileServlet { @@ -61,7 +59,7 @@ public class ProfileSelectServlet extends ProfileServlet { */ private static final long serialVersionUID = -3765390650830903602L; private static final String PROP_AUTHORITY_ID = "authorityId"; - private String mAuthorityId = null; + private String mAuthorityId = null; public ProfileSelectServlet() { } @@ -76,7 +74,7 @@ public class ProfileSelectServlet extends ProfileServlet { * <ul> * <li>http.param profileId the id of the profile to select * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -96,10 +94,11 @@ public class ProfileSelectServlet extends ProfileServlet { } catch (EBaseException e) { CMS.debug("ProcessReqServlet: " + e.toString()); log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); return; } @@ -108,20 +107,20 @@ public class ProfileSelectServlet extends ProfileServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); return; } @@ -133,14 +132,14 @@ public class ProfileSelectServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) CMS + .getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSelectServlet: ProfileSubsystem not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -149,22 +148,22 @@ public class ProfileSelectServlet extends ProfileServlet { IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId + - " not found"); + CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileSelectServlet: Request Queue of " + - mAuthorityId + " not found"); + CMS.debug("ProfileSelectServlet: Request Queue of " + mAuthorityId + + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -179,8 +178,8 @@ public class ProfileSelectServlet extends ProfileServlet { profile = ps.getProfile(profileId); } catch (EProfileException e) { // profile not found - CMS.debug("ProfileSelectServlet: profile not found profileId=" + - profileId + " " + e.toString()); + CMS.debug("ProfileSelectServlet: profile not found profileId=" + + profileId + " " + e.toString()); } if (profile == null) { args.set(ARG_ERROR_CODE, "1"); @@ -189,7 +188,7 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); return; } - + ArgList setlist = new ArgList(); Enumeration policySetIds = profile.getProfilePolicySetIds(); @@ -203,14 +202,14 @@ public class ProfileSelectServlet extends ProfileServlet { if (policyIds != null) { while (policyIds.hasMoreElements()) { String id = (String) policyIds.nextElement(); - IProfilePolicy policy = (IProfilePolicy) - profile.getProfilePolicy(setId, id); + IProfilePolicy policy = (IProfilePolicy) profile + .getProfilePolicy(setId, id); // (3) query all the profile policies - // (4) default plugins convert request parameters into string - // http parameters - handlePolicy(list, response, locale, - id, policy); + // (4) default plugins convert request parameters into + // string + // http parameters + handlePolicy(list, response, locale, id, policy); } } ArgSet setArg = new ArgSet(); @@ -224,29 +223,31 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_PROFILE_ID, profileId); args.set(ARG_PROFILE_IS_ENABLED, - Boolean.toString(ps.isProfileEnable(profileId))); + Boolean.toString(ps.isProfileEnable(profileId))); args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId)); args.set(ARG_PROFILE_NAME, profile.getName(locale)); - args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); - args.set(ARG_PROFILE_IS_VISIBLE, - Boolean.toString(profile.isVisible())); + args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); + args.set(ARG_PROFILE_IS_VISIBLE, Boolean.toString(profile.isVisible())); args.set(ARG_ERROR_CODE, "0"); args.set(ARG_ERROR_REASON, ""); try { - boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false); - if (keyArchivalEnabled == true) { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); - - // output transport certificate if present - args.set("transportCert", - CMS.getConfigStore().getString("ca.connector.KRA.transportCert", "")); - } else { - CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); - args.set("transportCert", ""); - } + boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean( + "ca.connector.KRA.enable", false); + if (keyArchivalEnabled == true) { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true"); + + // output transport certificate if present + args.set( + "transportCert", + CMS.getConfigStore().getString( + "ca.connector.KRA.transportCert", "")); + } else { + CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false"); + args.set("transportCert", ""); + } } catch (EBaseException e) { - CMS.debug("ProfileSelectServlet: exception caught:"+e.toString()); + CMS.debug("ProfileSelectServlet: exception caught:" + e.toString()); } // build authentication @@ -259,7 +260,7 @@ public class ProfileSelectServlet extends ProfileServlet { // authenticator not installed correctly args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", + "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", profile.getAuthenticatorId())); outputTemplate(request, response, args); return; @@ -272,8 +273,8 @@ public class ProfileSelectServlet extends ProfileServlet { while (authNames.hasMoreElements()) { ArgSet authset = new ArgSet(); String authName = (String) authNames.nextElement(); - IDescriptor authDesc = - authenticator.getValueDescriptor(locale, authName); + IDescriptor authDesc = authenticator.getValueDescriptor( + locale, authName); if (authDesc == null) continue; @@ -291,8 +292,8 @@ public class ProfileSelectServlet extends ProfileServlet { args.set(ARG_AUTH_LIST, authlist); args.set(ARG_AUTH_NAME, authenticator.getName(locale)); args.set(ARG_AUTH_DESC, authenticator.getText(locale)); - args.set(ARG_AUTH_IS_SSL, - Boolean.toString(authenticator.isSSLClientRequired())); + args.set(ARG_AUTH_IS_SSL, + Boolean.toString(authenticator.isSSLClientRequired())); } // build input list @@ -309,10 +310,10 @@ public class ProfileSelectServlet extends ProfileServlet { ArgSet inputpluginset = new ArgSet(); inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId); - inputpluginset.set(ARG_INPUT_PLUGIN_NAME, - profileInput.getName(locale)); - inputpluginset.set(ARG_INPUT_PLUGIN_DESC, - profileInput.getText(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_NAME, + profileInput.getName(locale)); + inputpluginset.set(ARG_INPUT_PLUGIN_DESC, + profileInput.getText(locale)); inputPluginlist.add(inputpluginset); Enumeration inputNames = profileInput.getValueNames(); @@ -320,15 +321,17 @@ public class ProfileSelectServlet extends ProfileServlet { if (inputNames != null) { while (inputNames.hasMoreElements()) { ArgSet inputset = new ArgSet(); - String inputName = (String) inputNames.nextElement(); - IDescriptor inputDesc = profileInput.getValueDescriptor( - locale, inputName); + String inputName = (String) inputNames + .nextElement(); + IDescriptor inputDesc = profileInput + .getValueDescriptor(locale, inputName); if (inputDesc == null) continue; String inputSyntax = inputDesc.getSyntax(); String inputConstraint = inputDesc.getConstraint(); - String inputValueName = inputDesc.getDescription(locale); + String inputValueName = inputDesc + .getDescription(locale); String inputValue = null; inputset.set(ARG_INPUT_PLUGIN_ID, inputId); @@ -352,8 +355,8 @@ public class ProfileSelectServlet extends ProfileServlet { outputTemplate(request, response, args); } - private void handlePolicy(ArgList list, ServletResponse response, - Locale locale, String id, IProfilePolicy policy) { + private void handlePolicy(ArgList list, ServletResponse response, + Locale locale, String id, IProfilePolicy policy) { ArgSet set = new ArgSet(); set.set(ARG_POLICY_ID, id); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java index 46f3797d..a5f1c6c7 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.FileReader; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.base.UserInfo; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cms.servlet.common.Utils; - /** * This servlet is the base class of all profile servlets. - * + * * @version $Revision$, $Date$ */ public class ProfileServlet extends CMSServlet { @@ -67,12 +65,9 @@ public class ProfileServlet extends CMSServlet { public final static String ARG_REQUEST_ID = "requestId"; public final static String ARG_REQUEST_TYPE = "requestType"; public final static String ARG_REQUEST_STATUS = "requestStatus"; - public final static String ARG_REQUEST_OWNER = - "requestOwner"; - public final static String ARG_REQUEST_CREATION_TIME = - "requestCreationTime"; - public final static String ARG_REQUEST_MODIFICATION_TIME = - "requestModificationTime"; + public final static String ARG_REQUEST_OWNER = "requestOwner"; + public final static String ARG_REQUEST_CREATION_TIME = "requestCreationTime"; + public final static String ARG_REQUEST_MODIFICATION_TIME = "requestModificationTime"; public final static String ARG_REQUEST_NONCE = "nonce"; public final static String ARG_AUTH_ID = "authId"; @@ -166,18 +161,18 @@ public class ProfileServlet extends CMSServlet { super(); } - /** - * initialize the servlet. Servlets implementing this method - * must specify the template to use as a parameter called - * "templatePath" in the servletConfig - * + /** + * initialize the servlet. Servlets implementing this method must specify + * the template to use as a parameter called "templatePath" in the + * servletConfig + * * @param sc servlet configuration, read from the web.xml file */ - public void init(ServletConfig sc) throws ServletException { + public void init(ServletConfig sc) throws ServletException { super.init(sc); mTemplate = sc.getServletContext().getRealPath( - sc.getInitParameter(PROP_TEMPLATE)); + sc.getInitParameter(PROP_TEMPLATE)); mGetClientCert = sc.getInitParameter(PROP_CLIENTAUTH); mAuthMgr = sc.getInitParameter(PROP_AUTHMGR); mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ); @@ -193,47 +188,44 @@ public class ProfileServlet extends CMSServlet { } } - protected String escapeXML(String v) - { - if (v == null) { - return ""; - } - v = v.replaceAll("&", "&"); - return v; + protected String escapeXML(String v) { + if (v == null) { + return ""; + } + v = v.replaceAll("&", "&"); + return v; } - protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) - { - ps.println("<" + name + ">"); - if (v != null) { - if (v instanceof ArgList) { - ArgList list = (ArgList)v; - ps.println("<list>"); - for (int i = 0; i < list.size(); i++) { - outputArgValueAsXML(ps, name, list.get(i)); - } - ps.println("</list>"); - } else if (v instanceof ArgString) { - ArgString str = (ArgString)v; - ps.println(escapeXML(str.getValue())); - } else if (v instanceof ArgSet) { - ArgSet set = (ArgSet)v; - ps.println("<set>"); - Enumeration names = set.getNames(); - while (names.hasMoreElements()) { - String n = (String)names.nextElement(); + protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) { + ps.println("<" + name + ">"); + if (v != null) { + if (v instanceof ArgList) { + ArgList list = (ArgList) v; + ps.println("<list>"); + for (int i = 0; i < list.size(); i++) { + outputArgValueAsXML(ps, name, list.get(i)); + } + ps.println("</list>"); + } else if (v instanceof ArgString) { + ArgString str = (ArgString) v; + ps.println(escapeXML(str.getValue())); + } else if (v instanceof ArgSet) { + ArgSet set = (ArgSet) v; + ps.println("<set>"); + Enumeration names = set.getNames(); + while (names.hasMoreElements()) { + String n = (String) names.nextElement(); outputArgValueAsXML(ps, n, set.get(n)); - } - ps.println("</set>"); - } else { - ps.println(v); - } + } + ps.println("</set>"); + } else { + ps.println(v); } - ps.println("</" + name + ">"); + } + ps.println("</" + name + ">"); } - protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) - { + protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) { PrintStream ps = new PrintStream(bos); ps.println("<xml>"); outputArgValueAsXML(ps, "output", args); @@ -241,9 +233,8 @@ public class ProfileServlet extends CMSServlet { ps.flush(); } - public void outputTemplate(HttpServletRequest request, - HttpServletResponse response, ArgSet args) - throws EBaseException { + public void outputTemplate(HttpServletRequest request, + HttpServletResponse response, ArgSet args) throws EBaseException { String xmlOutput = request.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { @@ -251,32 +242,30 @@ public class ProfileServlet extends CMSServlet { ByteArrayOutputStream bos = new ByteArrayOutputStream(); outputThisAsXML(bos, args); try { - response.setContentLength(bos.size()); - bos.writeTo(response.getOutputStream()); + response.setContentLength(bos.size()); + bos.writeTo(response.getOutputStream()); } catch (Exception e) { CMS.debug("outputTemplate error " + e); } return; } - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("output_template"); + statsSub.startTiming("output_template"); } BufferedReader reader = null; try { - reader = new BufferedReader( - new FileReader(mTemplate)); + reader = new BufferedReader(new FileReader(mTemplate)); response.setContentType("text/html; charset=UTF-8"); PrintWriter writer = response.getWriter(); - // output template String line = null; do { - line = reader.readLine(); + line = reader.readLine(); if (line != null) { if (line.indexOf("<CMS_TEMPLATE>") == -1) { writer.println(line); @@ -287,21 +276,20 @@ public class ProfileServlet extends CMSServlet { writer.println("</script>"); } } - } - while (line != null); + } while (line != null); reader.close(); } catch (IOException e) { - CMS.debug(e); - throw new EBaseException(e.toString()); + CMS.debug(e); + throw new EBaseException(e.toString()); } finally { - if (statsSub != null) { - statsSub.endTiming("output_template"); - } + if (statsSub != null) { + statsSub.endTiming("output_template"); + } } } protected void outputArgList(PrintWriter writer, String name, ArgList list) - throws IOException { + throws IOException { String h_name = null; @@ -311,7 +299,7 @@ public class ProfileServlet extends CMSServlet { h_name = name.substring(name.indexOf('.') + 1); } writer.println(name + "Set = new Array;"); - // writer.println(h_name + "Count = 0;"); + // writer.println(h_name + "Count = 0;"); for (int i = 0; i < list.size(); i++) { writer.println(h_name + " = new Object;"); @@ -342,27 +330,29 @@ public class ProfileServlet extends CMSServlet { char c = in[i]; /* presumably this gives better performance */ - if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { + if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) { out[j++] = c; continue; } /* some inputs are coming in as '\' and 'n' */ /* see BZ 500736 for details */ - if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || - in[i+1] == '<' || in[i+1] == '>' || - in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && - (in[i+3] == 'c' || in[i+3] == 'e')) { + if ((c == 0x5c) + && ((i + 1) < l) + && (in[i + 1] == 'n' || in[i + 1] == 'r' + || in[i + 1] == 'f' || in[i + 1] == 't' + || in[i + 1] == '<' || in[i + 1] == '>' + || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) { + if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' + && (in[i + 3] == 'c' || in[i + 3] == 'e')) { out[j++] = '\\'; - out[j++] = in[i+1]; - out[j++] = in[i+2]; - out[j++] = in[i+3]; + out[j++] = in[i + 1]; + out[j++] = in[i + 2]; + out[j++] = in[i + 3]; i += 3; - } else { + } else { out[j++] = '\\'; - out[j++] = in[i+1]; + out[j++] = in[i + 1]; i++; } continue; @@ -420,19 +410,19 @@ public class ProfileServlet extends CMSServlet { return new String(out, 0, j); } - protected void outputArgString(PrintWriter writer, String name, ArgString str) - throws IOException { + protected void outputArgString(PrintWriter writer, String name, + ArgString str) throws IOException { String s = str.getValue(); // sub \n with "\n" if (s != null) { - s = escapeJavaScriptString(s); + s = escapeJavaScriptString(s); } writer.println(name + "=\"" + s + "\";"); } protected void outputArgSet(PrintWriter writer, String name, ArgSet set) - throws IOException { + throws IOException { Enumeration e = set.getNames(); while (e.hasMoreElements()) { @@ -456,7 +446,7 @@ public class ProfileServlet extends CMSServlet { } protected void outputData(PrintWriter writer, ArgSet set) - throws IOException { + throws IOException { if (set == null) return; Enumeration e = set.getNames(); @@ -485,13 +475,12 @@ public class ProfileServlet extends CMSServlet { * log according to authority category. */ protected void log(int event, int level, String msg) { - mLogger.log(event, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(event, mLogCategory, level, "Servlet " + mId + ": " + msg); } protected void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, - "Servlet " + mId + ": " + msg); + mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, "Servlet " + mId + + ": " + msg); } /** @@ -506,14 +495,12 @@ public class ProfileServlet extends CMSServlet { locale = Locale.getDefault(); } else { locale = new Locale(UserInfo.getUserLanguage(lang), - UserInfo.getUserCountry(lang)); + UserInfo.getUserCountry(lang)); } return locale; } - protected void renderResult(CMSRequest cmsReq) - throws IOException { + protected void renderResult(CMSRequest cmsReq) throws IOException { // do nothing } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index b00b13a9..d24f7332 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.io.InputStream; import java.io.OutputStream; import java.security.cert.CertificateEncodingException; @@ -65,10 +64,9 @@ import com.netscape.cms.servlet.common.AuthCredentials; import com.netscape.cms.servlet.common.CMCOutputTemplate; import com.netscape.cms.servlet.common.CMSRequest; - /** * This servlet submits end-user request into the profile framework. - * + * * @version $Revision$, $Date$ */ public class ProfileSubmitCMCServlet extends ProfileServlet { @@ -89,27 +87,24 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { private String requestBinary = null; private String requestB64 = null; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated profile cert request rejection: " + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { + + /* 0 */"automated profile cert request rejection: " + "indeterminate reason for inability to process " - + "cert request due to an EBaseException" - }; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + + "cert request due to an EBaseException" }; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; public ProfileSubmitCMCServlet() { } /** - * initialize the servlet. And instance of this servlet can - * be set up to always issue certificates against a certain profile - * by setting the 'profileId' configuration in the servletConfig - * If not, the user must specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can be set up to + * always issue certificates against a certain profile by setting the + * 'profileId' configuration in the servletConfig If not, the user must + * specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -120,7 +115,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { mRenderResult = false; } - private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) { + private void setInputsIntoContext(HttpServletRequest request, + IProfile profile, IProfileContext ctx) { // passing inputs into context Enumeration inputIds = profile.getProfileInputIds(); @@ -143,7 +139,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { + private void setCredentialsIntoContext(HttpServletRequest request, + IProfileAuthenticator authenticator, IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { @@ -158,7 +155,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -177,19 +174,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - private void setInputsIntoRequest(HttpServletRequest request, IProfile -profile, IRequest req) { + private void setInputsIntoRequest(HttpServletRequest request, + IProfile profile, IRequest req) { Enumeration inputIds = profile.getProfileInputIds(); if (inputIds != null) { @@ -203,7 +200,8 @@ profile, IRequest req) { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - req.setExtData(inputName, request.getParameter(inputName)); + req.setExtData(inputName, + request.getParameter(inputName)); } } } @@ -216,7 +214,7 @@ profile, IRequest req) { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -224,6 +222,7 @@ profile, IRequest req) { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -233,8 +232,8 @@ profile, IRequest req) { Locale locale = getLocale(request); ArgSet args = new ArgSet(); - String cert_request_type = - mServletConfig.getInitParameter("cert_request_type"); + String cert_request_type = mServletConfig + .getInitParameter("cert_request_type"); String outputFormat = mServletConfig.getInitParameter("outputFormat"); int reqlen = request.getContentLength(); @@ -268,30 +267,30 @@ profile, IRequest req) { while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( paramName.startsWith("__") || - paramName.endsWith("password") || - paramName.endsWith("passwd") || - paramName.endsWith("pwd") || - paramName.equalsIgnoreCase("admin_password_again") || - paramName.equalsIgnoreCase("directoryManagerPwd") || - paramName.equalsIgnoreCase("bindpassword") || - paramName.equalsIgnoreCase("bindpwd") || - paramName.equalsIgnoreCase("passwd") || - paramName.equalsIgnoreCase("password") || - paramName.equalsIgnoreCase("pin") || - paramName.equalsIgnoreCase("pwd") || - paramName.equalsIgnoreCase("pwdagain") || - paramName.equalsIgnoreCase("uPasswd") ) { - CMS.debug("ProfileSubmitCMCServlet Input Parameter " + - paramName + "='(sensitive)'"); + if (paramName.startsWith("__") + || paramName.endsWith("password") + || paramName.endsWith("passwd") + || paramName.endsWith("pwd") + || paramName.equalsIgnoreCase("admin_password_again") + || paramName.equalsIgnoreCase("directoryManagerPwd") + || paramName.equalsIgnoreCase("bindpassword") + || paramName.equalsIgnoreCase("bindpwd") + || paramName.equalsIgnoreCase("passwd") + || paramName.equalsIgnoreCase("password") + || paramName.equalsIgnoreCase("pin") + || paramName.equalsIgnoreCase("pwd") + || paramName.equalsIgnoreCase("pwdagain") + || paramName.equalsIgnoreCase("uPasswd")) { + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='(sensitive)'"); } else { - CMS.debug("ProfileSubmitCMCServlet Input Parameter " + - paramName + "='" + - request.getParameter(paramName) + "'"); + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); } } CMS.debug("End of ProfileSubmitCMCServlet Input Parameters"); @@ -303,8 +302,8 @@ profile, IRequest req) { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) CMS + .getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found"); @@ -313,11 +312,12 @@ profile, IRequest req) { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + s = new UTF8String(CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -331,14 +331,14 @@ profile, IRequest req) { profileId = mProfileId; } - IProfile profile = null; + IProfile profile = null; - try { + try { CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId); - profile = ps.getProfile(profileId); - } catch (EProfileException e) { - CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + - profileId + " " + e.toString()); + profile = ps.getProfile(profileId); + } catch (EProfileException e) { + CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (profile == null) { CMCOutputTemplate template = new CMCOutputTemplate(); @@ -346,27 +346,29 @@ profile, IRequest req) { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); + s = new UTF8String(CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", profileId)); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + - " not enabled"); + CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + + " not enabled"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); + s = new UTF8String(CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", profileId)); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -386,8 +388,8 @@ profile, IRequest req) { if (authenticator == null) { CMS.debug("ProfileSubmitCMCServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitCMCServlet: authenticator " + - authenticator.getName() + " found"); + CMS.debug("ProfileSubmitCMCServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } @@ -403,39 +405,39 @@ profile, IRequest req) { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider"); - if (authenticator != null) { + if (authenticator != null) { try { authToken = authenticate(authenticator, request); // authentication success } catch (EBaseException e) { CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); - seq.addElement(new INTEGER(0)); + seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(e.toString()); + s = new UTF8String(e.toString()); } catch (Exception ee) { } - template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); - CMS.debug("ProfileSubmitCMCServlet: authentication error " + - e.toString()); + template.createFullResponseWithFailedStatus(response, seq, + OtherInfo.BAD_REQUEST, s); + CMS.debug("ProfileSubmitCMCServlet: authentication error " + + e.toString()); return; } - //authorization only makes sense when request is authenticated + // authorization only makes sense when request is authenticated AuthzToken authzToken = null; if (authToken != null) { CMS.debug("ProfileSubmitCMCServlet authToken not null"); try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "submit"); + mAuthzResourceName, "submit"); } catch (Exception e) { - CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString()); + CMS.debug("ProfileSubmitCMCServlet authorization failure: " + + e.toString()); } } @@ -446,20 +448,21 @@ profile, IRequest req) { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String("ProfileSubmitCMCServlet authorization failure"); + s = new UTF8String( + "ProfileSubmitCMCServlet authorization failure"); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } } IRequest reqs[] = null; - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // create request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -473,7 +476,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString()); @@ -482,21 +485,22 @@ profile, IRequest req) { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + s = new UTF8String(CMS.getUserMessage(locale, + "CMS_INTERNAL_ERROR")); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } - TaggedAttribute attr = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = (TaggedAttribute) (context + .get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { boolean verifyAllow = true; try { verifyAllow = CMS.getConfigStore().getBoolean( - "cmc.lraPopWitness.verify.allow", true); + "cmc.lraPopWitness.verify.allow", true); } catch (EBaseException ee) { } @@ -505,18 +509,19 @@ profile, IRequest req) { SET vals = attr.getValues(); if (vals.size() > 0) { try { - lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness) (ASN1Util.decode( + LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { - CMS.debug( - CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); + CMS.debug(CMS.getUserMessage(locale, + "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); CMCOutputTemplate template = new CMCOutputTemplate(); - template.createFullResponseWithFailedStatus(response, bodyIds, - OtherInfo.POP_FAILED, null); + template.createFullResponseWithFailedStatus(response, + bodyIds, OtherInfo.POP_FAILED, null); return; } } @@ -524,53 +529,54 @@ profile, IRequest req) { // for CMC, requests may be zero. Then check if controls exist. if (reqs == null) { - Integer nums = (Integer)(context.get("numOfControls")); + Integer nums = (Integer) (context.get("numOfControls")); CMCOutputTemplate template = new CMCOutputTemplate(); // if there is only one control GetCert, then simple response - // must be returned. + // must be returned. if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); + TaggedAttribute attr1 = (TaggedAttribute) (context + .get(OBJECT_IDENTIFIER.id_cmc_getCert)); if (attr1 != null) { template.createSimpleResponse(response, reqs); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, + cert_request_type, null); } else - template.createFullResponse(response, reqs, - cert_request_type, null); + template.createFullResponse(response, reqs, cert_request_type, + null); return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // populate request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { // adding parameters to request setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { - Enumeration tokenNames = authToken.getElements(); - while (tokenNames.hasMoreElements()) { - String tokenName = (String)tokenNames.nextElement(); - String[] vals = authToken.getInStringArray(tokenName); - if (vals != null) { - for (int i = 0; i < vals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + - tokenName + "[" + i + "]", vals[i]); - } - } else { - String val = authToken.getInString(tokenName); - if (val != null) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, - val); - } - } - } - } + Enumeration tokenNames = authToken.getElements(); + while (tokenNames.hasMoreElements()) { + String tokenName = (String) tokenNames.nextElement(); + String[] vals = authToken.getInStringArray(tokenName); + if (vals != null) { + for (int i = 0; i < vals.length; i++) { + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName + + "[" + i + "]", vals[i]); + } + } else { + String val = authToken.getInString(tokenName); + if (val != null) { + reqs[k].setExtData( + ARG_AUTH_TOKEN + "." + tokenName, val); + } + } + } + } // put profile framework parameters into the request reqs[k].setExtData(ARG_PROFILE, "true"); @@ -585,11 +591,12 @@ profile, IRequest req) { seq.addElement(new INTEGER(0)); UTF8String s = null; try { - s = new UTF8String(CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); + s = new UTF8String( + CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } @@ -598,13 +605,13 @@ profile, IRequest req) { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitCMCServlet: request " + - reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitCMCServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitCMCServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -620,12 +627,12 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.BAD_REQUEST, s); + OtherInfo.BAD_REQUEST, s); return; } catch (Throwable e) { CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); CMCOutputTemplate template = new CMCOutputTemplate(); SEQUENCE seq = new SEQUENCE(); seq.addElement(new INTEGER(0)); @@ -635,7 +642,7 @@ profile, IRequest req) { } catch (Exception ee) { } template.createFullResponseWithFailedStatus(response, seq, - OtherInfo.INTERNAL_CA_ERROR, s); + OtherInfo.INTERNAL_CA_ERROR, s); return; } } @@ -647,28 +654,28 @@ profile, IRequest req) { int responseType = 0; try { - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // submit request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// int error_codes[] = null; if (reqs != null && reqs.length > 0) - error_codes = new int[reqs.length]; + error_codes = new int[reqs.length]; for (int k = 0; k < reqs.length; k++) { try { // reset the "auditRequesterID" auditRequesterID = auditRequesterID(reqs[k]); - // print request debug if (reqs[k] != null) { - Enumeration reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = (String)reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal); + Enumeration reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = (String) reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitCMCServlet: key=$request." + + reqKey + "$ value=" + reqVal); + } } - } } profile.submit(authToken, reqs[k]); @@ -678,16 +685,16 @@ profile, IRequest req) { auditInfoCertValue = auditInfoCertValue(reqs[k]); if (auditInfoCertValue != null) { - if (!(auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { + if (!(auditInfoCertValue + .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); audit(auditMessage); } @@ -696,53 +703,50 @@ profile, IRequest req) { // return defer message to the user reqs[k].setRequestStatus(RequestStatus.PENDING); // need to notify - INotify notify = profile.getRequestQueue().getPendingNotify(); + INotify notify = profile.getRequestQueue() + .getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_DEFERRED", - e.toString()); + "CMS_PROFILE_DEFERRED", e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "3"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_REJECTED", - e.toString()); + "CMS_PROFILE_REJECTED", e.toString()); } catch (Throwable e) { // return error to the user CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString()); errorCode = "1"; errorReason = CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"); + "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { profile.getRequestQueue().updateRequest(reqs[k]); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitCMCServlet: updateRequest " + - e.toString()); + CMS.debug("ProfileSubmitCMCServlet: updateRequest " + + e.toString()); } if (errorCode != null) { if (errorCode.equals("1")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, errorReason); audit(auditMessage); } else if (errorCode.equals("2")) { @@ -752,12 +756,10 @@ profile, IRequest req) { } else if (errorCode.equals("3")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, errorReason); audit(auditMessage); } @@ -769,45 +771,47 @@ profile, IRequest req) { if (errorCode != null) { // create the CMC full enrollment response CMCOutputTemplate template = new CMCOutputTemplate(); - template.createFullResponse(response, reqs, cert_request_type, error_codes); + template.createFullResponse(response, reqs, cert_request_type, + error_codes); return; } - /////////////////////////////////////////////// - // output output list - /////////////////////////////////////////////// - - CMS.debug("ProfileSubmitCMCServlet: done serving"); - CMCOutputTemplate template = new CMCOutputTemplate(); - if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) { - - if (outputFormat != null &&outputFormat.equals("pkcs7")) { - byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); - response.setContentType("application/pkcs7-mime"); - response.setContentLength(pkcs7.length); - try { - OutputStream os = response.getOutputStream(); - os.write(pkcs7); - os.flush(); - } catch (Exception ee) { - } - return; - } - template.createSimpleResponse(response, reqs); - } else if (cert_request_type.equals("cmc")) { - Integer nums = (Integer)(context.get("numOfControls")); - if (nums != null && nums.intValue() == 1) { - TaggedAttribute attr1 = - (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert)); - if (attr1 != null) { - template.createSimpleResponse(response, reqs); - return; - } - } - template.createFullResponse(response, reqs, cert_request_type, - error_codes); - } + // ///////////////////////////////////////////// + // output output list + // ///////////////////////////////////////////// + + CMS.debug("ProfileSubmitCMCServlet: done serving"); + CMCOutputTemplate template = new CMCOutputTemplate(); + if (cert_request_type.equals("pkcs10") + || cert_request_type.equals("crmf")) { + + if (outputFormat != null && outputFormat.equals("pkcs7")) { + byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); + response.setContentType("application/pkcs7-mime"); + response.setContentLength(pkcs7.length); + try { + OutputStream os = response.getOutputStream(); + os.write(pkcs7); + os.flush(); + } catch (Exception ee) { + } + return; + } + template.createSimpleResponse(response, reqs); + } else if (cert_request_type.equals("cmc")) { + Integer nums = (Integer) (context.get("numOfControls")); + if (nums != null && nums.intValue() == 1) { + TaggedAttribute attr1 = (TaggedAttribute) (context + .get(OBJECT_IDENTIFIER.id_cmc_getCert)); + if (attr1 != null) { + template.createSimpleResponse(response, reqs); + return; + } + } + template.createFullResponse(response, reqs, cert_request_type, + error_codes); + } } finally { SessionContext.releaseContext(); } @@ -815,11 +819,11 @@ profile, IRequest req) { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -845,11 +849,11 @@ profile, IRequest req) { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ @@ -859,8 +863,8 @@ profile, IRequest req) { return null; } - X509CertImpl x509cert = request.getExtDataInCert( - IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl x509cert = request + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); if (x509cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 184a82b2..626b3578 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.profile; - import java.math.BigInteger; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -72,10 +71,9 @@ import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.xml.XMLObject; - /** * This servlet submits end-user request into the profile framework. - * + * * @author Christina Fu (renewal support) * @version $Revision$, $Date$ */ @@ -97,34 +95,27 @@ public class ProfileSubmitServlet extends ProfileServlet { private String mReqType = null; private String mAuthorityId = null; - private final static String[] - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - - /* 0 */ "automated profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to an EBaseException" - }; - private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; - + private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] { - private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = - "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; - private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = - "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; + /* 0 */"automated profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to an EBaseException" }; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4"; + private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3"; public ProfileSubmitServlet() { } /** - * initialize the servlet. And instance of this servlet can - * be set up to always issue certificates against a certain profile - * by setting the 'profileId' configuration in the servletConfig - * If not, the user must specify the profileID when submitting the request + * initialize the servlet. And instance of this servlet can be set up to + * always issue certificates against a certain profile by setting the + * 'profileId' configuration in the servletConfig If not, the user must + * specify the profileID when submitting the request * * "ImportCert.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -133,7 +124,8 @@ public class ProfileSubmitServlet extends ProfileServlet { mProfileId = sc.getInitParameter(PROP_PROFILE_ID); } - private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) { + private void setInputsIntoContext(HttpServletRequest request, + IProfile profile, IProfileContext ctx) { // passing inputs into context Enumeration inputIds = profile.getProfileInputIds(); @@ -146,9 +138,13 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // all subject name parameters start with sn_, no other input parameters do + // all subject name parameters start with sn_, no other + // input parameters do if (inputName.matches("^sn_.*")) { - ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); + ctx.set(inputName, + escapeValueRfc1779( + request.getParameter(inputName), + false).toString()); } else { ctx.set(inputName, request.getParameter(inputName)); } @@ -159,12 +155,12 @@ public class ProfileSubmitServlet extends ProfileServlet { } - /* - * fill input info from "request" to context. - * This is expected to be used by renewal where the request - * is retrieved from request record + /* + * fill input info from "request" to context. This is expected to be used by + * renewal where the request is retrieved from request record */ - private void setInputsIntoContext(IRequest request, IProfile profile, IProfileContext ctx, Locale locale) { + private void setInputsIntoContext(IRequest request, IProfile profile, + IProfileContext ctx, Locale locale) { // passing inputs into context Enumeration inputIds = profile.getProfileInputIds(); @@ -177,15 +173,19 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); String inputValue = ""; - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getting input name= " + inputName); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getting input name= " + + inputName); try { - inputValue = profileInput.getValue(inputName, locale, request); + inputValue = profileInput.getValue(inputName, locale, + request); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getvalue() failed: " + e.toString()); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getvalue() failed: " + + e.toString()); } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:" + + inputValue); ctx.set(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null"); @@ -196,9 +196,8 @@ public class ProfileSubmitServlet extends ProfileServlet { } - - - private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) { + private void setCredentialsIntoContext(HttpServletRequest request, + IProfileAuthenticator authenticator, IProfileContext ctx) { Enumeration authIds = authenticator.getValueNames(); if (authIds != null) { @@ -206,8 +205,8 @@ public class ProfileSubmitServlet extends ProfileServlet { while (authIds.hasMoreElements()) { String authName = (String) authIds.nextElement(); - CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+ - authName); + CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:" + + authName); if (request.getParameter(authName) != null) { CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request"); ctx.set(authName, request.getParameter(authName)); @@ -232,7 +231,8 @@ public class ProfileSubmitServlet extends ProfileServlet { String n = t.substring(0, i); if (n.equalsIgnoreCase("uid")) { String v = t.substring(i + 1); - CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v); + CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:" + + v); return v; } else { continue; @@ -242,70 +242,74 @@ public class ProfileSubmitServlet extends ProfileServlet { } /* - * authenticate for renewal - more to add necessary params/values - * to the session context + * authenticate for renewal - more to add necessary params/values to the + * session context */ public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request, IRequest origReq, SessionContext context) - throws EBaseException { - IAuthToken authToken = authenticate(authenticator, request); - // For renewal, fill in necessary params - if (authToken!= null) { - String ouid = origReq.getExtDataInString("auth_token.uid"); - // if the orig cert was manually approved, then there was - // no auth token uid. Try to get the uid from the cert dn - // itself, if possible - if (ouid == null) { - String sdn = (String) context.get("origSubjectDN"); - if (sdn != null) { - ouid = getUidFromDN(sdn); - if (ouid != null) - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); - } - String auid = authToken.getInString("uid"); - if (auid != null) { // not through ssl client auth - CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid); - // authenticated with uid - // put "orig_req.auth_token.uid" so that authz with - // UserOrigReqAccessEvaluator will work - if (ouid != null) { - context.put("orig_req.auth_token.uid", ouid); - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); - } - } else { // through ssl client auth? - CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); - // put in orig_req's uid - if (ouid != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken"); - authToken.set("uid", ouid); - context.put(SessionContext.USER_ID, ouid); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); -// throw new EBaseException("origReq uid not found"); - } - } - - String userdn = origReq.getExtDataInString("auth_token.userdn"); - if (userdn != null) { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken"); - authToken.set("userdn", userdn); - } else { - CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); -// throw new EBaseException("origReq userdn not found"); - } + HttpServletRequest request, IRequest origReq, SessionContext context) + throws EBaseException { + IAuthToken authToken = authenticate(authenticator, request); + // For renewal, fill in necessary params + if (authToken != null) { + String ouid = origReq.getExtDataInString("auth_token.uid"); + // if the orig cert was manually approved, then there was + // no auth token uid. Try to get the uid from the cert dn + // itself, if possible + if (ouid == null) { + String sdn = (String) context.get("origSubjectDN"); + if (sdn != null) { + ouid = getUidFromDN(sdn); + if (ouid != null) + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token"); + } + String auid = authToken.getInString("uid"); + if (auid != null) { // not through ssl client auth + CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:" + + auid); + // authenticated with uid + // put "orig_req.auth_token.uid" so that authz with + // UserOrigReqAccessEvaluator will work + if (ouid != null) { + context.put("orig_req.auth_token.uid", ouid); + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:" + + ouid); } else { - CMS.debug("ProfileSubmitServlet: renewal: authToken null"); + CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found"); } - return authToken; + } else { // through ssl client auth? + CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:"); + // put in orig_req's uid + if (ouid != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" + + ouid + ". Setting authtoken"); + authToken.set("uid", ouid); + context.put(SessionContext.USER_ID, ouid); + } else { + CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found"); + // throw new EBaseException("origReq uid not found"); + } + } + + String userdn = origReq.getExtDataInString("auth_token.userdn"); + if (userdn != null) { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:" + + userdn + ". Setting authtoken"); + authToken.set("userdn", userdn); + } else { + CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found"); + // throw new EBaseException("origReq userdn not found"); + } + } else { + CMS.debug("ProfileSubmitServlet: renewal: authToken null"); + } + return authToken; } public IAuthToken authenticate(IProfileAuthenticator authenticator, - HttpServletRequest request) throws EBaseException { + HttpServletRequest request) throws EBaseException { AuthCredentials credentials = new AuthCredentials(); // build credential @@ -323,18 +327,19 @@ public class ProfileSubmitServlet extends ProfileServlet { IAuthToken authToken = authenticator.authenticate(credentials); SessionContext sc = SessionContext.getContext(); - if (sc != null) { - sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); - String userid = authToken.getInString(IAuthToken.USER_ID); - if (userid != null) { - sc.put(SessionContext.USER_ID, userid); - } + if (sc != null) { + sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); + String userid = authToken.getInString(IAuthToken.USER_ID); + if (userid != null) { + sc.put(SessionContext.USER_ID, userid); + } } return authToken; } - private void setInputsIntoRequest(HttpServletRequest request, IProfile profile, IRequest req) { + private void setInputsIntoRequest(HttpServletRequest request, + IProfile profile, IRequest req) { Enumeration inputIds = profile.getProfileInputIds(); if (inputIds != null) { @@ -348,11 +353,17 @@ public class ProfileSubmitServlet extends ProfileServlet { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - // special characters in subject names parameters must be escaped + // special characters in subject names parameters + // must be escaped if (inputName.matches("^sn_.*")) { - req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); + req.setExtData( + inputName, + escapeValueRfc1779( + request.getParameter(inputName), + false).toString()); } else { - req.setExtData(inputName, request.getParameter(inputName)); + req.setExtData(inputName, + request.getParameter(inputName)); } } } @@ -361,12 +372,12 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - /* - * fill input info from orig request to the renew request. - * This is expected to be used by renewal where the request - * is retrieved from request record + /* + * fill input info from orig request to the renew request. This is expected + * to be used by renewal where the request is retrieved from request record */ - private void setInputsIntoRequest(IRequest request, IProfile profile, IRequest req, Locale locale) { + private void setInputsIntoRequest(IRequest request, IProfile profile, + IRequest req, Locale locale) { // passing inputs into request Enumeration inputIds = profile.getProfileInputIds(); @@ -379,15 +390,19 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); String inputValue = ""; - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getting input name= " + inputName); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getting input name= " + + inputName); try { - inputValue = profileInput.getValue(inputName, locale, request); + inputValue = profileInput.getValue(inputName, locale, + request); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getvalue() failed: " + e.toString()); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getvalue() failed: " + + e.toString()); } if (inputValue != null) { - CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue); + CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:" + + inputValue); req.setExtData(inputName, inputValue); } else { CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null"); @@ -398,13 +413,15 @@ public class ProfileSubmitServlet extends ProfileServlet { } - private void setOutputIntoArgs(IProfile profile, ArgList outputlist, Locale locale, IRequest req) { + private void setOutputIntoArgs(IProfile profile, ArgList outputlist, + Locale locale, IRequest req) { Enumeration outputIds = profile.getProfileOutputIds(); if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile.getProfileOutput(outputId); + IProfileOutput profileOutput = profile + .getProfileOutput(outputId); Enumeration outputNames = profileOutput.getValueNames(); @@ -412,19 +429,20 @@ public class ProfileSubmitServlet extends ProfileServlet { while (outputNames.hasMoreElements()) { ArgSet outputset = new ArgSet(); String outputName = (String) outputNames.nextElement(); - IDescriptor outputDesc = - profileOutput.getValueDescriptor(locale, outputName); + IDescriptor outputDesc = profileOutput + .getValueDescriptor(locale, outputName); if (outputDesc == null) continue; String outputSyntax = outputDesc.getSyntax(); String outputConstraint = outputDesc.getConstraint(); - String outputValueName = outputDesc.getDescription(locale); + String outputValueName = outputDesc + .getDescription(locale); String outputValue = null; try { - outputValue = profileOutput.getValue(outputName, - locale, req); + outputValue = profileOutput.getValue(outputName, + locale, req); } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: " + e.toString()); } @@ -446,7 +464,7 @@ public class ProfileSubmitServlet extends ProfileServlet { * <P> * * (Certificate Request Processed - either an automated "EE" profile based - * cert acceptance, or an automated "EE" profile based cert rejection) + * cert acceptance, or an automated "EE" profile based cert rejection) * <P> * * <ul> @@ -454,6 +472,7 @@ public class ProfileSubmitServlet extends ProfileServlet { * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq the object holding the request and response information * @exception EBaseException an error has occurred */ @@ -476,9 +495,9 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("xmlOutput false"); } - IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); + IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats"); if (statsSub != null) { - statsSub.startTiming("enrollment", true /* main action */); + statsSub.startTiming("enrollment", true /* main action */); } long startTime = CMS.getCurrentDate().getTime(); @@ -492,30 +511,30 @@ public class ProfileSubmitServlet extends ProfileServlet { while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( paramName.startsWith("__") || - paramName.endsWith("password") || - paramName.endsWith("passwd") || - paramName.endsWith("pwd") || - paramName.equalsIgnoreCase("admin_password_again") || - paramName.equalsIgnoreCase("directoryManagerPwd") || - paramName.equalsIgnoreCase("bindpassword") || - paramName.equalsIgnoreCase("bindpwd") || - paramName.equalsIgnoreCase("passwd") || - paramName.equalsIgnoreCase("password") || - paramName.equalsIgnoreCase("pin") || - paramName.equalsIgnoreCase("pwd") || - paramName.equalsIgnoreCase("pwdagain") || - paramName.equalsIgnoreCase("uPasswd") ) { - CMS.debug("ProfileSubmitServlet Input Parameter " + - paramName + "='(sensitive)'"); + if (paramName.startsWith("__") + || paramName.endsWith("password") + || paramName.endsWith("passwd") + || paramName.endsWith("pwd") + || paramName.equalsIgnoreCase("admin_password_again") + || paramName.equalsIgnoreCase("directoryManagerPwd") + || paramName.equalsIgnoreCase("bindpassword") + || paramName.equalsIgnoreCase("bindpwd") + || paramName.equalsIgnoreCase("passwd") + || paramName.equalsIgnoreCase("password") + || paramName.equalsIgnoreCase("pin") + || paramName.equalsIgnoreCase("pwd") + || paramName.equalsIgnoreCase("pwdagain") + || paramName.equalsIgnoreCase("uPasswd")) { + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='(sensitive)'"); } else { - CMS.debug("ProfileSubmitServlet Input Parameter " + - paramName + "='" + - request.getParameter(paramName) + "'"); + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); } } CMS.debug("End of ProfileSubmitServlet Input Parameters"); @@ -527,44 +546,42 @@ public class ProfileSubmitServlet extends ProfileServlet { mProfileSubId = IProfileSubsystem.ID; } CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId); - IProfileSubsystem ps = (IProfileSubsystem) - CMS.getSubsystem(mProfileSubId); + IProfileSubsystem ps = (IProfileSubsystem) CMS + .getSubsystem(mProfileSubId); if (ps == null) { CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found"); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + outputError(response, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } /* * Renewal - Renewal is retrofitted into the Profile Enrollment - * Framework. The authentication and authorization are taken from - * the renewal profile, while the input (with requests) and grace - * period constraint are taken from the original cert's request record. + * Framework. The authentication and authorization are taken from the + * renewal profile, while the input (with requests) and grace period + * constraint are taken from the original cert's request record. * - * Things to note: - * * the renew request will contain the original profile instead - * of the new - * * there is no request for system and admin certs generated at - * time of installation configuration. + * Things to note: * the renew request will contain the original profile + * instead of the new * there is no request for system and admin certs + * generated at time of installation configuration. */ String renewal = request.getParameter("renewal"); boolean isRenewal = false; - if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) { + if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) { CMS.debug("ProfileSubmitServlet: isRenewal true"); isRenewal = true; - request.setAttribute("reqType", (Object)"renewal"); + request.setAttribute("reqType", (Object) "renewal"); } else { CMS.debug("ProfileSubmitServlet: isRenewal false"); } @@ -592,25 +609,25 @@ public class ProfileSubmitServlet extends ProfileServlet { if (isRenewal) { // dig up the original request to "clone" renewProfileId = profileId; - CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId); + CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId); IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId); if (authority == null) { - CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId + - " not found"); + CMS.debug("ProfileSubmitServlet: renewal: Authority " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } IRequestQueue queue = authority.getRequestQueue(); if (queue == null) { - CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " + - mAuthorityId + " not found"); + CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " + + mAuthorityId + " not found"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -618,7 +635,7 @@ public class ProfileSubmitServlet extends ProfileServlet { String serial = request.getParameter("serial_num"); BigInteger certSerial = null; // if serial number is sent with request, then the authentication - // method is not ssl client auth. In this case, an alternative + // method is not ssl client auth. In this case, an alternative // authentication method is used (default: ldap based) if (serial != null) { CMS.debug("ProfileSubmitServlet: renewal: found serial_num"); @@ -630,14 +647,15 @@ public class ProfileSubmitServlet extends ProfileServlet { // ssl client auth is to be used // this is not authentication. Just use the cert to search // for orig request and find the right profile - SSLClientCertProvider sslCCP = new SSLClientCertProvider(request); + SSLClientCertProvider sslCCP = new SSLClientCertProvider( + request); X509Certificate[] certs = sslCCP.getClientCertificateChain(); certSerial = null; if (certs == null || certs.length == 0) { CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain"); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { // has ssl client cert @@ -645,45 +663,46 @@ public class ProfileSubmitServlet extends ProfileServlet { // shouldn't expect leaf cert to be always at the // same location X509Certificate clientCert = null; - for (int i = 0; i< certs.length; i++) { + for (int i = 0; i < certs.length; i++) { clientCert = certs[i]; - byte [] extBytes = clientCert.getExtensionValue("2.5.29.19"); + byte[] extBytes = clientCert + .getExtensionValue("2.5.29.19"); // try to see if this is a leaf cert // look for BasicConstraint extension if (extBytes == null) { // found leaf cert - CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); + CMS.debug("ProfileSubmitServlet: renewal: found leaf cert"); break; } else { - CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); - // it's got BasicConstraints extension - // so it's not likely to be a leaf cert, - // however, check the isCA field regardless - try { - BasicConstraintsExtension bce = - new BasicConstraintsExtension(true, extBytes); - if (bce != null) { - if (!(Boolean)bce.get("is_ca")) { - CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); - break; - } // else found a ca cert, continue + CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext"); + // it's got BasicConstraints extension + // so it's not likely to be a leaf cert, + // however, check the isCA field regardless + try { + BasicConstraintsExtension bce = new BasicConstraintsExtension( + true, extBytes); + if (bce != null) { + if (!(Boolean) bce.get("is_ca")) { + CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain"); + break; + } // else found a ca cert, continue + } + } catch (Exception e) { + CMS.debug("ProfileSubmitServlet: renewal: exception:" + + e.toString()); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage( + locale, "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; } - } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+ - e.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; - } } } if (clientCert == null) { CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain"); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -693,10 +712,11 @@ public class ProfileSubmitServlet extends ProfileServlet { clientCert = new X509CertImpl(certEncoded); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + + e.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -705,96 +725,123 @@ public class ProfileSubmitServlet extends ProfileServlet { } } - CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:" + + certSerial.toString()); try { ICertificateRepository certDB = null; if (authority instanceof ICertificateAuthority) { - certDB = ((ICertificateAuthority) authority).getCertificateRepository(); + certDB = ((ICertificateAuthority) authority) + .getCertificateRepository(); } if (certDB == null) { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } - ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial); - if (rec == null) { - CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString()); + ICertRecord rec = (ICertRecord) certDB + .readCertificateRecord(certSerial); + if (rec == null) { + CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } else { - CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + + certSerial.toString()); // check to see if the cert is revoked or revoked_expired - if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { - CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString()); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString())); - outputTemplate(request, response, args); - return; + if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) + || (rec.getStatus() + .equals(ICertRecord.STATUS_REVOKED_EXPIRED))) { + CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + + certSerial.toString()); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_CA_CANNOT_RENEW_REVOKED_CERT", + certSerial.toString())); + outputTemplate(request, response, args); + return; } - MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO); + MetaInfo metaInfo = (MetaInfo) rec + .get(ICertRecord.ATTR_META_INFO); // note: CA's internal certs don't have request ids // so some other way needs to be done if (metaInfo != null) { - String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID); + String rid = (String) metaInfo + .get(ICertRecord.META_REQUEST_ID); if (rid != null) { origReq = queue.findRequest(new RequestId(rid)); if (origReq != null) { - CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid); + CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:" + + rid); // debug: print the extData keys Enumeration en = origReq.getExtDataKeys(); -/* - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS"); - while (en.hasMoreElements()) { - String next = (String) en.nextElement(); - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next); - } - CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS"); -*/ - String requestorE = origReq.getExtDataInString("requestor_email"); - CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE); - profileId = origReq.getExtDataInString("profileId"); + /* + * CMS.debug( + * "ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS" + * ); while (en.hasMoreElements()) { String next + * = (String) en.nextElement(); CMS.debug( + * "ProfileSubmitServlet: renewal: origRequest extdata key:" + * + next); } CMS.debug( + * "ProfileSubmitServlet: renewal: origRequest extdata key print ENDS" + * ); + */ + String requestorE = origReq + .getExtDataInString("requestor_email"); + CMS.debug("ProfileSubmitServlet: renewal original requestor email=" + + requestorE); + profileId = origReq + .getExtDataInString("profileId"); if (profileId != null) - CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId); + CMS.debug("ProfileSubmitServlet: renewal original profileId=" + + profileId); else { - CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal original profileId not found"); + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS + .getUserMessage(locale, + "CMS_INTERNAL_ERROR")); + outputTemplate(request, response, args); + return; } - origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); - - } else { //if origReq - CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid); + origSeqNum = origReq + .getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM); + + } else { // if origReq + CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + + rid); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, CMS.getUserMessage( + locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString()); - CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"+": original request not found")); - outputTemplate(request, response, args); - return; + CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + + certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists"); + args.set(ARG_ERROR_CODE, "1"); + args.set( + ARG_ERROR_REASON, + CMS.getUserMessage( + locale, + "CMS_INTERNAL_ERROR" + + ": original request not found")); + outputTemplate(request, response, args); + return; } } else { - CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString()); + CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + + certSerial.toString()); args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } @@ -802,96 +849,101 @@ public class ProfileSubmitServlet extends ProfileServlet { CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter"); X509CertImpl origCert = rec.getCertificate(); origNotAfter = origCert.getNotAfter(); - CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+ - origNotAfter.toString()); + CMS.debug("ProfileSubmitServlet: renewal: origNotAfter =" + + origNotAfter.toString()); origSubjectDN = origCert.getSubjectDN().getName(); - CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+ - origSubjectDN); + CMS.debug("ProfileSubmitServlet: renewal: orig subj dn =" + + origSubjectDN); } } catch (Exception e) { - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } } // end isRenewal - IProfile profile = null; + IProfile profile = null; IProfile renewProfile = null; - try { - profile = ps.getProfile(profileId); + try { + profile = ps.getProfile(profileId); if (isRenewal) { // in case of renew, "profile" is the orig profile // while "renewProfile" is the current profile used for renewal - renewProfile = ps.getProfile(renewProfileId); + renewProfile = ps.getProfile(renewProfileId); } - } catch (EProfileException e) { - if(profile == null) { - CMS.debug("ProfileSubmitServlet: profile not found profileId " + - profileId + " " + e.toString()); + } catch (EProfileException e) { + if (profile == null) { + CMS.debug("ProfileSubmitServlet: profile not found profileId " + + profileId + " " + e.toString()); } if (renewProfile == null) { - CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " + - renewProfileId + " " + e.toString()); + CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " + + renewProfileId + " " + e.toString()); } } if (profile == null) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId)); + outputError(response, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } return; } if (isRenewal && (renewProfile == null)) { if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputError(response, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", renewProfileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); + "CMS_PROFILE_NOT_FOUND", renewProfileId)); outputTemplate(request, response, args); } return; } if (!ps.isProfileEnable(profileId)) { - CMS.debug("ProfileSubmitServlet: Profile " + profileId + - " not enabled"); + CMS.debug("ProfileSubmitServlet: Profile " + profileId + + " not enabled"); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId)); + outputError(response, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", profileId)); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", profileId)); + "CMS_PROFILE_NOT_FOUND", profileId)); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } if (isRenewal) { - if (!ps.isProfileEnable(renewProfileId)) { - CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + - " not enabled"); - if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId)); - } else { - args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_PROFILE_NOT_FOUND", renewProfileId)); - outputTemplate(request, response, args); + if (!ps.isProfileEnable(renewProfileId)) { + CMS.debug("ProfileSubmitServlet: renewal Profile " + + renewProfileId + " not enabled"); + if (xmlOutput) { + outputError(response, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", renewProfileId)); + } else { + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_PROFILE_NOT_FOUND", renewProfileId)); + outputTemplate(request, response, args); + } + return; } - return; - } } IProfileContext ctx = profile.createContext(); @@ -908,40 +960,42 @@ public class ProfileSubmitServlet extends ProfileServlet { } } catch (EProfileException e) { // authenticator not installed correctly - CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString()); + CMS.debug("ProfileSubmitServlet: renewal: exception:" + + e.toString()); args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); return; } if (authenticator == null) { CMS.debug("ProfileSubmitServlet: authenticator not found"); } else { - CMS.debug("ProfileSubmitServlet: authenticator " + - authenticator.getName() + " found"); + CMS.debug("ProfileSubmitServlet: authenticator " + + authenticator.getName() + " found"); setCredentialsIntoContext(request, authenticator, ctx); } - // for renewal, this will override or add auth info to the profile context + // for renewal, this will override or add auth info to the profile + // context if (isRenewal) { - if (origAuthenticator!= null) { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + - origAuthenticator.getName() + " found"); - setCredentialsIntoContext(request, origAuthenticator, ctx); - } else { - CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); - } + if (origAuthenticator != null) { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + + origAuthenticator.getName() + " found"); + setCredentialsIntoContext(request, origAuthenticator, ctx); + } else { + CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found"); + } } CMS.debug("ProfileSubmistServlet: set Inputs into profile Context"); if (isRenewal) { - // for renewal, input needs to be retrieved from the orig req record + // for renewal, input needs to be retrieved from the orig req record CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context"); setInputsIntoContext(origReq, profile, ctx, locale); ctx.set(IEnrollProfile.CTX_RENEWAL, "true"); ctx.set("renewProfileId", renewProfileId); - ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); + ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); } else { setInputsIntoContext(request, profile, ctx); } @@ -955,14 +1009,13 @@ public class ProfileSubmitServlet extends ProfileServlet { SessionContext context = SessionContext.getContext(); // insert profile context so that input parameter can be retrieved - context.put("profileContext", ctx); - context.put("sslClientCertProvider", - new SSLClientCertProvider(request)); + context.put("profileContext", ctx); + context.put("sslClientCertProvider", new SSLClientCertProvider(request)); CMS.debug("ProfileSubmitServlet: set sslClientCertProvider"); if ((isRenewal == true) && (origSubjectDN != null)) - context.put("origSubjectDN", origSubjectDN); + context.put("origSubjectDN", origSubjectDN); if (statsSub != null) { - statsSub.startTiming("profile_authentication"); + statsSub.startTiming("profile_authentication"); } if (authenticator != null) { @@ -971,67 +1024,68 @@ public class ProfileSubmitServlet extends ProfileServlet { String uid_cred = "Unidentified"; String uid_attempted_cred = "Unidentified"; Enumeration authIds = authenticator.getValueNames(); - //Attempt to possibly fetch attemped uid, may not always be available. + // Attempt to possibly fetch attemped uid, may not always be + // available. if (authIds != null) { while (authIds.hasMoreElements()) { String authName = (String) authIds.nextElement(); - String value = request.getParameter(authName); + String value = request.getParameter(authName); if (value != null) { - if (authName.equals("uid")) { - uid_attempted_cred = value; - } + if (authName.equals("uid")) { + uid_attempted_cred = value; + } } } } - String authSubjectID = auditSubjectID(); + String authSubjectID = auditSubjectID(); - String authMgrID = authenticator.getName(); - String auditMessage = null; + String authMgrID = authenticator.getName(); + String auditMessage = null; try { if (isRenewal) { CMS.debug("ProfileSubmitServlet: renewal authenticate begins"); - authToken = authenticate(authenticator, request, origReq, context); + authToken = authenticate(authenticator, request, origReq, + context); CMS.debug("ProfileSubmitServlet: renewal authenticate ends"); } else { authToken = authenticate(authenticator, request); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitServlet: authentication error " + - e.toString()); + CMS.debug("ProfileSubmitServlet: authentication error " + + e.toString()); // authentication error if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR")); + outputError(response, CMS.getUserMessage(locale, + "CMS_AUTHENTICATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHENTICATION_ERROR")); + "CMS_AUTHENTICATION_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("authentication"); + statsSub.endTiming("authentication"); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } - //audit log our authentication failure + // audit log our authentication failure authSubjectID += " : " + uid_cred; auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_FAIL, - authSubjectID, - ILogger.FAILURE, - authMgrID, - uid_attempted_cred); + LOGGING_SIGNED_AUDIT_AUTH_FAIL, authSubjectID, + ILogger.FAILURE, authMgrID, uid_attempted_cred); audit(auditMessage); return; } - //Log successful authentication + // Log successful authentication - //Attempt to get uid from authToken, most tokens respond to the "uid" cred. + // Attempt to get uid from authToken, most tokens respond to the + // "uid" cred. uid_cred = authToken.getInString("uid"); if (uid_cred == null || uid_cred.length() == 0) { @@ -1039,19 +1093,16 @@ public class ProfileSubmitServlet extends ProfileServlet { } authSubjectID = authSubjectID + " : " + uid_cred; - + // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, - authSubjectID, - ILogger.SUCCESS, - authMgrID); + auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, + authSubjectID, ILogger.SUCCESS, authMgrID); audit(auditMessage); } if (statsSub != null) { - statsSub.endTiming("profile_authentication"); + statsSub.endTiming("profile_authentication"); } // authentication success @@ -1060,23 +1111,24 @@ public class ProfileSubmitServlet extends ProfileServlet { // do profile authorization String acl = null; if (isRenewal) - acl = renewProfile.getAuthzAcl(); + acl = renewProfile.getAuthzAcl(); else - acl = profile.getAuthzAcl(); - CMS.debug("ProfileSubmitServlet: authz using acl: "+acl); + acl = profile.getAuthzAcl(); + CMS.debug("ProfileSubmitServlet: authz using acl: " + acl); if (acl != null && acl.length() > 0) { try { String resource = profileId + ".authz.acl"; - AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl); + AuthzToken authzToken = authorize(mAclMethod, resource, + authToken, acl); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet authorize: "+e.toString()); + CMS.debug("ProfileSubmitServlet authorize: " + e.toString()); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + outputError(response, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_AUTHORIZATION_ERROR")); + "CMS_AUTHORIZATION_ERROR")); outputTemplate(request, response, args); } @@ -1088,11 +1140,11 @@ public class ProfileSubmitServlet extends ProfileServlet { IRequest reqs[] = null; if (statsSub != null) { - statsSub.startTiming("request_population"); + statsSub.startTiming("request_population"); } - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // create request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// try { reqs = profile.createRequests(ctx, locale); } catch (EProfileException e) { @@ -1106,50 +1158,52 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { CMS.debug(e); CMS.debug("ProfileSubmitServlet: createRequests " + e.toString()); if (xmlOutput) { - outputError(response, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); + outputError(response, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } String errorCode = null; - String errorReason = null; + String errorReason = null; - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // populate request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// for (int k = 0; k < reqs.length; k++) { boolean fromRA = false; String uid = ""; // adding parameters to request if (isRenewal) { - setInputsIntoRequest(origReq, profile, reqs[k], locale); - // set orig expiration date to be used in Validity constraint - reqs[k].setExtData("origNotAfter", - BigInteger.valueOf(origNotAfter.getTime())); - // set subjectDN to be used in subject name default - reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN); - // set request type - reqs[k].setRequestType("renewal"); + setInputsIntoRequest(origReq, profile, reqs[k], locale); + // set orig expiration date to be used in Validity constraint + reqs[k].setExtData("origNotAfter", + BigInteger.valueOf(origNotAfter.getTime())); + // set subjectDN to be used in subject name default + reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, + origSubjectDN); + // set request type + reqs[k].setRequestType("renewal"); } else - setInputsIntoRequest(request, profile, reqs[k]); + setInputsIntoRequest(request, profile, reqs[k]); // serial auth token into request if (authToken != null) { @@ -1159,19 +1213,20 @@ public class ProfileSubmitServlet extends ProfileServlet { String[] tokenVals = authToken.getInStringArray(tokenName); if (tokenVals != null) { for (int i = 0; i < tokenVals.length; i++) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + - tokenName + "[" + i + "]", tokenVals[i]); + reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName + + "[" + i + "]", tokenVals[i]); } } else { String tokenVal = authToken.getInString(tokenName); if (tokenVal != null) { - reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName, - tokenVal); + reqs[k].setExtData( + ARG_AUTH_TOKEN + "." + tokenName, tokenVal); // if RA agent, auto assign the request if (tokenName.equals("uid")) uid = tokenVal; - if (tokenName.equals("group") && - tokenVal.equals("Registration Manager Agents")) { + if (tokenName.equals("group") + && tokenVal + .equals("Registration Manager Agents")) { fromRA = true; } } @@ -1180,7 +1235,7 @@ public class ProfileSubmitServlet extends ProfileServlet { } if (fromRA) { - CMS.debug("ProfileSubmitServlet: request from RA: "+ uid); + CMS.debug("ProfileSubmitServlet: request from RA: " + uid); reqs[k].setExtData(ARG_REQUEST_OWNER, uid); } @@ -1188,7 +1243,8 @@ public class ProfileSubmitServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE, "true"); reqs[k].setExtData(ARG_PROFILE_ID, profileId); if (isRenewal) - reqs[k].setExtData(ARG_RENEWAL_PROFILE_ID, request.getParameter("profileId")); + reqs[k].setExtData(ARG_RENEWAL_PROFILE_ID, + request.getParameter("profileId")); reqs[k].setExtData(ARG_PROFILE_APPROVED_BY, profile.getApprovedBy()); String setId = profile.getPolicySetId(reqs[k]); @@ -1196,16 +1252,20 @@ public class ProfileSubmitServlet extends ProfileServlet { // no profile set found CMS.debug("ProfileSubmitServlet: no profile policy set found"); if (xmlOutput) { - outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString()); + outputError( + response, + FAILED, + CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), + reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, - CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); + args.set(ARG_ERROR_REASON, CMS + .getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } @@ -1215,13 +1275,13 @@ public class ProfileSubmitServlet extends ProfileServlet { reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost()); reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr()); - CMS.debug("ProfileSubmitServlet: request " + - reqs[k].getRequestId().toString()); + CMS.debug("ProfileSubmitServlet: request " + + reqs[k].getRequestId().toString()); try { CMS.debug("ProfileSubmitServlet: populating request inputs"); // give authenticator a chance to populate the request - if (authenticator != null) { + if (authenticator != null) { authenticator.populate(authToken, reqs[k]); } profile.populateInput(ctx, reqs[k]); @@ -1229,38 +1289,41 @@ public class ProfileSubmitServlet extends ProfileServlet { } catch (EProfileException e) { CMS.debug("ProfileSubmitServlet: populate " + e.toString()); if (xmlOutput) { - outputError(response, FAILED, e.toString(), reqs[k].getRequestId().toString()); + outputError(response, FAILED, e.toString(), reqs[k] + .getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); args.set(ARG_ERROR_REASON, e.toString()); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } catch (Throwable e) { CMS.debug("ProfileSubmitServlet: populate " + e.toString()); - // throw new IOException("Profile " + profileId + - // " cannot populate"); + // throw new IOException("Profile " + profileId + + // " cannot populate"); if (xmlOutput) { - outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k].getRequestId().toString()); + outputError(response, FAILED, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), + reqs[k].getRequestId().toString()); } else { args.set(ARG_ERROR_CODE, "1"); - args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR")); + args.set(ARG_ERROR_REASON, + CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR")); outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("request_population"); - statsSub.endTiming("enrollment"); + statsSub.endTiming("request_population"); + statsSub.endTiming("enrollment"); } return; } } if (statsSub != null) { - statsSub.endTiming("request_population"); + statsSub.endTiming("request_population"); } String auditMessage = null; @@ -1269,9 +1332,9 @@ public class ProfileSubmitServlet extends ProfileServlet { String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE; try { - /////////////////////////////////////////////// + // ///////////////////////////////////////////// // submit request - /////////////////////////////////////////////// + // ///////////////////////////////////////////// String requestIds = ""; // deliminated with double space for (int k = 0; k < reqs.length; k++) { try { @@ -1280,15 +1343,16 @@ public class ProfileSubmitServlet extends ProfileServlet { // print request debug if (reqs[k] != null) { - requestIds += " "+reqs[k].getRequestId().toString(); - Enumeration reqKeys = reqs[k].getExtDataKeys(); - while (reqKeys.hasMoreElements()) { - String reqKey = (String)reqKeys.nextElement(); - String reqVal = reqs[k].getExtDataInString(reqKey); - if (reqVal != null) { - CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal); + requestIds += " " + reqs[k].getRequestId().toString(); + Enumeration reqKeys = reqs[k].getExtDataKeys(); + while (reqKeys.hasMoreElements()) { + String reqKey = (String) reqKeys.nextElement(); + String reqVal = reqs[k].getExtDataInString(reqKey); + if (reqVal != null) { + CMS.debug("ProfileSubmitServlet: key=$request." + + reqKey + "$ value=" + reqVal); + } } - } } profile.submit(authToken, reqs[k]); @@ -1298,16 +1362,16 @@ public class ProfileSubmitServlet extends ProfileServlet { auditInfoCertValue = auditInfoCertValue(reqs[k]); if (auditInfoCertValue != null) { - if (!(auditInfoCertValue.equals( - ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { + if (!(auditInfoCertValue + .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) { // store a message in the signed audit log file - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - ILogger.SIGNED_AUDIT_ACCEPTANCE, - auditInfoCertValue); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, + ILogger.SIGNED_AUDIT_ACCEPTANCE, + auditInfoCertValue); audit(auditMessage); } @@ -1316,53 +1380,50 @@ public class ProfileSubmitServlet extends ProfileServlet { // return defer message to the user reqs[k].setRequestStatus(RequestStatus.PENDING); // need to notify - INotify notify = profile.getRequestQueue().getPendingNotify(); + INotify notify = profile.getRequestQueue() + .getPendingNotify(); if (notify != null) { - notify.notify(reqs[k]); + notify.notify(reqs[k]); } - + CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "2"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_DEFERRED", - e.toString()); + "CMS_PROFILE_DEFERRED", e.toString()); } catch (ERejectException e) { - // return error to the user + // return error to the user reqs[k].setRequestStatus(RequestStatus.REJECTED); CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "3"; errorReason = CMS.getUserMessage(locale, - "CMS_PROFILE_REJECTED", - e.toString()); + "CMS_PROFILE_REJECTED", e.toString()); } catch (Throwable e) { // return error to the user CMS.debug("ProfileSubmitServlet: submit " + e.toString()); errorCode = "1"; errorReason = CMS.getUserMessage(locale, - "CMS_INTERNAL_ERROR"); + "CMS_INTERNAL_ERROR"); } - try { + try { if (errorCode == null) { profile.getRequestQueue().markAsServiced(reqs[k]); } else { profile.getRequestQueue().updateRequest(reqs[k]); } } catch (EBaseException e) { - CMS.debug("ProfileSubmitServlet: updateRequest " + - e.toString()); + CMS.debug("ProfileSubmitServlet: updateRequest " + + e.toString()); } if (errorCode != null) { if (errorCode.equals("1")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, errorReason); audit(auditMessage); } else if (errorCode.equals("2")) { @@ -1372,12 +1433,10 @@ public class ProfileSubmitServlet extends ProfileServlet { } else if (errorCode.equals("3")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - errorReason); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, errorReason); audit(auditMessage); } @@ -1394,8 +1453,8 @@ public class ProfileSubmitServlet extends ProfileServlet { for (int k = 0; k < reqs.length; k++) { ArgSet requestset = new ArgSet(); - requestset.set(ARG_REQUEST_ID, - reqs[k].getRequestId().toString()); + requestset.set(ARG_REQUEST_ID, reqs[k].getRequestId() + .toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1404,14 +1463,14 @@ public class ProfileSubmitServlet extends ProfileServlet { outputTemplate(request, response, args); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } return; } - /////////////////////////////////////////////// - // output output list - /////////////////////////////////////////////// + // ///////////////////////////////////////////// + // output output list + // ///////////////////////////////////////////// if (xmlOutput) { xmlOutput(response, profile, locale, reqs); } else { @@ -1429,8 +1488,8 @@ public class ProfileSubmitServlet extends ProfileServlet { for (int k = 0; k < reqs.length; k++) { ArgSet requestset = new ArgSet(); - requestset.set(ARG_REQUEST_ID, - reqs[k].getRequestId().toString()); + requestset.set(ARG_REQUEST_ID, reqs[k].getRequestId() + .toString()); requestlist.add(requestset); } args.set(ARG_REQUEST_LIST, requestlist); @@ -1443,28 +1502,27 @@ public class ProfileSubmitServlet extends ProfileServlet { // store a message in the signed audit log file // (automated cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - ILogger.SIGNED_AUDIT_REJECTION, - SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + ILogger.SIGNED_AUDIT_REJECTION, + SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]); audit(auditMessage); if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } throw eAudit1; } finally { SessionContext.releaseContext(); } if (statsSub != null) { - statsSub.endTiming("enrollment"); + statsSub.endTiming("enrollment"); } } - private void xmlOutput(HttpServletResponse httpResp, IProfile profile, Locale locale, IRequest[] reqs) { + private void xmlOutput(HttpServletResponse httpResp, IProfile profile, + Locale locale, IRequest[] reqs) { try { XMLObject xmlObj = null; xmlObj = new XMLObject(); @@ -1472,51 +1530,68 @@ public class ProfileSubmitServlet extends ProfileServlet { Node root = xmlObj.createRoot("XMLResponse"); xmlObj.addItemToContainer(root, "Status", SUCCESS); Node n = xmlObj.createContainer(root, "Requests"); - CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length); + CMS.debug("ProfileSubmitServlet xmlOutput: req len = " + + reqs.length); - for (int i=0; i<reqs.length; i++) { + for (int i = 0; i < reqs.length; i++) { Node subnode = xmlObj.createContainer(n, "Request"); - xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString()); - X509CertInfo certInfo = - reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId() + .toString()); + X509CertInfo certInfo = reqs[i] + .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); if (certInfo != null) { - String subject = ""; - subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString(); - xmlObj.addItemToContainer(subnode, "SubjectDN", subject); + String subject = ""; + subject = (String) certInfo.get(X509CertInfo.SUBJECT) + .toString(); + xmlObj.addItemToContainer(subnode, "SubjectDN", subject); } else { - CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); + CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request"); } Enumeration outputIds = profile.getProfileOutputIds(); if (outputIds != null) { while (outputIds.hasMoreElements()) { String outputId = (String) outputIds.nextElement(); - IProfileOutput profileOutput = profile.getProfileOutput(outputId); + IProfileOutput profileOutput = profile + .getProfileOutput(outputId); Enumeration outputNames = profileOutput.getValueNames(); if (outputNames != null) { while (outputNames.hasMoreElements()) { - String outputName = (String) outputNames.nextElement(); - if (!outputName.equals("b64_cert") && !outputName.equals("pkcs7")) + String outputName = (String) outputNames + .nextElement(); + if (!outputName.equals("b64_cert") + && !outputName.equals("pkcs7")) continue; try { - String outputValue = profileOutput.getValue(outputName, locale, reqs[i]); + String outputValue = profileOutput + .getValue(outputName, locale, + reqs[i]); if (outputName.equals("b64_cert")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - outputValue = Cert.stripBrackets(ss); - byte[] bcode = CMS.AtoB(outputValue); - X509CertImpl impl = new X509CertImpl(bcode); - xmlObj.addItemToContainer(subnode, - "serialno", impl.getSerialNumber().toString(16)); - xmlObj.addItemToContainer(subnode, "b64", outputValue); + String ss = Cert + .normalizeCertStrAndReq(outputValue); + outputValue = Cert.stripBrackets(ss); + byte[] bcode = CMS.AtoB(outputValue); + X509CertImpl impl = new X509CertImpl( + bcode); + xmlObj.addItemToContainer(subnode, + "serialno", impl + .getSerialNumber() + .toString(16)); + xmlObj.addItemToContainer(subnode, + "b64", outputValue); }// if b64_cert else if (outputName.equals("pkcs7")) { - String ss = Cert.normalizeCertStrAndReq(outputValue); - xmlObj.addItemToContainer(subnode, "pkcs7", ss); + String ss = Cert + .normalizeCertStrAndReq(outputValue); + xmlObj.addItemToContainer(subnode, + "pkcs7", ss); } - + } catch (EProfileException e) { - CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: " + + e.toString()); } catch (Exception e) { - CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString()); + CMS.debug("ProfileSubmitServlet xmlOutput: " + + e.toString()); } } } @@ -1533,11 +1608,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Requester ID - * - * This method is called to obtain the "RequesterID" for - * a signed audit log message. + * + * This method is called to obtain the "RequesterID" for a signed audit log + * message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1563,11 +1638,11 @@ public class ProfileSubmitServlet extends ProfileServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param request request containing an X509CertImpl * @return cert string containing the certificate */ @@ -1577,8 +1652,8 @@ public class ProfileSubmitServlet extends ProfileServlet { return null; } - X509CertImpl x509cert = request.getExtDataInCert( - IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl x509cert = request + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); if (x509cert == null) { return ILogger.SIGNED_AUDIT_EMPTY_VALUE; diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java index 989710e3..4570fedd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java @@ -31,10 +31,9 @@ public class SSLClientCertProvider implements ISSLClientCertProvider { } public X509Certificate[] getClientCertificateChain() { - X509Certificate[] allCerts = (X509Certificate[]) - mRequest.getAttribute("javax.servlet.request.X509Certificate"); + X509Certificate[] allCerts = (X509Certificate[]) mRequest + .getAttribute("javax.servlet.request.X509Certificate"); return allCerts; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java index 60a8d16d..9cbae1ad 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.lang.reflect.Array; @@ -61,18 +60,15 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.RawJS; - /** * Output a 'pretty print' of a certificate request - * + * * @version $Revision$, $Date$ */ public class CertReqParser extends ReqParser { - - public static final CertReqParser - DETAIL_PARSER = new CertReqParser(true); - public static final CertReqParser - NODETAIL_PARSER = new CertReqParser(false); + + public static final CertReqParser DETAIL_PARSER = new CertReqParser(true); + public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false); private boolean mDetails = true; private IPrettyPrintFormat pp = null; @@ -86,7 +82,7 @@ public class CertReqParser extends ReqParser { /** * Constructs a certificate request parser. - * + * * @param details return detailed information (this can be time consuming) */ public CertReqParser(boolean details) { @@ -101,34 +97,34 @@ public class CertReqParser extends ReqParser { private static final String RB = "]"; private static final String EQ = " = "; - private static final String - HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB; - private static final String - HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB; - private static final String - AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB; - private static final String - SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB; + private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + + "httpParamsCount++" + RB; + private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + + LB + "httpHeadersCount++" + RB; + private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + + "authTokenCount++" + RB; + private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + + LB + "serverAttrsCount++" + RB; /** * Fills in certificate specific request attributes. */ - public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + public void fillRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) { - fillX509RequestIntoArg(l, req, argSet, arg); + fillX509RequestIntoArg(l, req, argSet, arg); } else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) { - fillRevokeRequestIntoArg(l, req, argSet, arg); + fillRevokeRequestIntoArg(l, req, argSet, arg); } else { - //o = req.get(IRequest.OLD_CERTS); - //if (o != null) - fillRevokeRequestIntoArg(l, req, argSet, arg); + // o = req.get(IRequest.OLD_CERTS); + // if (o != null) + fillRevokeRequestIntoArg(l, req, argSet, arg); } } - - private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { - + + private void fillX509RequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { + // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -138,7 +134,7 @@ public class CertReqParser extends ReqParser { Enumeration enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; @@ -150,32 +146,41 @@ public class CertReqParser extends ReqParser { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable http_params = req.getExtDataInHashtable(name); - // show certType specially - String certType = (String) http_params.get(IRequest.CERT_TYPE); + // show certType specially + String certType = (String) http_params + .get(IRequest.CERT_TYPE); if (certType != null) { arg.addStringValue(IRequest.CERT_TYPE, certType); } - String presenceServerExt = (String) http_params.get("PresenceServerExtension"); + String presenceServerExt = (String) http_params + .get("PresenceServerExtension"); if (presenceServerExt != null) { - arg.addStringValue("PresenceServerExtension", presenceServerExt); + arg.addStringValue("PresenceServerExtension", + presenceServerExt); } // show all http parameters in request int counter = 0; Enumeration elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = IRequest.HTTP_PARAMS + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n\r" + + prefix + + parami + + ".value=\"" + + CMSTemplate + .escapeJavaScriptStringHTML(http_params + .get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -186,16 +191,22 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = IRequest.HTTP_HEADERS + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n\r" + + prefix + + parami + + ".value=\"" + + CMSTemplate + .escapeJavaScriptStringHTML(http_hdrs + .get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -206,8 +217,8 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = IRequest.AUTH_TOKEN + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); Object authTokenValue = auth_token.getInStringArray(n); @@ -215,14 +226,16 @@ public class CertReqParser extends ReqParser { authTokenValue = auth_token.getInString(n); } String v = expandValue(prefix + parami + ".value", - authTokenValue); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + authTokenValue); + String rawJS = "new Object;\n\r" + prefix + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal modules. + } // all others are request attrs from policy or internal + // modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -235,41 +248,47 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; - - if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || - req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { - X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); + String parami = IRequest.SERVER_ATTRS + LB + + String.valueOf(saCounter++) + RB; + + if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) + && mDetails + && (req.getRequestStatus().toString() + .equals(RequestStatus.COMPLETE_STRING) || req + .getRequestType().equals( + IRequest.GETREVOCATIONINFO_REQUEST))) { + X509CertImpl issuedCert[] = req + .getExtDataInCertArray(IRequest.ISSUED_CERTS); if (issuedCert != null && issuedCert[0] != null) { - val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>"; + val = "<pre>" + + CMS.getCertPrettyPrint(issuedCert[0]) + .toString(l) + "</pre>"; } - } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) { - X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) + && mDetails) { + X509CertInfo[] certInfo = req + .getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - val = "<pre>"+certInfo[0].toString()+"</pre>"; + val = "<pre>" + certInfo[0].toString() + "</pre>"; } } valstr = expandValue(prefix + parami + ".value", val); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + String rawJS = "new Object;\n\r" + prefix + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + + "\";\n" + valstr; // java string already escaped + // in expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -295,22 +314,24 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.ERROR)) { - arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name)); + arg.addStringValue(IRequest.ERRORS, + req.getExtDataInString(name)); } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request - X509CertInfo[] certInfo = - req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + // Get the certificate info from the request + X509CertInfo[] certInfo = req + .getExtDataInCertInfoArray(IRequest.CERT_INFO); if (certInfo != null && certInfo[0] != null) { - // Get the subject name if any set. + // Get the subject name if any set. CertificateSubjectName subjectName = null; String signatureAlgorithm = null; String signatureAlgorithmName = null; try { - subjectName = (CertificateSubjectName) certInfo[0].get(X509CertInfo.SUBJECT); + subjectName = (CertificateSubjectName) certInfo[0] + .get(X509CertInfo.SUBJECT); } catch (IOException e) { // XXX raise exception } catch (CertificateException e) { @@ -331,10 +352,10 @@ public class CertReqParser extends ReqParser { if (mDetails) { try { - CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) - certInfo[0].get(X509CertInfo.ALGORITHM_ID); - AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) certInfo[0] + .get(X509CertInfo.ALGORITHM_ID); + AlgorithmId algId = (AlgorithmId) certAlgId + .get(CertificateAlgorithmId.ALGORITHM); signatureAlgorithm = (algId.getOID()).toString(); signatureAlgorithmName = algId.getName(); @@ -342,16 +363,19 @@ public class CertReqParser extends ReqParser { // XXX raise exception } if (signatureAlgorithm != null) { - arg.addStringValue("signatureAlgorithm", signatureAlgorithm); + arg.addStringValue("signatureAlgorithm", + signatureAlgorithm); } if (signatureAlgorithmName != null) { - arg.addStringValue("signatureAlgorithmName", signatureAlgorithmName); + arg.addStringValue("signatureAlgorithmName", + signatureAlgorithmName); } CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) certInfo[0].get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo[0] + .get(X509CertInfo.EXTENSIONS); } catch (Exception e) { } if (extensions != null) { @@ -362,56 +386,88 @@ public class CertReqParser extends ReqParser { // only know about ns cert type if (ext instanceof NSCertTypeExtension) { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) ext; + NSCertTypeExtension nsExtensions = (NSCertTypeExtension) ext; try { - arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER, - nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT, - nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL, - nsExtensions.get(NSCertTypeExtension.EMAIL).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA, - nsExtensions.get(NSCertTypeExtension.SSL_CA).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA, - nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString()); - - arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA, - nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString()); + arg.addStringValue( + "ext_" + + NSCertTypeExtension.SSL_SERVER, + nsExtensions + .get(NSCertTypeExtension.SSL_SERVER) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.SSL_CLIENT, + nsExtensions + .get(NSCertTypeExtension.SSL_CLIENT) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.EMAIL, + nsExtensions + .get(NSCertTypeExtension.EMAIL) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.OBJECT_SIGNING, + nsExtensions + .get(NSCertTypeExtension.OBJECT_SIGNING) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.SSL_CA, + nsExtensions + .get(NSCertTypeExtension.SSL_CA) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.EMAIL_CA, + nsExtensions + .get(NSCertTypeExtension.EMAIL_CA) + .toString()); + + arg.addStringValue( + "ext_" + + NSCertTypeExtension.OBJECT_SIGNING_CA, + nsExtensions + .get(NSCertTypeExtension.OBJECT_SIGNING_CA) + .toString()); } catch (Exception e) { } } else if (ext instanceof BasicConstraintsExtension) { - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) ext; + BasicConstraintsExtension bcExt = (BasicConstraintsExtension) ext; Integer pathLength = null; Boolean isCA = null; try { - pathLength = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN); - isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA); + pathLength = (Integer) bcExt + .get(BasicConstraintsExtension.PATH_LEN); + isCA = (Boolean) bcExt + .get(BasicConstraintsExtension.IS_CA); } catch (IOException e) { } if (pathLength != null) - arg.addIntegerValue("pathLenBasicConstraints", pathLength.intValue()); + arg.addIntegerValue( + "pathLenBasicConstraints", + pathLength.intValue()); if (isCA != null) - arg.addBooleanValue("isCABasicConstraints", isCA.booleanValue()); + arg.addBooleanValue( + "isCABasicConstraints", + isCA.booleanValue()); } // pretty print all others. else { if (argSet != null) { IArgBlock rr = CMS.createArgBlock(); - rr.addStringValue( - EXT_PRETTYPRINT, - CMS.getExtPrettyPrint(ext, 0).toString()); + rr.addStringValue(EXT_PRETTYPRINT, CMS + .getExtPrettyPrint(ext, 0) + .toString()); argSet.addRepeatRecord(rr); } } @@ -419,11 +475,12 @@ public class CertReqParser extends ReqParser { } - // Get the public key + // Get the public key CertificateX509Key certKey = null; try { - certKey = (CertificateX509Key) certInfo[0].get(X509CertInfo.KEY); + certKey = (CertificateX509Key) certInfo[0] + .get(X509CertInfo.KEY); } catch (IOException e) { // XXX raise exception } catch (CertificateException e) { @@ -440,22 +497,29 @@ public class CertReqParser extends ReqParser { if (key != null) { arg.addStringValue("subjectPublicKeyInfo", - key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString()); + key.getAlgorithm() + + " - " + + key.getAlgorithmId().getOID() + .toString()); arg.addStringValue("subjectPublicKey", - pp.toHexString(key.getKey(), 0, 16)); + pp.toHexString(key.getKey(), 0, 16)); } - // Get the validity period + // Get the validity period CertificateValidity validity = null; try { - validity = - (CertificateValidity) - certInfo[0].get(X509CertInfo.VALIDITY); + validity = (CertificateValidity) certInfo[0] + .get(X509CertInfo.VALIDITY); if (validity != null) { - long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000; - - arg.addLongValue("validityLength", validityLength); + long validityLength = (((Date) validity + .get(CertificateValidity.NOT_AFTER)) + .getTime() - ((Date) validity + .get(CertificateValidity.NOT_BEFORE)) + .getTime()) / 1000; + + arg.addLongValue("validityLength", + validityLength); } } catch (IOException e) { // XXX raise exception @@ -467,7 +531,8 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) { - BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); + BigInteger oldSerialNo[] = req + .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); if (oldSerialNo != null) { if (argSet != null) { @@ -475,37 +540,44 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } } } - if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails && - (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) || - req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) { - X509CertImpl issuedCert[] = - req.getExtDataInCertArray(IRequest.ISSUED_CERTS); - - arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16); + if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) + && mDetails + && (req.getRequestStatus().toString() + .equals(RequestStatus.COMPLETE_STRING) || req + .getRequestType().equals( + IRequest.GETREVOCATIONINFO_REQUEST))) { + X509CertImpl issuedCert[] = req + .getExtDataInCertArray(IRequest.ISSUED_CERTS); + + arg.addBigIntegerValue("serialNumber", + issuedCert[0].getSerialNumber(), 16); // Set Serial No for 2nd certificate if (issuedCert.length == 2) - arg.addBigIntegerValue("serialNumber2", issuedCert[1].getSerialNumber(), 16); + arg.addBigIntegerValue("serialNumber2", + issuedCert[1].getSerialNumber(), 16); } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { - X509CertImpl oldCert[] = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + X509CertImpl oldCert[] = req + .getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCert != null && oldCert.length > 0) { - arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16); - arg.addStringValue("subject", oldCert[0].getSubjectDN().toString()); + arg.addBigIntegerValue("serialNumber", + oldCert[0].getSerialNumber(), 16); + arg.addStringValue("subject", oldCert[0].getSubjectDN() + .toString()); if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) { for (int i = 0; i < oldCert.length; i++) { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldCert[i].getSerialNumber(), 16); + oldCert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -513,12 +585,13 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.CACERTCHAIN) && mDetails) { - byte[] certChainData = req.getExtDataInByteArray( - IRequest.CACERTCHAIN); + byte[] certChainData = req + .getExtDataInByteArray(IRequest.CACERTCHAIN); if (certChainData != null) { CertificateChain certChain = new CertificateChain(); try { - certChain.decode(new ByteArrayInputStream(certChainData)); + certChain + .decode(new ByteArrayInputStream(certChainData)); X509Certificate cert[] = certChain.getChain(); @@ -526,7 +599,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - cert[i].getSerialNumber(), 16); + cert[i].getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } catch (IOException e) { @@ -535,22 +608,24 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) { - Hashtable fingerprints = - req.getExtDataInHashtable(IRequest.FINGERPRINTS); + Hashtable fingerprints = req + .getExtDataInHashtable(IRequest.FINGERPRINTS); if (fingerprints != null) { String namesAndHashes = null; Enumeration enumFingerprints = fingerprints.keys(); - while (enumFingerprints.hasMoreElements()) { - String hashname = (String) enumFingerprints.nextElement(); + while (enumFingerprints.hasMoreElements()) { + String hashname = (String) enumFingerprints + .nextElement(); String hashvalue = (String) fingerprints.get(hashname); byte[] fingerprint = CMS.AtoB(hashvalue); String ppFingerprint = pp.toHexString(fingerprint, 0); if (hashname != null && ppFingerprint != null) { if (namesAndHashes != null) { - namesAndHashes += "+" + hashname + "+" + ppFingerprint; + namesAndHashes += "+" + hashname + "+" + + ppFingerprint; } else { namesAndHashes = hashname + "+" + ppFingerprint; } @@ -577,7 +652,8 @@ public class CertReqParser extends ReqParser { int j = 0; StringBuffer sb = new StringBuffer(); - for (Enumeration n = ((Vector) v).elements(); n.hasMoreElements(); j++) { + for (Enumeration n = ((Vector) v).elements(); n + .hasMoreElements(); j++) { sb.append(";\n"); sb.append(valuename); sb.append(LB); @@ -585,10 +661,9 @@ public class CertReqParser extends ReqParser { sb.append(RB); sb.append(EQ); sb.append("\""); - sb.append( - CMSTemplate.escapeJavaScriptStringHTML( - n.nextElement().toString())); - sb.append( "\";\n"); + sb.append(CMSTemplate.escapeJavaScriptStringHTML(n + .nextElement().toString())); + sb.append("\";\n"); } sb.append("\n"); valstr = sb.toString(); @@ -598,7 +673,7 @@ public class CertReqParser extends ReqParser { // if an array. int len = -1; - try { + try { len = Array.getLength(v); } catch (IllegalArgumentException e) { } @@ -608,9 +683,15 @@ public class CertReqParser extends ReqParser { for (i = 0; i < len; i++) { if (Array.get(v, i) != null) - valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" + - CMSTemplate.escapeJavaScriptStringHTML( - Array.get(v, i).toString()) + "\";\n"; + valstr += ";\n" + + valuename + + LB + + i + + RB + + EQ + + "\"" + + CMSTemplate.escapeJavaScriptStringHTML(Array + .get(v, i).toString()) + "\";\n"; } return valstr; } @@ -618,17 +699,17 @@ public class CertReqParser extends ReqParser { } // if string or unrecognized type, just call its toString method. - return valuename + "=\"" + - CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; + return valuename + "=\"" + + CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\""; } public String getRequestorDN(IRequest request) { try { - X509CertInfo info = (X509CertInfo) - request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = (X509CertInfo) request + .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); // retrieve the subject name - CertificateSubjectName sn = (CertificateSubjectName) - info.get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = (CertificateSubjectName) info + .get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -643,15 +724,16 @@ public class CertReqParser extends ReqParser { String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID); if (cid == null) { - cid = ""; + cid = ""; } - String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID); + String uid = request + .getExtDataInString(IRequest.NETKEY_ATTR_USERID); if (uid == null) { - uid = ""; + uid = ""; } - kid = cid+":"+uid; + kid = cid + ":" + uid; if (kid.equals(":")) { - kid = ""; + kid = ""; } return kid; @@ -661,15 +743,15 @@ public class CertReqParser extends ReqParser { return null; } - private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + private void fillRevokeRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); arg.addStringValue("certExtsEnabled", "yes"); String profile = req.getExtDataInString("profile"); - //CMS.debug("CertReqParser: profile=" + profile); + // CMS.debug("CertReqParser: profile=" + profile); if (profile != null) { arg.addStringValue("profile", profile); String requestorDN = getRequestorDN(req); @@ -690,7 +772,7 @@ public class CertReqParser extends ReqParser { Enumeration enum1 = req.getExtDataKeys(); // gross hack - String prefix = "record."; + String prefix = "record."; if (argSet.getHeader() == arg) prefix = "header."; @@ -702,8 +784,9 @@ public class CertReqParser extends ReqParser { // show all http parameters stored in request. if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) { Hashtable http_params = req.getExtDataInHashtable(name); - // show certType specially - String certType = (String) http_params.get(IRequest.CERT_TYPE); + // show certType specially + String certType = (String) http_params + .get(IRequest.CERT_TYPE); if (certType != null) { arg.addStringValue(IRequest.CERT_TYPE, certType); @@ -713,16 +796,22 @@ public class CertReqParser extends ReqParser { Enumeration elms = http_params.keys(); while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB; + String parami = IRequest.HTTP_PARAMS + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_params.get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n\r" + + prefix + + parami + + ".value=\"" + + CMSTemplate + .escapeJavaScriptStringHTML(http_params + .get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -733,16 +822,22 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB; + String parami = IRequest.HTTP_HEADERS + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" + - prefix + parami + ".value=\"" + - CMSTemplate.escapeJavaScriptStringHTML( - http_hdrs.get(n).toString()) + "\""; + String rawJS = "new Object;\n\r" + + prefix + + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n\r" + + prefix + + parami + + ".value=\"" + + CMSTemplate + .escapeJavaScriptStringHTML(http_hdrs + .get(n).toString()) + "\""; arg.set(parami, new RawJS(rawJS)); } @@ -753,20 +848,21 @@ public class CertReqParser extends ReqParser { int counter = 0; while (elms.hasMoreElements()) { - String parami = - IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB; + String parami = IRequest.AUTH_TOKEN + LB + + String.valueOf(counter++) + RB; // hack String n = (String) elms.nextElement(); - String v = - expandValue(prefix + parami + ".value", + String v = expandValue(prefix + parami + ".value", auth_token.getInString(n)); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v; + String rawJS = "new Object;\n\r" + prefix + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(n) + + "\";\n" + v; arg.set(parami, new RawJS(rawJS)); } - } // all others are request attrs from policy or internal modules. + } // all others are request attrs from policy or internal + // modules. else { Object val; if (req.isSimpleExtDataValue(name)) { @@ -779,25 +875,25 @@ public class CertReqParser extends ReqParser { } String valstr = ""; // hack - String parami = - IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB; + String parami = IRequest.SERVER_ATTRS + LB + + String.valueOf(saCounter++) + RB; valstr = expandValue(prefix + parami + ".value", val); - String rawJS = "new Object;\n\r" + - prefix + parami + ".name=\"" + - CMSTemplate.escapeJavaScriptString(name) + "\";\n" + - valstr; // java string already escaped in expandValue. + String rawJS = "new Object;\n\r" + prefix + parami + + ".name=\"" + + CMSTemplate.escapeJavaScriptString(name) + + "\";\n" + valstr; // java string already escaped + // in expandValue. arg.set(parami, new RawJS(rawJS)); } } if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE) - || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) - || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) - || name.equalsIgnoreCase(IRequest.RESULT) - || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE) - ) { + || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL) + || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS) + || name.equalsIgnoreCase(IRequest.RESULT) + || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) { arg.addStringValue(name, req.getExtDataInString(name)); } @@ -823,12 +919,14 @@ public class CertReqParser extends ReqParser { } } if (name.equalsIgnoreCase(IRequest.ERROR)) { - arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name)); + arg.addStringValue(IRequest.ERRORS, + req.getExtDataInString(name)); } if (name.equalsIgnoreCase(IRequest.CERT_INFO)) { - // Get the certificate info from the request - RevokedCertImpl revokedCert[] = req.getExtDataInRevokedCertArray(IRequest.CERT_INFO); + // Get the certificate info from the request + RevokedCertImpl revokedCert[] = req + .getExtDataInRevokedCertArray(IRequest.CERT_INFO); if (mDetails && revokedCert != null) { if (argSet != null) { @@ -836,35 +934,39 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - revokedCert[i].getSerialNumber(), 16); + revokedCert[i].getSerialNumber(), 16); - CRLExtensions crlExtensions = revokedCert[i].getExtensions(); + CRLExtensions crlExtensions = revokedCert[i] + .getExtensions(); if (crlExtensions != null) { for (int k = 0; k < crlExtensions.size(); k++) { - Extension ext = (Extension) crlExtensions.elementAt(k); + Extension ext = (Extension) crlExtensions + .elementAt(k); if (ext instanceof CRLReasonExtension) { rarg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext) + .getReason().toString()); } } } else { rarg.addStringValue("reason", - RevocationReason.UNSPECIFIED.toString()); + RevocationReason.UNSPECIFIED.toString()); } argSet.addRepeatRecord(rarg); } } else { arg.addBigIntegerValue("serialNumber", - revokedCert[0].getSerialNumber(), 16); + revokedCert[0].getSerialNumber(), 16); } } } if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) { - BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); + BigInteger oldSerialNo[] = req + .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS); if (oldSerialNo != null) { if (argSet != null) { @@ -872,7 +974,7 @@ public class CertReqParser extends ReqParser { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - oldSerialNo[i], 16); + oldSerialNo[i], 16); argSet.addRepeatRecord(rarg); } } @@ -880,24 +982,27 @@ public class CertReqParser extends ReqParser { } if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) { - //X509CertImpl oldCert[] = - // (X509CertImpl[])req.get(IRequest.OLD_CERTS); - Certificate oldCert[] = - (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS); - + // X509CertImpl oldCert[] = + // (X509CertImpl[])req.get(IRequest.OLD_CERTS); + Certificate oldCert[] = (Certificate[]) req + .getExtDataInCertArray(IRequest.OLD_CERTS); + if (oldCert != null && oldCert.length > 0) { if (oldCert[0] instanceof X509CertImpl) { X509CertImpl xcert = (X509CertImpl) oldCert[0]; - arg.addBigIntegerValue("serialNumber", xcert.getSerialNumber(), 16); - arg.addStringValue("subject", xcert.getSubjectDN().toString()); - if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) { + arg.addBigIntegerValue("serialNumber", + xcert.getSerialNumber(), 16); + arg.addStringValue("subject", xcert.getSubjectDN() + .toString()); + if (req.getRequestType().equals( + IRequest.GETCERTS_REQUEST)) { for (int i = 0; i < oldCert.length; i++) { IArgBlock rarg = CMS.createArgBlock(); xcert = (X509CertImpl) oldCert[i]; rarg.addBigIntegerValue("serialNumber", - xcert.getSerialNumber(), 16); + xcert.getSerialNumber(), 16); argSet.addRepeatRecord(rarg); } } @@ -905,21 +1010,23 @@ public class CertReqParser extends ReqParser { } } - if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails && - req.getRequestType().equals("getRevocationInfo")) { - RevokedCertImpl revokedCert[] = - req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); + if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails + && req.getRequestType().equals("getRevocationInfo")) { + RevokedCertImpl revokedCert[] = req + .getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS); if (revokedCert != null && revokedCert[0] != null) { boolean reasonFound = false; - CRLExtensions crlExtensions = revokedCert[0].getExtensions(); + CRLExtensions crlExtensions = revokedCert[0] + .getExtensions(); for (int k = 0; k < crlExtensions.size(); k++) { Extension ext = (Extension) crlExtensions.elementAt(k); if (ext instanceof CRLReasonExtension) { arg.addStringValue("reason", - ((CRLReasonExtension) ext).getReason().toString()); + ((CRLReasonExtension) ext).getReason() + .toString()); reasonFound = true; } } @@ -930,5 +1037,5 @@ public class CertReqParser extends ReqParser { } } } - + } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java index 127f2ce8..3eca4390 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Check the status of a certificate request - * + * * @version $Revision$, $Date$ */ public class CheckRequest extends CMSServlet { @@ -116,15 +114,14 @@ public class CheckRequest extends CMSServlet { /** * Constructs request query servlet. */ - public CheckRequest() - throws EBaseException { + public CheckRequest() throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "requestStatus.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -140,12 +137,12 @@ public class CheckRequest extends CMSServlet { * Process the HTTP request. * <ul> * <li>http.param requestId ID of the request to check - * <li>http.param format if 'id', then check the request based on - * the request ID parameter. If set to CMC, then use the - * 'queryPending' parameter. + * <li>http.param format if 'id', then check the request based on the + * request ID parameter. If set to CMC, then use the 'queryPending' + * parameter. * <li>http.param queryPending query formatted as a CMC request * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -162,14 +159,14 @@ public class CheckRequest extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "read"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -187,9 +184,10 @@ public class CheckRequest extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } IArgBlock header = CMS.createArgBlock(); @@ -207,27 +205,31 @@ public class CheckRequest extends CMSServlet { // They may check the status using CMC queryPending String queryPending = req.getParameter("queryPending"); - if (format != null && format.equals("cmc") && queryPending != null && !queryPending.equals("")) { + if (format != null && format.equals("cmc") && queryPending != null + && !queryPending.equals("")) { try { isCMCReq = true; byte[] cmcBlob = CMS.AtoB(queryPending); - ByteArrayInputStream cmcBlobIn = - new ByteArrayInputStream(cmcBlob); - - org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); - SignedData cmcFullReq = (SignedData) - cii.getInterpretedContent(); - + ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream( + cmcBlob); + + org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo + .getTemplate().decode(cmcBlobIn); + SignedData cmcFullReq = (SignedData) cii + .getInterpretedContent(); + EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); - if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PKIDATA")); + if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) + || !ci.hasContent()) { + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_PKIDATA")); } OCTET_STRING content = ci.getContent(); - ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); + ByteArrayInputStream s = new ByteArrayInputStream( + content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); SEQUENCE controlSequence = pkiData.getControlSequence(); @@ -235,7 +237,8 @@ public class CheckRequest extends CMSServlet { for (int i = 0; i < numControls; i++) { // decode message. - TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); + TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence + .elementAt(i); OBJECT_IDENTIFIER type = taggedAttr.getType(); if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) { @@ -245,19 +248,21 @@ public class CheckRequest extends CMSServlet { // We only process one for now. if (numReq > 0) { - OCTET_STRING reqId = (OCTET_STRING) - ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(requestIds.elementAt(0))); + OCTET_STRING reqId = (OCTET_STRING) ASN1Util + .decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(requestIds + .elementAt(0))); requestId = new String(reqId.toByteArray()); } - } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { + } else if (type + .equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { transIds = taggedAttr.getValues(); - }else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { + } else if (type + .equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { rNonces = taggedAttr.getValues(); - } else if - (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { + } else if (type + .equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { sNonces = taggedAttr.getValues(); } } @@ -267,56 +272,63 @@ public class CheckRequest extends CMSServlet { } IArgBlock httpParams = cmsReq.getHttpParams(); - boolean importCert = httpParams.getValueAsBoolean("importCert", - false); + boolean importCert = httpParams.getValueAsBoolean("importCert", false); // xxx need to check why this is not available at startup X509Certificate mCACerts[] = null; try { - mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain(); + mCACerts = ((ICertAuthority) mAuthority).getCACertChain() + .getChain(); } catch (Exception e) { throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); + CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE")); } if (requestId == null || requestId.trim().equals("")) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED")); } try { Integer.parseInt(requestId); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId)); - throw new EBaseException( - CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "BASE_INVALID_NUMBER_FORMAT_1", requestId)); + throw new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + } IRequest r = mQueue.findRequest(new RequestId(requestId)); if (r == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId)); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_REQUEST_ID_NOT_FOUND_1", requestId)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_REQUEST_ID_NOT_FOUND", requestId)); } if (authToken != null) { - // if RA, requestOwner must match the group - String group = authToken.getInString("group"); - if ((group != null) && (group != "")) { - if (group.equals("Registration Manager Agents")) { - boolean groupMatched = false; - String requestOwner = r.getExtDataInString("requestOwner"); - if (requestOwner != null) { - if (requestOwner.equals(group)) - groupMatched = true; - } - if (groupMatched == false) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString())); - throw new EBaseException( - CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); - } + // if RA, requestOwner must match the group + String group = authToken.getInString("group"); + if ((group != null) && (group != "")) { + if (group.equals("Registration Manager Agents")) { + boolean groupMatched = false; + String requestOwner = r.getExtDataInString("requestOwner"); + if (requestOwner != null) { + if (requestOwner.equals(group)) + groupMatched = true; + } + if (groupMatched == false) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "BASE_INVALID_NUMBER_FORMAT_1", + requestId.toString())); + throw new EBaseException(CMS.getUserMessage( + getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId)); + } + } } - } } RequestStatus status = r.getRequestStatus(); @@ -327,35 +339,37 @@ public class CheckRequest extends CMSServlet { header.addStringValue(STATUS, status.toString()); header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000); header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000); - if (note != null && note.length() > 0) + if (note != null && note.length() > 0) header.addStringValue("requestNotes", note); String type = r.getRequestType(); Integer result = r.getExtDataInInteger(IRequest.RESULT); -/* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { - X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); - IArgBlock rarg = CMS.createArgBlock(); - - rarg.addBigIntegerValue("serialNumber", - cert.getSerialNumber(), 16); - argSet.addRepeatRecord(rarg); - } -*/ + /* + * if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != + * null) && status.equals(RequestStatus.COMPLETE)) { X509CertImpl cert = + * (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); IArgBlock + * rarg = CMS.createArgBlock(); + * + * rarg.addBigIntegerValue("serialNumber", cert.getSerialNumber(), 16); + * argSet.addRepeatRecord(rarg); } + */ String profileId = r.getExtDataInString("profileId"); if (profileId != null) { - result = IRequest.RES_SUCCESS; + result = IRequest.RES_SUCCESS; } - if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) || - type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && - status.equals(RequestStatus.COMPLETE) && (result != null) && - result.equals(IRequest.RES_SUCCESS)) { + if ((type != null) + && (type.equals(IRequest.ENROLLMENT_REQUEST) || type + .equals(IRequest.RENEWAL_REQUEST)) && (status != null) + && status.equals(RequestStatus.COMPLETE) && (result != null) + && result.equals(IRequest.RES_SUCCESS)) { Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS); if (profileId != null) { - X509CertImpl impl[] = new X509CertImpl[1]; - impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); - o = impl; + X509CertImpl impl[] = new X509CertImpl[1]; + impl[0] = r + .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + o = impl; } if (o != null && (o instanceof X509CertImpl[])) { X509CertImpl[] certs = (X509CertImpl[]) o; @@ -366,25 +380,25 @@ public class CheckRequest extends CMSServlet { IArgBlock rarg = CMS.createArgBlock(); rarg.addBigIntegerValue("serialNumber", - certs[i].getSerialNumber(), 16); + certs[i].getSerialNumber(), 16); // add pkcs7 cert for importing if (importCert || isCMCReq) { - //byte[] ba = certs[i].getEncoded(); - X509CertImpl[] certsInChain = new X509CertImpl[1];; + // byte[] ba = certs[i].getEncoded(); + X509CertImpl[] certsInChain = new X509CertImpl[1]; + ; if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { if (certs[i].equals(mCACerts[ii])) { - certsInChain = new - X509CertImpl[mCACerts.length]; + certsInChain = new X509CertImpl[mCACerts.length]; break; } certsInChain = new X509CertImpl[mCACerts.length + 1]; } } - + // Set the EE cert certsInChain[0] = certs[i]; - + // Set the Ca certificate chain if (mCACerts != null) { for (int ii = 0; ii < mCACerts.length; ii++) { @@ -396,8 +410,10 @@ public class CheckRequest extends CMSServlet { String p7Str; try { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], - new netscape.security.pkcs.ContentInfo(new byte[0]), + PKCS7 p7 = new PKCS7( + new AlgorithmId[0], + new netscape.security.pkcs.ContentInfo( + new byte[0]), certsInChain, new netscape.security.pkcs.SignerInfo[0]); ByteArrayOutputStream bos = new ByteArrayOutputStream(); @@ -407,7 +423,7 @@ public class CheckRequest extends CMSServlet { p7Str = CMS.BtoA(p7Bytes); - StringTokenizer tokenizer = null; + StringTokenizer tokenizer = null; if (File.separator.equals("\\")) { char[] nl = new char[2]; @@ -416,18 +432,22 @@ public class CheckRequest extends CMSServlet { nl[1] = 13; String nlstr = new String(nl); - tokenizer = new StringTokenizer(p7Str, nlstr); + tokenizer = new StringTokenizer(p7Str, + nlstr); } else - tokenizer = new StringTokenizer(p7Str, "\n"); + tokenizer = new StringTokenizer(p7Str, + "\n"); StringBuffer res = new StringBuffer(); while (tokenizer.hasMoreTokens()) { - String elem = (String) tokenizer.nextToken(); + String elem = (String) tokenizer + .nextToken(); res.append(elem); } - header.addStringValue("pkcs7ChainBase64", res.toString()); + header.addStringValue("pkcs7ChainBase64", + res.toString()); // compose full response if (isCMCReq) { @@ -437,152 +457,177 @@ public class CheckRequest extends CMSServlet { if (bodyPartId != null) bpids.addElement(bodyPartId); - CMCStatusInfo cmcStatusInfo = new - CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids); - TaggedAttribute ta = new TaggedAttribute(new - INTEGER(bpid++), + CMCStatusInfo cmcStatusInfo = new CMCStatusInfo( + CMCStatusInfo.SUCCESS, bpids); + TaggedAttribute ta = new TaggedAttribute( + new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo); controlSeq.addElement(ta); - + // copy transactionID, senderNonce, // create recipientNonce if (transIds != null) { - ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_transactionId, - transIds); + ta = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_transactionId, + transIds); controlSeq.addElement(ta); } - + if (sNonces != null) { - ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_recipientNonce, - sNonces); + ta = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_recipientNonce, + sNonces); controlSeq.addElement(ta); } - + String salt = CMSServlet.generateSalt(); byte[] dig; try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + MessageDigest SHA1Digest = MessageDigest + .getInstance("SHA1"); - dig = SHA1Digest.digest(salt.getBytes()); + dig = SHA1Digest.digest(salt + .getBytes()); } catch (NoSuchAlgorithmException ex) { dig = salt.getBytes(); } String b64E = CMS.BtoA(dig); - String[] newNonce = {b64E}; + String[] newNonce = { b64E }; - ta = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_senderNonce, - new OCTET_STRING(newNonce[0].getBytes())); + ta = new TaggedAttribute( + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(newNonce[0] + .getBytes())); controlSeq.addElement(ta); - - ResponseBody rb = new ResponseBody(controlSeq, new - SEQUENCE(), new - SEQUENCE()); - EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse, + + ResponseBody rb = new ResponseBody( + controlSeq, new SEQUENCE(), + new SEQUENCE()); + EncapsulatedContentInfo ci = new EncapsulatedContentInfo( + OBJECT_IDENTIFIER.id_cct_PKIResponse, rb); - + org.mozilla.jss.crypto.X509Certificate x509cert = null; if (mAuthority instanceof ICertificateAuthority) { - x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert(); - }else if (mAuthority instanceof IRegistrationAuthority) { - x509cert = ((IRegistrationAuthority) mAuthority).getRACert(); + x509cert = ((ICertificateAuthority) mAuthority) + .getCaX509Cert(); + } else if (mAuthority instanceof IRegistrationAuthority) { + x509cert = ((IRegistrationAuthority) mAuthority) + .getRACert(); } if (x509cert == null) - throw new - ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); - - X509CertImpl cert = new X509CertImpl(x509cert.getEncoded()); - ByteArrayInputStream issuer1 = new - ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded()); - Name issuer = (Name) Name.getTemplate().decode(issuer1); - IssuerAndSerialNumber ias = new - IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString())); - SignerIdentifier si = new - SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); - - // SHA1 is the default digest Alg for now. + throw new ECMSGWException( + CMS.getUserMessage( + "CMS_GW_CMC_ERROR", + "No signing cert found.")); + + X509CertImpl cert = new X509CertImpl( + x509cert.getEncoded()); + ByteArrayInputStream issuer1 = new ByteArrayInputStream( + ((X500Name) cert.getIssuerDN()) + .getEncoded()); + Name issuer = (Name) Name.getTemplate() + .decode(issuer1); + IssuerAndSerialNumber ias = new IssuerAndSerialNumber( + issuer, new INTEGER(cert + .getSerialNumber() + .toString())); + SignerIdentifier si = new SignerIdentifier( + SignerIdentifier.ISSUER_AND_SERIALNUMBER, + ias, null); + + // SHA1 is the default digest Alg for + // now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = null; - org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert); - org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType(); - - if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) + org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager + .getInstance() + .findPrivKeyByCert(x509cert); + org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey + .getType(); + + if (keyType + .equals(org.mozilla.jss.crypto.PrivateKey.RSA)) signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; - else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) + else if (keyType + .equals(org.mozilla.jss.crypto.PrivateKey.DSA)) signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; MessageDigest SHADigest = null; byte[] digest = null; try { - SHADigest = MessageDigest.getInstance("SHA1"); + SHADigest = MessageDigest + .getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; ByteArrayOutputStream ostream = new ByteArrayOutputStream(); rb.encode((OutputStream) ostream); - digest = SHADigest.digest(ostream.toByteArray()); + digest = SHADigest.digest(ostream + .toByteArray()); } catch (NoSuchAlgorithmException ex) { - //log("digest fail"); + // log("digest fail"); } - - org.mozilla.jss.pkix.cms.SignerInfo signInfo = new - org.mozilla.jss.pkix.cms.SignerInfo(si, null, null, + + org.mozilla.jss.pkix.cms.SignerInfo signInfo = new org.mozilla.jss.pkix.cms.SignerInfo( + si, + null, + null, OBJECT_IDENTIFIER.id_cct_PKIResponse, - digest, signAlg, - privKey); + digest, signAlg, privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { - AlgorithmIdentifier ai = new - AlgorithmIdentifier(digestAlg.toOID(), - null); + AlgorithmIdentifier ai = new AlgorithmIdentifier( + digestAlg.toOID(), null); digestAlgs.addElement(ai); } - + SET jsscerts = new SET(); for (int j = 0; j < certsInChain.length; j++) { - ByteArrayInputStream is = new - ByteArrayInputStream(certsInChain[j].getEncoded()); - org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) - org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is); + ByteArrayInputStream is = new ByteArrayInputStream( + certsInChain[j] + .getEncoded()); + org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) org.mozilla.jss.pkix.cert.Certificate + .getTemplate().decode(is); jsscerts.addElement(certJss); } - - SignedData fResponse = new - SignedData(digestAlgs, ci, - jsscerts, null, signInfos); - org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new - org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse); - ByteArrayOutputStream ostream = new - ByteArrayOutputStream(); - - fullResponse.encode((OutputStream) ostream); + + SignedData fResponse = new SignedData( + digestAlgs, ci, jsscerts, null, + signInfos); + org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new org.mozilla.jss.pkix.cms.ContentInfo( + org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, + fResponse); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + + fullResponse + .encode((OutputStream) ostream); byte[] fr = ostream.toByteArray(); - header.addStringValue(FULL_RESPONSE, CMS.BtoA(fr)); + header.addStringValue(FULL_RESPONSE, + CMS.BtoA(fr)); } } catch (Exception e) { e.printStackTrace(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERROR_FORMING_PKCS7_1", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); + CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR")); } } argSet.addRepeatRecord(rarg); @@ -598,22 +643,21 @@ public class CheckRequest extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java index 0e3974a1..85a546ab 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -25,13 +24,11 @@ import com.netscape.certsrv.base.IArgBlock; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** - * An interface representing a request parser which - * converts Java request object into name value - * pairs and vice versa. + * An interface representing a request parser which converts Java request object + * into name value pairs and vice versa. * <P> - * + * * @version $Revision$, $Date$ */ public interface IReqParser { @@ -39,6 +36,6 @@ public interface IReqParser { /** * Maps request object into argument block. */ - public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException; + public void fillRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java index 459aca63..4348a545 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.math.BigInteger; import java.util.Locale; @@ -29,10 +28,9 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.key.KeyRecordParser; - /** * Output a 'pretty print' of a Key Archival request - * + * * @version $Revision$, $Date$ */ public class KeyReqParser extends ReqParser { @@ -49,8 +47,8 @@ public class KeyReqParser extends ReqParser { /** * Fills in certificate specific request attributes. */ - public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + public void fillRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { // fill in the standard attributes super.fillRequestIntoArg(l, req, argSet, arg); @@ -58,11 +56,11 @@ public class KeyReqParser extends ReqParser { if (type.equals(IRequest.ENROLLMENT_REQUEST)) { BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord"); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra"); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem("kra"); if (kra != null) { - KeyRecordParser.fillRecordIntoArg( - kra.getKeyRepository().readKeyRecord(recSerialNo), - arg); + KeyRecordParser.fillRecordIntoArg(kra.getKeyRepository() + .readKeyRecord(recSerialNo), arg); } else { throw new EBaseException("KRA is not available"); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java index 76418a99..b5fe3c4c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; @@ -79,12 +78,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; import com.netscape.cms.servlet.common.ICMSTemplateFiller; - /** - * Agent operations on Certificate requests. This servlet is used - * by an Agent to approve, reject, reassign, or change a certificate - * request. - * + * Agent operations on Certificate requests. This servlet is used by an Agent to + * approve, reject, reassign, or change a certificate request. + * * @version $Revision$, $Date$ */ public class ProcessCertReq extends CMSServlet { @@ -105,101 +102,85 @@ public class ProcessCertReq extends CMSServlet { private boolean mExtraAgentParams = false; // for RA only since it does not have a database. - private final static String - REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; - private final static String - PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; - private final static String - PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; - private static ICMSTemplateFiller - REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); + private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template"; + private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate"; + private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams"; + private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller(); private String mReqCompletedTemplate = null; - private final static String - CERT_TYPE = "certType"; + private final static String CERT_TYPE = "certType"; private String auditServiceID = ILogger.UNIDENTIFIED; - private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = - "caProcessCertReq"; - private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = - "raProcessCertReq"; + private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = "caProcessCertReq"; + private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = "raProcessCertReq"; private final static String SIGNED_AUDIT_ACCEPTANCE = "accept"; private final static String SIGNED_AUDIT_CANCELLATION = "cancel"; private final static String SIGNED_AUDIT_CLONING = "clone"; private final static String SIGNED_AUDIT_REJECTION = "reject"; private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String[] - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request cancellation: " - + "request cannot be processed due to an " - + "authorization failure", - - /* 1 */ "manual non-profile cert request cancellation: " - + "no reason has been given for cancelling this " - + "cert request", - - /* 2 */ "manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request cancellation: " - + "indeterminate reason for inability to process " - + "cert request due to a NoSuchAlgorithmException" - }; - private final static String[] - SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { - - /* 0 */ "manual non-profile cert request rejection: " - + "request cannot be processed due to an " - + "authorization failure", - - /* 1 */ "manual non-profile cert request rejection: " - + "no reason has been given for rejecting this " - + "cert request", - - /* 2 */ "manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to an EBaseException", - - /* 3 */ "manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to an IOException", - - /* 4 */ "manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to a CertificateException", - - /* 5 */ "manual non-profile cert request rejection: " - + "indeterminate reason for inability to process " - + "cert request due to a NoSuchAlgorithmException" - }; - private final static String - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = - "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = - "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; + private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] { + + /* 0 */"manual non-profile cert request cancellation: " + + "request cannot be processed due to an " + + "authorization failure", + + /* 1 */"manual non-profile cert request cancellation: " + + "no reason has been given for cancelling this " + + "cert request", + + /* 2 */"manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to an EBaseException", + + /* 3 */"manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to an IOException", + + /* 4 */"manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to a CertificateException", + + /* 5 */"manual non-profile cert request cancellation: " + + "indeterminate reason for inability to process " + + "cert request due to a NoSuchAlgorithmException" }; + private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] { + + /* 0 */"manual non-profile cert request rejection: " + + "request cannot be processed due to an " + + "authorization failure", + + /* 1 */"manual non-profile cert request rejection: " + + "no reason has been given for rejecting this " + + "cert request", + + /* 2 */"manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to an EBaseException", + + /* 3 */"manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to an IOException", + + /* 4 */"manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to a CertificateException", + + /* 5 */"manual non-profile cert request rejection: " + + "indeterminate reason for inability to process " + + "cert request due to a NoSuchAlgorithmException" }; + private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5"; /** * Process request. */ - public ProcessCertReq() - throws EBaseException { + public ProcessCertReq() throws EBaseException { super(); } /** * initialize the servlet. This servlet uses the template file * "processCertReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -210,10 +191,9 @@ public class ProcessCertReq extends CMSServlet { String id = sc.getInitParameter(CMSServlet.PROP_ID); if (id != null) { - if (!(auditServiceID.equals( - AGENT_CA_CLONE_ENROLLMENT_SERVLET)) - && !(auditServiceID.equals( - AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { + if (!(auditServiceID.equals(AGENT_CA_CLONE_ENROLLMENT_SERVLET)) + && !(auditServiceID + .equals(AGENT_RA_CLONE_ENROLLMENT_SERVLET))) { auditServiceID = ILogger.UNIDENTIFIED; } else { auditServiceID = id.trim(); @@ -221,20 +201,20 @@ public class ProcessCertReq extends CMSServlet { } mQueue = mAuthority.getRequestQueue(); - mPublisherProcessor = - ((ICertAuthority) mAuthority).getPublisherProcessor(); + mPublisherProcessor = ((ICertAuthority) mAuthority) + .getPublisherProcessor(); mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE; mParser = CertReqParser.DETAIL_PARSER; - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); try { - mReqCompletedTemplate = sc.getInitParameter( - PROP_REQ_COMPLETED_TEMPLATE); + mReqCompletedTemplate = sc + .getInitParameter(PROP_REQ_COMPLETED_TEMPLATE); if (mReqCompletedTemplate == null) mReqCompletedTemplate = REQ_COMPLETED_TEMPLATE; String tmp = sc.getInitParameter(PROP_EXTRA_AGENT_PARAMS); @@ -252,25 +232,24 @@ public class ProcessCertReq extends CMSServlet { } } - /** * Process the HTTP request. * <ul> - * <li>http.param seqNum request id - * <li>http.param notValidBefore certificate validity - * - notBefore - in seconds since jan 1, 1970 - * <li>http.param notValidAfter certificate validity - * - notAfter - in seconds since jan 1, 1970 - * <li>http.param subject certificate subject name - * <li>http.param toDo requested action - * (can be one of: clone, reject, accept, cancel) + * <li>http.param seqNum request id + * <li>http.param notValidBefore certificate validity - notBefore - in + * seconds since jan 1, 1970 + * <li>http.param notValidAfter certificate validity - notAfter - in seconds + * since jan 1, 1970 + * <li>http.param subject certificate subject name + * <li>http.param toDo requested action (can be one of: clone, reject, + * accept, cancel) * <li>http.param signatureAlgorithm certificate signing algorithm - * <li>http.param addExts base-64, DER encoded Extension or - * SEQUENCE OF Extensions to add to certificate - * <li>http.param pathLenConstraint integer path length constraint to - * use in BasicConstraint extension if applicable + * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF + * Extensions to add to certificate + * <li>http.param pathLenConstraint integer path length constraint to use in + * BasicConstraint extension if applicable * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -297,15 +276,16 @@ public class ProcessCertReq extends CMSServlet { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { if (req.getParameter(SEQNUM) != null) { - CMS.debug( - "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM)); + CMS.debug("ProcessCertReq: parameter seqNum " + + req.getParameter(SEQNUM)); seqNum = Integer.parseInt(req.getParameter(SEQNUM)); } String notValidBeforeStr = req.getParameter("notValidBefore"); @@ -326,31 +306,30 @@ public class ProcessCertReq extends CMSServlet { subject = req.getParameter("subject"); signatureAlgorithm = req.getParameter("signatureAlgorithm"); - IRequest r = null; if (seqNum > -1) { - r = mQueue.findRequest(new RequestId( - Integer.toString(seqNum))); + r = mQueue.findRequest(new RequestId(Integer.toString(seqNum))); } - if(seqNum > -1 && r != null) - { - processX509(cmsReq, argSet, header, seqNum, req, resp, - toDo, signatureAlgorithm, subject, - notValidBefore, notValidAfter, locale[0], startTime); + if (seqNum > -1 && r != null) { + processX509(cmsReq, argSet, header, seqNum, req, resp, toDo, + signatureAlgorithm, subject, notValidBefore, + notValidAfter, locale[0], startTime); } else { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum))); - error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", + String.valueOf(seqNum))); + error = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { log(ILogger.LL_FAILURE, "Error " + e); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); - } + error = new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); + } try { ServletOutputStream out = resp.getOutputStream(); @@ -358,46 +337,47 @@ public class ProcessCertReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } - + } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** * Process X509 certificate enrollment request and send request information - * to the caller. + * to the caller. * <P> - * + * * (Certificate Request - an "agent" cert request for "cloning") * <P> - * - * (Certificate Request Processed - either a manual "agent" non-profile - * based cert acceptance, a manual "agent" non-profile based cert - * cancellation, or a manual "agent" non-profile based cert rejection) + * + * (Certificate Request Processed - either a manual "agent" non-profile + * based cert acceptance, a manual "agent" non-profile based cert + * cancellation, or a manual "agent" non-profile based cert rejection) * <P> - * + * * <ul> - * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a - * non-profile cert request is made (before approval process) + * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when + * a non-profile cert request is made (before approval process) * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a * certificate request has just been through the approval process * </ul> + * * @param cmsReq a certificate enrollment request * @param argSet CMS template parameters * @param header argument block @@ -405,26 +385,22 @@ public class ProcessCertReq extends CMSServlet { * @param req HTTP servlet request * @param resp HTTP servlet response * @param toDo string representing the requested action (can be one of: - * clone, reject, accept, cancel) + * clone, reject, accept, cancel) * @param signatureAlgorithm string containing the signature algorithm * @param subject string containing the subject name of the certificate - * @param notValidBefore certificate validity - notBefore - in seconds - * since Jan 1, 1970 + * @param notValidBefore certificate validity - notBefore - in seconds since + * Jan 1, 1970 * @param notValidAfter certificate validity - notAfter - in seconds since - * Jan 1, 1970 + * Jan 1, 1970 * @param locale the system locale * @param startTime the current date * @exception EBaseException an error has occurred */ - private void processX509(CMSRequest cmsReq, - CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String toDo, String signatureAlgorithm, - String subject, - long notValidBefore, long notValidAfter, - Locale locale, long startTime) - throws EBaseException { + private void processX509(CMSRequest cmsReq, CMSTemplateParams argSet, + IArgBlock header, int seqNum, HttpServletRequest req, + HttpServletResponse resp, String toDo, String signatureAlgorithm, + String subject, long notValidBefore, long notValidAfter, + Locale locale, long startTime) throws EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = ILogger.UNIDENTIFIED; @@ -434,16 +410,16 @@ public class ProcessCertReq extends CMSServlet { // "normalize" the "auditCertificateSubjectName" if (auditCertificateSubjectName != null) { - // NOTE: This is ok even if the cert subject name is "" (empty)! + // NOTE: This is ok even if the cert subject name is "" (empty)! auditCertificateSubjectName = auditCertificateSubjectName.trim(); } else { - // NOTE: Here, the cert subject name is MISSING, not "" (empty)! + // NOTE: Here, the cert subject name is MISSING, not "" (empty)! auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE; } try { - IRequest r = mQueue.findRequest(new RequestId( - Integer.toString(seqNum))); + IRequest r = mQueue.findRequest(new RequestId(Integer + .toString(seqNum))); if (r != null) { // overwrite "auditRequesterID" if and only if "id" != null @@ -453,7 +429,7 @@ public class ProcessCertReq extends CMSServlet { } } - if (mAuthority != null) + if (mAuthority != null) header.addStringValue("authorityid", mAuthority.getId()); if (toDo != null) { @@ -463,15 +439,15 @@ public class ProcessCertReq extends CMSServlet { try { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "execute"); + mAuthzResourceName, "execute"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", - e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -481,45 +457,37 @@ public class ProcessCertReq extends CMSServlet { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditServiceID, + auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[0]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[0]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, + auditRequesterID, auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[0]); audit(auditMessage); } @@ -530,14 +498,16 @@ public class ProcessCertReq extends CMSServlet { String authMgr = AuditFormat.NOAUTH; if (authToken != null) { - authMgr = - authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); + authMgr = authToken + .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME); } String agentID = authToken.getInString("userid"); - String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID; + String initiative = AuditFormat.FROMAGENT + " agentID: " + + agentID; // Get the certificate info from the request - X509CertInfo certInfo[] = r.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo certInfo[] = r + .getExtDataInCertInfoArray(IRequest.CERT_INFO); header.addStringValue("toDo", toDo); if (toDo.equals("accept")) { @@ -546,89 +516,95 @@ public class ProcessCertReq extends CMSServlet { int alterationCounter = 0; for (int i = 0; i < certInfo.length; i++) { - CertificateAlgorithmId certAlgId = - (CertificateAlgorithmId) - certInfo[i].get(X509CertInfo.ALGORITHM_ID); + CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) certInfo[i] + .get(X509CertInfo.ALGORITHM_ID); - AlgorithmId algId = (AlgorithmId) - certAlgId.get(CertificateAlgorithmId.ALGORITHM); + AlgorithmId algId = (AlgorithmId) certAlgId + .get(CertificateAlgorithmId.ALGORITHM); if (!(algId.getName().equals(signatureAlgorithm))) { alterationCounter++; - AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm); + AlgorithmId newAlgId = AlgorithmId + .getAlgorithmId(signatureAlgorithm); certInfo[i].set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(newAlgId)); + new CertificateAlgorithmId(newAlgId)); } - CertificateSubjectName certSubject = - (CertificateSubjectName) - certInfo[i].get(X509CertInfo.SUBJECT); + CertificateSubjectName certSubject = (CertificateSubjectName) certInfo[i] + .get(X509CertInfo.SUBJECT); - if (subject != null && - !(certSubject.toString().equals(subject))) { + if (subject != null + && !(certSubject.toString().equals(subject))) { alterationCounter++; certInfo[i].set(X509CertInfo.SUBJECT, - new CertificateSubjectName( - (new X500Name(subject)))); + new CertificateSubjectName( + (new X500Name(subject)))); } - CertificateValidity certValidity = - (CertificateValidity) - certInfo[i].get(X509CertInfo.VALIDITY); + CertificateValidity certValidity = (CertificateValidity) certInfo[i] + .get(X509CertInfo.VALIDITY); Date currentTime = CMS.getCurrentDate(); boolean validityChanged = false; - // only override these values if agent specified them + // only override these values if agent specified + // them if (notValidBefore > 0) { - Date notBefore = (Date) certValidity.get( - CertificateValidity.NOT_BEFORE); + Date notBefore = (Date) certValidity + .get(CertificateValidity.NOT_BEFORE); - if (notBefore.getTime() == 0 || - notBefore.getTime() != notValidBefore) { + if (notBefore.getTime() == 0 + || notBefore.getTime() != notValidBefore) { Date validFrom = new Date(notValidBefore); - notBefore = (notValidBefore == 0) ? currentTime : validFrom; - certValidity.set(CertificateValidity.NOT_BEFORE, - notBefore); + notBefore = (notValidBefore == 0) ? currentTime + : validFrom; + certValidity.set( + CertificateValidity.NOT_BEFORE, + notBefore); validityChanged = true; } } if (notValidAfter > 0) { Date validTo = new Date(notValidAfter); - Date notAfter = (Date) - certValidity.get(CertificateValidity.NOT_AFTER); + Date notAfter = (Date) certValidity + .get(CertificateValidity.NOT_AFTER); - if (notAfter.getTime() == 0 || - notAfter.getTime() != notValidAfter) { + if (notAfter.getTime() == 0 + || notAfter.getTime() != notValidAfter) { notAfter = currentTime; - notAfter = (notValidAfter == 0) ? currentTime : validTo; - certValidity.set(CertificateValidity.NOT_AFTER, - notAfter); + notAfter = (notValidAfter == 0) ? currentTime + : validTo; + certValidity.set( + CertificateValidity.NOT_AFTER, + notAfter); validityChanged = true; } } if (validityChanged) { - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. - certInfo[i].set(X509CertInfo.VALIDITY, certValidity); + certInfo[i].set(X509CertInfo.VALIDITY, + certValidity); } if (certInfo[i].get(X509CertInfo.VERSION) == null) { certInfo[i].set(X509CertInfo.VERSION, - new CertificateVersion( - CertificateVersion.V3)); + new CertificateVersion( + CertificateVersion.V3)); } CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) - certInfo[i].get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo[i] + .get(X509CertInfo.EXTENSIONS); } catch (Exception e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERROR_PARSING_EXTENS", + e.toString())); } // 99/08/31 #361906 - handling additional extensions @@ -637,104 +613,131 @@ public class ProcessCertReq extends CMSServlet { if (addExts != null && !addExts.trim().equals("")) { Vector extsToBeAdded = new Vector(); - byte[] b = (byte[]) (com.netscape.osutil.OSUtil.AtoB(addExts)); + byte[] b = (byte[]) (com.netscape.osutil.OSUtil + .AtoB(addExts)); - // this b can be "Extension" Or "SEQUENCE OF Extension" + // this b can be "Extension" Or + // "SEQUENCE OF Extension" try { DerValue b_der = new DerValue(b); while (b_der.data.available() != 0) { - Extension de = new Extension(b_der.data.getDerValue()); + Extension de = new Extension( + b_der.data.getDerValue()); extsToBeAdded.addElement(de); } } catch (IOException e) { // it could be a single extension - Extension de = new Extension(new DerValue(b)); + Extension de = new Extension( + new DerValue(b)); extsToBeAdded.addElement(de); } if (extsToBeAdded.size() > 0) { if (extensions == null) { extensions = new CertificateExtensions(); - certInfo[i].set(X509CertInfo.EXTENSIONS, extensions); + certInfo[i].set( + X509CertInfo.EXTENSIONS, + extensions); } for (int j = 0; j < extsToBeAdded.size(); j++) { - Extension theExt = (Extension) extsToBeAdded.elementAt(j); + Extension theExt = (Extension) extsToBeAdded + .elementAt(j); - extensions.set(theExt.getExtensionId().toString(), theExt); + extensions.set(theExt.getExtensionId() + .toString(), theExt); } } } if (extensions != null) { try { - NSCertTypeExtension nsExtensions = - (NSCertTypeExtension) - extensions.get( - NSCertTypeExtension.NAME); + NSCertTypeExtension nsExtensions = (NSCertTypeExtension) extensions + .get(NSCertTypeExtension.NAME); if (nsExtensions != null) { updateNSExtension(req, nsExtensions); - } + } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", + e.toString())); } - String pathLength = req.getParameter("pathLenConstraint"); + String pathLength = req + .getParameter("pathLenConstraint"); if (pathLength != null) { try { - int pathLen = Integer.parseInt(pathLength); - BasicConstraintsExtension bcExt = - (BasicConstraintsExtension) - extensions.get( - BasicConstraintsExtension.NAME); + int pathLen = Integer + .parseInt(pathLength); + BasicConstraintsExtension bcExt = (BasicConstraintsExtension) extensions + .get(BasicConstraintsExtension.NAME); if (bcExt != null) { - Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN); - Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA); - - if (bcPathLen != null && - bcPathLen.intValue() != pathLen && - isCA != null) { - BasicConstraintsExtension bcExt0 = - new BasicConstraintsExtension(isCA.booleanValue(), pathLen); - - extensions.delete(BasicConstraintsExtension.NAME); - extensions.set(BasicConstraintsExtension.NAME, (Extension) bcExt0); + Integer bcPathLen = (Integer) bcExt + .get(BasicConstraintsExtension.PATH_LEN); + Boolean isCA = (Boolean) bcExt + .get(BasicConstraintsExtension.IS_CA); + + if (bcPathLen != null + && bcPathLen.intValue() != pathLen + && isCA != null) { + BasicConstraintsExtension bcExt0 = new BasicConstraintsExtension( + isCA.booleanValue(), + pathLen); + + extensions + .delete(BasicConstraintsExtension.NAME); + extensions + .set(BasicConstraintsExtension.NAME, + (Extension) bcExt0); alterationCounter++; } } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", + e.toString())); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage( + "CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", + e.toString())); } } // handle Presence Server Extension - String PSE_Enable = req.getParameter("PSE_Enable"); + String PSE_Enable = req + .getParameter("PSE_Enable"); if (PSE_Enable != null) { - boolean Critical = (req.getParameter("PSE_Critical") != null); + boolean Critical = (req + .getParameter("PSE_Critical") != null); int Version = 0; try { - Version = Integer.parseInt(req.getParameter("PSE_Version")); + Version = Integer.parseInt(req + .getParameter("PSE_Version")); } catch (Exception e1) { } - String StreetAddress = req.getParameter("PSE_StreetAddress"); + String StreetAddress = req + .getParameter("PSE_StreetAddress"); if (StreetAddress == null) { StreetAddress = ""; } - String TelephoneNumber = req.getParameter("PSE_TelephoneNumber"); + String TelephoneNumber = req + .getParameter("PSE_TelephoneNumber"); if (TelephoneNumber == null) { TelephoneNumber = ""; } - String RFC822Name = req.getParameter("PSE_RFC822Name"); + String RFC822Name = req + .getParameter("PSE_RFC822Name"); if (RFC822Name == null) { RFC822Name = ""; @@ -744,7 +747,8 @@ public class ProcessCertReq extends CMSServlet { if (IMID == null) { IMID = ""; } - String HostName = req.getParameter("PSE_HostName"); + String HostName = req + .getParameter("PSE_HostName"); if (HostName == null) { HostName = ""; @@ -752,61 +756,80 @@ public class ProcessCertReq extends CMSServlet { int PortNumber = 0; try { - PortNumber = Integer.parseInt(req.getParameter("PSE_PortNumber")); + PortNumber = Integer + .parseInt(req + .getParameter("PSE_PortNumber")); } catch (Exception e1) { } int MaxUsers = 0; try { - MaxUsers = Integer.parseInt(req.getParameter("PSE_MaxUsers")); + MaxUsers = Integer.parseInt(req + .getParameter("PSE_MaxUsers")); } catch (Exception e1) { } int ServiceLevel = 0; try { - ServiceLevel = Integer.parseInt(req.getParameter("PSE_ServiceLevel")); + ServiceLevel = Integer + .parseInt(req + .getParameter("PSE_ServiceLevel")); } catch (Exception e1) { } // create extension - PresenceServerExtension pseExt = new PresenceServerExtension(Critical, Version, StreetAddress, TelephoneNumber, RFC822Name, IMID, HostName, PortNumber, MaxUsers, ServiceLevel); - - extensions.set(pseExt.getExtensionId().toString(), pseExt); + PresenceServerExtension pseExt = new PresenceServerExtension( + Critical, Version, StreetAddress, + TelephoneNumber, RFC822Name, IMID, + HostName, PortNumber, MaxUsers, + ServiceLevel); + + extensions.set(pseExt.getExtensionId() + .toString(), pseExt); } if (mExtraAgentParams) { - Enumeration extraparams = req.getParameterNames(); + Enumeration extraparams = req + .getParameterNames(); int l = IRequest.AGENT_PARAMS.length() + 1; int ap_counter = 0; Hashtable agentparamsargblock = new Hashtable(); if (extraparams != null) { while (extraparams.hasMoreElements()) { - String s = (String) extraparams.nextElement(); + String s = (String) extraparams + .nextElement(); if (s.startsWith(IRequest.AGENT_PARAMS)) { - String param_value = req.getParameter(s); + String param_value = req + .getParameter(s); if (param_value != null) { - String new_name = s.substring(l); + String new_name = s + .substring(l); - agentparamsargblock.put(new_name, param_value); + agentparamsargblock.put( + new_name, + param_value); ap_counter += 1; } } } } if (ap_counter > 0) { - r.setExtData(IRequest.AGENT_PARAMS, agentparamsargblock); + r.setExtData(IRequest.AGENT_PARAMS, + agentparamsargblock); alterationCounter++; } } - // this set() trigger this rebuild of internal + // this set() trigger this rebuild of internal // raw der encoding cache of X509CertInfo. // Otherwise, the above change wont have effect. - certInfo[i].set(X509CertInfo.EXTENSIONS, extensions); + certInfo[i].set(X509CertInfo.EXTENSIONS, + extensions); } - alterationCounter += updateExtensionsInRequest(req, r); + alterationCounter += updateExtensionsInRequest(req, + r); } if (alterationCounter > 0) { mQueue.updateRequest(r); @@ -818,100 +841,87 @@ public class ProcessCertReq extends CMSServlet { if (r.getRequestStatus().equals(RequestStatus.PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.PENDING); - if (certInfo != null) { + if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "pending", + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending", - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "pending", subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "pending"} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "pending" }); } } } else if (r.getRequestStatus().equals( - RequestStatus.APPROVED) || - r.getRequestStatus().equals( - RequestStatus.SVC_PENDING)) { + RequestStatus.APPROVED) + || r.getRequestStatus().equals( + RequestStatus.SVC_PENDING)) { cmsReq.setResult(r); cmsReq.setStatus(CMSRequest.SVC_PENDING); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + r.getRequestStatus(), + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus(), - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, r.getRequestStatus(), + subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - r.getRequestStatus()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, r.getRequestStatus() }); } } } else if (r.getRequestStatus().equals( @@ -920,100 +930,98 @@ public class ProcessCertReq extends CMSServlet { // XXX make the repeat record. // Get the certificate(s) from the request - X509CertImpl issuedCerts[] = - r.getExtDataInCertArray(IRequest.ISSUED_CERTS); + X509CertImpl issuedCerts[] = r + .getExtDataInCertArray(IRequest.ISSUED_CERTS); - // return potentially more than one certificates. + // return potentially more than one certificates. if (issuedCerts != null) { long endTime = CMS.getCurrentDate().getTime(); StringBuffer sbuf = new StringBuffer(); - //header.addBigIntegerValue("serialNumber", - //issuedCerts[0].getSerialNumber(),16); + // header.addBigIntegerValue("serialNumber", + // issuedCerts[0].getSerialNumber(),16); for (int i = 0; i < issuedCerts.length; i++) { - if (i != 0) + if (i != 0) sbuf.append(", "); - sbuf.append("0x" + - issuedCerts[i].getSerialNumber().toString(16)); - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - issuedCerts[i].getSubjectDN(), - "cert issued serial number: 0x" + - issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)} - ); + sbuf.append("0x" + + issuedCerts[i].getSerialNumber() + .toString(16)); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "completed", + issuedCerts[i].getSubjectDN(), + "cert issued serial number: 0x" + + issuedCerts[i] + .getSerialNumber() + .toString(16) + + " time: " + + (endTime - startTime) }); // store a message in the signed audit log file // (one for each manual "agent" - // cert request processed - "accepted") - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditInfoName, - auditInfoCertValue(issuedCerts[i])); + // cert request processed - "accepted") + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditInfoName, + auditInfoCertValue(issuedCerts[i])); audit(auditMessage); } - header.addStringValue( - "serialNumber", sbuf.toString()); + header.addStringValue("serialNumber", + sbuf.toString()); } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed", - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "completed", subject, + "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "completed"} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "completed" }); } // store a message in the signed audit log file // (manual "agent" cert request processed - // - "accepted") - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + // - "accepted") + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, + auditRequesterID, auditInfoName, + ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } - // grant trusted manager or agent privileges + // grant trusted manager or agent privileges Object grantError = null; - try { - int res = grant_privileges( - cmsReq, r, issuedCerts, header); + try { + int res = grant_privileges(cmsReq, r, issuedCerts, + header); if (res != 0) { header.addStringValue(GRANT_ERROR, "SUCCESS"); @@ -1027,45 +1035,41 @@ public class ProcessCertReq extends CMSServlet { // if this is a RA, show the certificate right away // since ther is no cert database. /* - if (mAuthority instanceof RegistrationAuthority) { - Object[] results = - new Object[] { issuedCerts, grantError }; - cmsReq.setResult(results); - renderTemplate(cmsReq, - mReqCompletedTemplate, REQ_COMPLETED_FILLER); - - return; - } + * if (mAuthority instanceof RegistrationAuthority) { + * Object[] results = new Object[] { issuedCerts, + * grantError }; cmsReq.setResult(results); + * renderTemplate(cmsReq, mReqCompletedTemplate, + * REQ_COMPLETED_FILLER); + * + * return; } */ cmsReq.setResult(r); String scheme = req.getScheme(); - if (scheme.equals("http") && - connectionIsSSL(req)) scheme = "https"; + if (scheme.equals("http") && connectionIsSSL(req)) + scheme = "https"; - /* - header.addStringValue( - "authorityid", mAuthority.getId()); - header.addStringValue("serviceURL", scheme +"://"+ - req.getServerName() + ":"+ - req.getServerPort() + - req.getRequestURI()); - */ + /* + * header.addStringValue( "authorityid", + * mAuthority.getId()); + * header.addStringValue("serviceURL", scheme +"://"+ + * req.getServerName() + ":"+ req.getServerPort() + + * req.getRequestURI()); + */ - if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) { + if (mPublisherProcessor != null + && mPublisherProcessor.ldapEnabled()) { header.addStringValue("dirEnabled", "yes"); - Integer[] ldapPublishStatus = - r.getExtDataInIntegerArray("ldapPublishStatus"); + Integer[] ldapPublishStatus = r + .getExtDataInIntegerArray("ldapPublishStatus"); int certsUpdated = 0; if (ldapPublishStatus != null) { - for (int i = 0; - i < ldapPublishStatus.length; i++) { - if (ldapPublishStatus[i] == - IRequest.RES_SUCCESS) { + for (int i = 0; i < ldapPublishStatus.length; i++) { + if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) { certsUpdated++; } } @@ -1081,59 +1085,50 @@ public class ProcessCertReq extends CMSServlet { mQueue.rejectRequest(r); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "rejected", + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected", - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "rejected", subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "rejected"} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "rejected" }); } } // store a message in the signed audit log file // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[1]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[1]); audit(auditMessage); @@ -1142,47 +1137,40 @@ public class ProcessCertReq extends CMSServlet { if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "canceled", + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled", - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "canceled", subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "canceled"} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { r.getRequestType(), + r.getRequestId(), initiative, + authMgr, "canceled" }); } } @@ -1190,90 +1178,91 @@ public class ProcessCertReq extends CMSServlet { // store a message in the signed audit log file // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[1]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[1]); audit(auditMessage); } else if (toDo.equals("clone")) { IRequest clonedRequest = mQueue.cloneAndMarkPending(r); - header.addStringValue("clonedRequestId", - clonedRequest.getRequestId().toString()); + header.addStringValue("clonedRequestId", clonedRequest + .getRequestId().toString()); if (certInfo != null) { for (int i = 0; i < certInfo.length; i++) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - certInfo[i].get(X509CertInfo.SUBJECT), - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest + .getRequestId() + .toString(), + certInfo[i] + .get(X509CertInfo.SUBJECT), + "" }); } } else { if (subject != null) { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString(), - subject, - ""} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.FORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest + .getRequestId() + .toString(), + subject, "" }); } else { - mLogger.log(ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.NODNFORMAT, - new Object[] { - r.getRequestType(), - r.getRequestId(), - initiative, - authMgr, - "cloned to reqID: " + - clonedRequest.getRequestId().toString()} - ); + mLogger.log( + ILogger.EV_AUDIT, + ILogger.S_OTHER, + AuditFormat.LEVEL, + AuditFormat.NODNFORMAT, + new Object[] { + r.getRequestType(), + r.getRequestId(), + initiative, + authMgr, + "cloned to reqID: " + + clonedRequest + .getRequestId() + .toString() }); } } // store a message in the signed audit log file // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.SUCCESS, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.SUCCESS, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); header.addIntegerValue("seqNum", seqNum); @@ -1283,52 +1272,44 @@ public class ProcessCertReq extends CMSServlet { if (rid != null) header.addStringValue("remoteReqID", rid); } catch (EBaseException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[2]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[2]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[2]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[2]); audit(auditMessage); } @@ -1336,172 +1317,149 @@ public class ProcessCertReq extends CMSServlet { throw e; } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[3]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[3]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[3]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[3]); audit(auditMessage); } } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[4]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[4]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[4]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[4]); audit(auditMessage); } } throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); + CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR")); } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", + e.toString())); // store a message in the signed audit log file if (toDo != null) { if (toDo.equals(SIGNED_AUDIT_CLONING)) { // ("agent" cert request for "cloning") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditServiceID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditServiceID, auditCertificateSubjectName); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) { // (manual "agent" cert request processed - "accepted") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - ILogger.SIGNED_AUDIT_EMPTY_VALUE); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) { // (manual "agent" cert request processed - "cancelled") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[5]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[5]); audit(auditMessage); } else if (toDo.equals(SIGNED_AUDIT_REJECTION)) { // (manual "agent" cert request processed - "rejected") auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, - auditSubjectID, - ILogger.FAILURE, - auditRequesterID, - auditInfoName, - SIGNED_AUDIT_MANUAL_REJECTION_REASON[5]); + LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, + auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditInfoName, + SIGNED_AUDIT_MANUAL_REJECTION_REASON[5]); audit(auditMessage); } } - throw new EBaseException(CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", e.toString())); + throw new EBaseException(CMS.getUserMessage(locale, + "CMS_BASE_INTERNAL_ERROR", e.toString())); } return; } - - private void updateNSExtension(HttpServletRequest req, - NSCertTypeExtension ext) throws IOException { + + private void updateNSExtension(HttpServletRequest req, + NSCertTypeExtension ext) throws IOException { try { if (req.getParameter("certTypeSSLServer") == null) { @@ -1523,9 +1481,11 @@ public class ProcessCertReq extends CMSServlet { } if (req.getParameter("certTypeObjSigning") == null) { - ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(false)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING, + Boolean.valueOf(false)); } else { - ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(true)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING, + Boolean.valueOf(true)); } if (req.getParameter("certTypeEmailCA") == null) { @@ -1541,115 +1501,111 @@ public class ProcessCertReq extends CMSServlet { } if (req.getParameter("certTypeObjSigningCA") == null) { - ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(false)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, + Boolean.valueOf(false)); } else { - ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(true)); + ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, + Boolean.valueOf(true)); } } catch (CertificateException e) { } } /** - * This method sets extensions parameter into the request so - * that the NSCertTypeExtension policy creates new - * NSCertTypExtension with this setting. Note that this - * setting will not be used if the NSCertType Extension - * already exist in CertificateExtension. In that case, - * updateExtensions() will be called to set the extension - * parameter into the extension directly. + * This method sets extensions parameter into the request so that the + * NSCertTypeExtension policy creates new NSCertTypExtension with this + * setting. Note that this setting will not be used if the NSCertType + * Extension already exist in CertificateExtension. In that case, + * updateExtensions() will be called to set the extension parameter into the + * extension directly. */ private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) { int nChanges = 0; - if (req.getParameter("certTypeSSLServer") != null) { - r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_SERVER); - nChanges++; - } + if (req.getParameter("certTypeSSLServer") != null) { + r.setExtData(NSCertTypeExtension.SSL_SERVER, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_SERVER); + nChanges++; + } - if (req.getParameter("certTypeSSLClient") != null) { - r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); - nChanges++; - } + if (req.getParameter("certTypeSSLClient") != null) { + r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CLIENT); + nChanges++; + } - if (req.getParameter("certTypeEmail") != null) { - r.setExtData(NSCertTypeExtension.EMAIL, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL); - nChanges++; - } + if (req.getParameter("certTypeEmail") != null) { + r.setExtData(NSCertTypeExtension.EMAIL, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL); + nChanges++; + } - if (req.getParameter("certTypeObjSigning") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); - nChanges++; - } + if (req.getParameter("certTypeObjSigning") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING); + nChanges++; + } - if (req.getParameter("certTypeEmailCA") != null) { - r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.EMAIL_CA); - nChanges++; - } + if (req.getParameter("certTypeEmailCA") != null) { + r.setExtData(NSCertTypeExtension.EMAIL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.EMAIL_CA); + nChanges++; + } - if (req.getParameter("certTypeSSLCA") != null) { - r.setExtData(NSCertTypeExtension.SSL_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.SSL_CA); - nChanges++; - } + if (req.getParameter("certTypeSSLCA") != null) { + r.setExtData(NSCertTypeExtension.SSL_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.SSL_CA); + nChanges++; + } - if (req.getParameter("certTypeObjSigningCA") != null) { - r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); - nChanges++; - } else { - r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); - nChanges++; - } + if (req.getParameter("certTypeObjSigningCA") != null) { + r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true"); + nChanges++; + } else { + r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA); + nChanges++; + } return nChanges; } - + protected static final String GRANT_ERROR = "grantError"; - public static final String - GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; - public static final String - GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; - public static final String - GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; - public static final String - GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; + public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege"; + public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege"; + public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege"; + public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege"; public static final String GRANT_UID = "grantUID"; public static final String GRANT_PRIVILEGE = "grantPrivilege"; - protected int grant_privileges( - CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header) - throws EBaseException { + protected int grant_privileges(CMSRequest cmsReq, IRequest req, + Certificate[] certs, IArgBlock header) throws EBaseException { // get privileges to grant IArgBlock httpParams = cmsReq.getHttpParams(); - boolean grantTrustedMgr = - httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false); - boolean grantRMAgent = - httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false); - boolean grantCMAgent = - httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false); - boolean grantDRMAgent = - httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false); - - if (!grantTrustedMgr && - !grantCMAgent && !grantRMAgent && !grantDRMAgent) { + boolean grantTrustedMgr = httpParams.getValueAsBoolean( + GRANT_TRUSTEDMGR_PRIVILEGE, false); + boolean grantRMAgent = httpParams.getValueAsBoolean( + GRANT_RMAGENT_PRIVILEGE, false); + boolean grantCMAgent = httpParams.getValueAsBoolean( + GRANT_CMAGENT_PRIVILEGE, false); + boolean grantDRMAgent = httpParams.getValueAsBoolean( + GRANT_DRMAGENT_PRIVILEGE, false); + + if (!grantTrustedMgr && !grantCMAgent && !grantRMAgent + && !grantDRMAgent) { return 0; } else { IAuthToken authToken = getAuthToken(req); @@ -1657,8 +1613,8 @@ public class ProcessCertReq extends CMSServlet { String resourceName = "certServer." + mAuthority.getId() + ".group"; try { - authzToken = authorize(mAclMethod, authToken, - resourceName, "add"); + authzToken = authorize(mAclMethod, authToken, resourceName, + "add"); } catch (Exception e) { // do nothing for now } @@ -1668,7 +1624,7 @@ public class ProcessCertReq extends CMSServlet { if (grantTrustedMgr) obj[0] = TRUSTED_RA_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) obj[0] = RA_AGENT_GROUP; else if (grantCMAgent) obj[0] = CA_AGENT_GROUP; @@ -1677,14 +1633,16 @@ public class ProcessCertReq extends CMSServlet { else obj[0] = "unknown group"; - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_UNAUTHORIZED_CREATE_GROUP", obj[0])); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_UNAUTHORIZED_CREATE_GROUP", obj[0])); } } String uid = (String) httpParams.getValueAsString(GRANT_UID, null); if (uid == null || uid.length() == 0) { - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_GRANT_UID")); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_MISSING_GRANT_UID")); } header.addStringValue(GRANT_UID, uid); @@ -1695,22 +1653,22 @@ public class ProcessCertReq extends CMSServlet { groupname = TRUSTED_RA_GROUP; userType = Constants.PR_SUBSYSTEM_TYPE; } else { - if (grantCMAgent) + if (grantCMAgent) groupname = CA_AGENT_GROUP; - else if (grantRMAgent) + else if (grantRMAgent) groupname = RA_AGENT_GROUP; if (grantDRMAgent) { - if (groupname != null) + if (groupname != null) groupname1 = KRA_AGENT_GROUP; - else + else groupname = KRA_AGENT_GROUP; } userType = Constants.PR_AGENT_TYPE; } - String privilege = - (groupname1 == null) ? groupname : groupname + " and " + groupname1; + String privilege = (groupname1 == null) ? groupname : groupname + + " and " + groupname1; header.addStringValue(GRANT_PRIVILEGE, privilege); @@ -1726,24 +1684,27 @@ public class ProcessCertReq extends CMSServlet { IGroup group = ug.findGroup(groupname), group1 = null; if (group == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_FIND_GROUP_ERROR", groupname)); } if (groupname1 != null) { group1 = ug.findGroup(groupname1); if (group1 == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname)); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERROR_FIND_GROUP_1", groupname)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_FIND_GROUP_ERROR", groupname1)); } } try { ug.addUser(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_ADDING_USER_ERROR", uid)); } try { if (certs[0] instanceof X509CertImpl) { @@ -1751,12 +1712,13 @@ public class ProcessCertReq extends CMSServlet { user.setX509Certificates(tmp); } - + ug.addUserCert(user); } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid)); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_ADDING_CERT_ERROR", uid)); } try { group.addMemberName(uid); @@ -1764,44 +1726,43 @@ public class ProcessCertReq extends CMSServlet { // for audit log SessionContext sContext = SessionContext.getContext(); String adminId = (String) sContext.get(SessionContext.USER_ID); - - mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname} - ); + + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, AuditFormat.LEVEL, + AuditFormat.ADDUSERGROUPFORMAT, new Object[] { adminId, + uid, groupname }); if (group1 != null) { group1.addMemberName(uid); ug.modifyGroup(group1); - + mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, - AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, - new Object[] {adminId, uid, groupname1} - ); + AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT, + new Object[] { adminId, uid, groupname1 }); } } catch (Exception e) { - String msg = - "Could not add user " + uid + " to group " + groupname; + String msg = "Could not add user " + uid + " to group " + groupname; if (group1 != null) msg += " or group " + groupname1; log(ILogger.LL_FAILURE, msg); - if (group1 == null) - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); - else - throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); + if (group1 == null) + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_ADDING_MEMBER", uid, groupname)); + else + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); } return 1; } /** * Signed Audit Log Info Name - * - * This method is called to obtain the "InfoName" for - * a signed audit log message. + * + * This method is called to obtain the "InfoName" for a signed audit log + * message. * <P> - * + * * @param type signed audit log request processing type * @return id string containing the signed audit log message InfoName */ @@ -1832,11 +1793,11 @@ public class ProcessCertReq extends CMSServlet { /** * Signed Audit Log Info Certificate Value - * + * * This method is called to obtain the certificate from the passed in * "X509CertImpl" for a signed audit log message. * <P> - * + * * @param x509cert an X509CertImpl * @return cert string containing the certificate */ @@ -1890,42 +1851,41 @@ public class ProcessCertReq extends CMSServlet { } } - class RAReqCompletedFiller extends ImportCertsTemplateFiller { private static final String RA_AGENT_GROUP = "Registration Manager Agents"; private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents"; + public RAReqCompletedFiller() { super(); } - public CMSTemplateParams getTemplateParams( - CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) - throws Exception { + public CMSTemplateParams getTemplateParams(CMSRequest cmsReq, + IAuthority authority, Locale locale, Exception e) throws Exception { Object[] results = (Object[]) cmsReq.getResult(); Object grantError = results[1]; - //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; + // X509CertImpl[] issuedCerts = (X509CertImpl[])results[0]; Certificate[] issuedCerts = (Certificate[]) results[0]; - + cmsReq.setResult(issuedCerts); - CMSTemplateParams params = - super.getTemplateParams(cmsReq, authority, locale, e); + CMSTemplateParams params = super.getTemplateParams(cmsReq, authority, + locale, e); if (grantError != null) { IArgBlock header = params.getHeader(); if (grantError instanceof String) { - header.addStringValue( - ProcessCertReq.GRANT_ERROR, (String) grantError); + header.addStringValue(ProcessCertReq.GRANT_ERROR, + (String) grantError); } else { EBaseException ex = (EBaseException) grantError; - header.addStringValue( - ProcessCertReq.GRANT_ERROR, ex.toString(locale)); + header.addStringValue(ProcessCertReq.GRANT_ERROR, + ex.toString(locale)); } IArgBlock httpParams = cmsReq.getHttpParams(); - String uid = httpParams.getValueAsString( - ProcessCertReq.GRANT_UID, null); + String uid = httpParams.getValueAsString(ProcessCertReq.GRANT_UID, + null); header.addStringValue(ProcessCertReq.GRANT_UID, uid); boolean grantRMAgent = httpParams.getValueAsBoolean( @@ -1940,7 +1900,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { if (grantDRMAgent) { if (privilege != null) privilege += " and " + KRA_AGENT_GROUP; - else + else privilege = KRA_AGENT_GROUP; } header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege); @@ -1948,4 +1908,3 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller { return params; } } - diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java index 0ac27197..7d74671b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Locale; @@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Display Generic Request detail to the user. - * + * * @version $Revision$, $Date$ */ public class ProcessReq extends CMSServlet { @@ -74,8 +72,9 @@ public class ProcessReq extends CMSServlet { private IReqParser mParser = null; private String[] mSigningAlgorithms = null; - private static String[] DEF_SIGNING_ALGORITHMS = new String[] - {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"}; + private static String[] DEF_SIGNING_ALGORITHMS = new String[] { + "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", + "MD5withRSA", "MD2withRSA" }; /** * Process request. @@ -86,15 +85,15 @@ public class ProcessReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file - * "processReq.template" to process the response. - * The initialization parameter 'parser' is read from the - * servlet configration, and is used to set the type of request. - * The value of this parameter can be: - * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary - * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail - * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail - * </UL> - * + * "processReq.template" to process the response. The initialization + * parameter 'parser' is read from the servlet configration, and is used to + * set the type of request. The value of this parameter can be: + * <UL> + * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary + * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail + * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail + * </UL> + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -111,13 +110,13 @@ public class ProcessReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); - if (mOutputTemplatePath != null) + if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } @@ -126,9 +125,9 @@ public class ProcessReq extends CMSServlet { * <ul> * <li>http.param seqNum * <li>http.param doAssign reassign request. Value can be reassignToMe - * reassignToNobody + * reassignToNobody * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { @@ -152,10 +151,10 @@ public class ProcessReq extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting template " + mFormPath + " Error " + e); + log(ILogger.LL_FAILURE, "Error getting template " + mFormPath + + " Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -171,21 +170,23 @@ public class ProcessReq extends CMSServlet { try { if (doAssign == null) { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "read"); - } else if (doAssign.equals("toMe") || - doAssign.equals("reassignToMe")) { + mAuthzResourceName, "read"); + } else if (doAssign.equals("toMe") + || doAssign.equals("reassignToMe")) { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "assign"); + mAuthzResourceName, "assign"); } else if (doAssign.equals("reassignToNobody")) { authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "unassign"); + mAuthzResourceName, "unassign"); } } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", + e.toString())); } if (authzToken == null) { @@ -193,19 +194,18 @@ public class ProcessReq extends CMSServlet { return; } - process(argSet, header, seqNum, req, resp, - doAssign, locale[0]); + process(argSet, header, seqNum, req, resp, doAssign, locale[0]); } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); - error = new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + error = new ECMSGWException(CMS.getUserMessage( + "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum))); } } catch (EBaseException e) { error = e; } catch (NumberFormatException e) { - error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT")); - } + error = new EBaseException(CMS.getUserMessage(locale[0], + "CMS_BASE_INVALID_NUMBER_FORMAT")); + } try { ServletOutputStream out = resp.getOutputStream(); @@ -213,46 +213,44 @@ public class ProcessReq extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - String output = form.getOutput(argSet); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); - cmsReq.setStatus(CMSRequest.SUCCESS); + String output = form.getOutput(argSet); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); } } else { cmsReq.setError(error); cmsReq.setStatus(CMSRequest.ERROR); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - "Error getting servlet output stream for rendering template. " + - "Error " + e); + log(ILogger.LL_FAILURE, + "Error getting servlet output stream for rendering template. " + + "Error " + e); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } return; } /** - * Sends request information to the calller. - * returns whether there was an error or not. + * Sends request information to the calller. returns whether there was an + * error or not. */ private void process(CMSTemplateParams argSet, IArgBlock header, - int seqNum, HttpServletRequest req, - HttpServletResponse resp, - String doAssign, Locale locale) - throws EBaseException { + int seqNum, HttpServletRequest req, HttpServletResponse resp, + String doAssign, Locale locale) throws EBaseException { header.addIntegerValue("seqNum", seqNum); - IRequest r = - mQueue.findRequest(new RequestId(Integer.toString(seqNum))); + IRequest r = mQueue + .findRequest(new RequestId(Integer.toString(seqNum))); if (r != null) { if (doAssign != null) { if ((doAssign.equals("toMe")) - || (doAssign.equals("reassignToMe"))) { + || (doAssign.equals("reassignToMe"))) { SessionContext ctx = SessionContext.getContext(); String id = (String) ctx.get(SessionContext.USER_ID); @@ -264,32 +262,32 @@ public class ProcessReq extends CMSServlet { } } - // add authority names to know what privileges can be requested. - if (CMS.getSubsystem("kra") != null) + // add authority names to know what privileges can be requested. + if (CMS.getSubsystem("kra") != null) header.addStringValue("localkra", "yes"); - if (CMS.getSubsystem("ca") != null) + if (CMS.getSubsystem("ca") != null) header.addStringValue("localca", "yes"); - if (CMS.getSubsystem("ra") != null) + if (CMS.getSubsystem("ra") != null) header.addStringValue("localra", "yes"); - // DONT NEED TO DO THIS FOR DRM + // DONT NEED TO DO THIS FOR DRM if (mAuthority instanceof ICertAuthority) { // Check/set signing algorithms dynamically. - // In RA mSigningAlgorithms could be null at startup if CA is not - // up and set later when CA comes back up. + // In RA mSigningAlgorithms could be null at startup if CA is + // not + // up and set later when CA comes back up. // Once it's set assumed that it won't change. String[] allAlgorithms = mSigningAlgorithms; if (allAlgorithms == null) { - allAlgorithms = mSigningAlgorithms = - ((ICertAuthority) mAuthority).getCASigningAlgorithms(); + allAlgorithms = mSigningAlgorithms = ((ICertAuthority) mAuthority) + .getCASigningAlgorithms(); if (allAlgorithms == null) { - CMS.debug( - "ProcessReq: signing algorithms set to All algorithms"); + CMS.debug("ProcessReq: signing algorithms set to All algorithms"); allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS; - } else - CMS.debug( - "ProcessReq: First signing algorithms is " + allAlgorithms[0]); + } else + CMS.debug("ProcessReq: First signing algorithms is " + + allAlgorithms[0]); } String validAlgorithms = null; StringBuffer sb = new StringBuffer(); @@ -305,15 +303,19 @@ public class ProcessReq extends CMSServlet { if (validAlgorithms != null) header.addStringValue("validAlgorithms", validAlgorithms); if (mAuthority instanceof ICertificateAuthority) { - String signingAlgorithm = ((ICertificateAuthority) mAuthority).getDefaultAlgorithm(); + String signingAlgorithm = ((ICertificateAuthority) mAuthority) + .getDefaultAlgorithm(); if (signingAlgorithm != null) - header.addStringValue("caSigningAlgorithm", signingAlgorithm); + header.addStringValue("caSigningAlgorithm", + signingAlgorithm); header.addLongValue("defaultValidityLength", - ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000); + ((ICertificateAuthority) mAuthority) + .getDefaultValidity() / 1000); } else if (mAuthority instanceof IRegistrationAuthority) { header.addLongValue("defaultValidityLength", - ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000); + ((IRegistrationAuthority) mAuthority) + .getDefaultValidity() / 1000); } X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert(); @@ -327,9 +329,8 @@ public class ProcessReq extends CMSServlet { mParser.fillRequestIntoArg(locale, r, argSet, header); } else { log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", - String.valueOf(seqNum))); + throw new ECMSGWException(CMS.getUserMessage( + "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum))); } return; diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java index c065173c..c08aecbb 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Show paged list of requests matching search criteria - * + * * @version $Revision$, $Date$ */ public class QueryReq extends CMSServlet { @@ -62,7 +60,7 @@ public class QueryReq extends CMSServlet { private final static String IN_SHOW_ALL = "showAll"; private final static String IN_SHOW_WAITING = "showWaiting"; private final static String IN_SHOW_IN_SERVICE = "showInService"; - private final static String IN_SHOW_PENDING= "showPending"; + private final static String IN_SHOW_PENDING = "showPending"; private final static String IN_SHOW_CANCELLED = "showCancelled"; private final static String IN_SHOW_REJECTED = "showRejected"; private final static String IN_SHOW_COMPLETED = "showCompleted"; @@ -86,17 +84,16 @@ public class QueryReq extends CMSServlet { private final static String OUT_UPDATE_ON = "updatedOn"; private final static String OUT_UPDATE_BY = "updatedBy"; private final static String OUT_REQUESTING_USER = "requestingUser"; - //keeps track of where to begin if page down + // keeps track of where to begin if page down private final static String OUT_FIRST_ENTRY_ON_PAGE = "firstEntryOnPage"; - //keeps track of where to begin if page up + // keeps track of where to begin if page up private final static String OUT_LAST_ENTRY_ON_PAGE = "lastEntryOnPage"; private final static String OUT_SUBJECT = "subject"; private final static String OUT_REQUEST_TYPE = "requestType"; private final static String OUT_COMMENTS = "requestorComments"; private final static String OUT_SERIALNO = "serialNumber"; private final static String OUT_OWNER_NAME = "ownerName"; - private final static String OUT_PUBLIC_KEY_INFO = - "subjectPublicKeyInfo"; + private final static String OUT_PUBLIC_KEY_INFO = "subjectPublicKeyInfo"; private final static String OUT_ERROR = "error"; private final static String OUT_AUTHORITY_ID = "authorityid"; @@ -120,7 +117,7 @@ public class QueryReq extends CMSServlet { /** * initialize the servlet. This servlet uses the template file * "queryReq.template" to process the response. - * + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -143,9 +140,9 @@ public class QueryReq extends CMSServlet { mParser = CertReqParser.DETAIL_PARSER; else if (tmp.trim().equals("KeyReqParser.PARSER")) mParser = KeyReqParser.PARSER; - } + } - // override success and error templates to null - + // override success and error templates to null - // handle templates locally. mTemplates.remove(CMSRequest.SUCCESS); mTemplates.remove(CMSRequest.ERROR); @@ -153,7 +150,7 @@ public class QueryReq extends CMSServlet { if (mOutputTemplatePath != null) mFormPath = mOutputTemplatePath; } - + private String getRequestType(String p) { String filter = "(requestType=*)"; @@ -213,150 +210,145 @@ public class QueryReq extends CMSServlet { /** * Process the HTTP request. * <ul> - * <li>http.param reqState request state - * (one of showAll, showWaiting, showInService, - * showCancelled, showRejected, showCompleted) + * <li>http.param reqState request state (one of showAll, showWaiting, + * showInService, showCancelled, showRejected, showCompleted) * <li>http.param reqType * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if - * when paging down - * seqNumFromDown starts with 0x) + * when paging down seqNumFromDown starts with 0x) * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if - * when paging up - * seqNumFromUp starts with 0x) + * when paging up seqNumFromUp starts with 0x) * <li>http.param maxCount maximum number of records to show * <li>http.param totalCount total number of records in set of pages * <li>http.param direction "up", "down", "begin", or "end" * </ul> - * + * * @param cmsReq the object holding the request and response information */ public void process(CMSRequest cmsReq) throws EBaseException { - CMS.debug("in QueryReq servlet"); - - // Authentication / Authorization - - HttpServletRequest req = cmsReq.getHttpReq(); - IAuthToken authToken = authenticate(cmsReq); - AuthzToken authzToken = null; - - try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); - } catch (EAuthzAccessDenied e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } catch (Exception e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); - } - if (authzToken == null) { - cmsReq.setStatus(CMSRequest.UNAUTHORIZED); - return; - } - - - - - CMSTemplate form = null; - Locale[] locale = new Locale[1]; - - try { - // if get a EBaseException we just throw it. - form = getTemplate(mFormPath, req, locale); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - - /** - * WARNING: - * - * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. - * - **/ - String filter = null; - String reqState = req.getParameter("reqState"); - String reqType = req.getParameter("reqType"); - - if (reqState == null || reqType == null) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL) && - reqType.equals(IN_SHOW_ALL)) { - filter = "(requeststate=*)"; - } else if (reqState.equals(IN_SHOW_ALL)) { - filter = getRequestType(reqType); - } else if (reqType.equals(IN_SHOW_ALL)) { - filter = getRequestState(reqState); - } else { - filter = "(&" + getRequestState(reqState) + - getRequestType(reqType) + ")"; - } - - String direction = "begin"; - if (req.getParameter("direction") != null) { - direction = req.getParameter("direction").trim(); - } - - - int top=0, bottom=0; - - try { - String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); - if (top_s == null) top_s = "0"; - - String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); - if (bottom_s == null) bottom_s = "0"; - - if (top_s.trim().startsWith("0x")) { - top = Integer.parseInt(top_s.trim().substring(2), 16); - } else { - top = Integer.parseInt(top_s.trim()); - } - if (bottom_s.trim().startsWith("0x")) { - bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); - } else { - bottom = Integer.parseInt(bottom_s.trim()); - } - - } catch (NumberFormatException e) { - - } - - // avoid NumberFormatException to the user interface - int maxCount = 10; - try { - maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); - } catch (Exception e) { - } + CMS.debug("in QueryReq servlet"); + + // Authentication / Authorization + + HttpServletRequest req = cmsReq.getHttpReq(); + IAuthToken authToken = authenticate(cmsReq); + AuthzToken authzToken = null; + + try { + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); + } catch (EAuthzAccessDenied e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } catch (Exception e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + } + if (authzToken == null) { + cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + return; + } + + CMSTemplate form = null; + Locale[] locale = new Locale[1]; + + try { + // if get a EBaseException we just throw it. + form = getTemplate(mFormPath, req, locale); + } catch (IOException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, + e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + + /** + * WARNING: + * + * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED. + * + **/ + String filter = null; + String reqState = req.getParameter("reqState"); + String reqType = req.getParameter("reqType"); + + if (reqState == null || reqType == null) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL) && reqType.equals(IN_SHOW_ALL)) { + filter = "(requeststate=*)"; + } else if (reqState.equals(IN_SHOW_ALL)) { + filter = getRequestType(reqType); + } else if (reqType.equals(IN_SHOW_ALL)) { + filter = getRequestState(reqState); + } else { + filter = "(&" + getRequestState(reqState) + getRequestType(reqType) + + ")"; + } + + String direction = "begin"; + if (req.getParameter("direction") != null) { + direction = req.getParameter("direction").trim(); + } + + int top = 0, bottom = 0; + + try { + String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE); + if (top_s == null) + top_s = "0"; + + String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE); + if (bottom_s == null) + bottom_s = "0"; + + if (top_s.trim().startsWith("0x")) { + top = Integer.parseInt(top_s.trim().substring(2), 16); + } else { + top = Integer.parseInt(top_s.trim()); + } + if (bottom_s.trim().startsWith("0x")) { + bottom = Integer.parseInt(bottom_s.trim().substring(2), 16); + } else { + bottom = Integer.parseInt(bottom_s.trim()); + } + + } catch (NumberFormatException e) { + + } + + // avoid NumberFormatException to the user interface + int maxCount = 10; + try { + maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT)); + } catch (Exception e) { + } if (maxCount > mMaxReturns) { - CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns); + CMS.debug("Resetting page size from " + maxCount + " to " + + mMaxReturns); maxCount = mMaxReturns; } - HttpServletResponse resp = cmsReq.getHttpResp(); - CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom ); - - - argset.getFixed().addStringValue("reqType",reqType); + HttpServletResponse resp = cmsReq.getHttpResp(); + CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, + direction, top, bottom); + + argset.getFixed().addStringValue("reqType", reqType); argset.getFixed().addStringValue("reqState", reqState); - argset.getFixed().addIntegerValue("maxCount",maxCount); - - - try { - form.getOutput(argset); - resp.setContentType("text/html"); - form.renderOutput(resp.getOutputStream(), argset); - } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString())); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); - } - cmsReq.setStatus(CMSRequest.SUCCESS); - return; + argset.getFixed().addIntegerValue("maxCount", maxCount); + + try { + form.getOutput(argset); + resp.setContentType("text/html"); + form.renderOutput(resp.getOutputStream(), argset); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CMSGW_ERR_STREAM_TEMPLATE", e.toString())); + throw new ECMSGWException( + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + } + cmsReq.setStatus(CMSRequest.SUCCESS); + return; } private static String makeRequestStatusEq(RequestStatus s) { @@ -369,200 +361,197 @@ public class QueryReq extends CMSServlet { /** * Perform search based on direction button pressed - * @param filter ldap filter indicating which VLV to search through. This can be - * 'all requests', 'pending', etc + * + * @param filter ldap filter indicating which VLV to search through. This + * can be 'all requests', 'pending', etc * @param count the number of requests to show per page - * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end) - * @param top the number of the request shown on at the top of the current page - * @param bottom the number of the request shown on at the bottom of the current page - * @return + * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to + * end) + * @param top the number of the request shown on at the top of the current + * page + * @param bottom the number of the request shown on at the bottom of the + * current page + * @return */ - - private CMSTemplateParams doSearch(Locale l, String filter, - int count, String direction, int top, int bottom) - { - CMSTemplateParams ctp = null; - if (direction.equals("previous")) { - ctp = doSearch(l, filter, -count, top-1); - } else if (direction.equals("next")) { - ctp = doSearch(l,filter, count, bottom+1); - } else if (direction.equals("begin")) { - ctp = doSearch(l,filter, count, 0); - } else if (direction.equals("first")) { - ctp = doSearch(l,filter, count, bottom); - } else { // if 'direction is 'end', default here - ctp = doSearch(l,filter, -count, -1); - } - return ctp; + + private CMSTemplateParams doSearch(Locale l, String filter, int count, + String direction, int top, int bottom) { + CMSTemplateParams ctp = null; + if (direction.equals("previous")) { + ctp = doSearch(l, filter, -count, top - 1); + } else if (direction.equals("next")) { + ctp = doSearch(l, filter, count, bottom + 1); + } else if (direction.equals("begin")) { + ctp = doSearch(l, filter, count, 0); + } else if (direction.equals("first")) { + ctp = doSearch(l, filter, count, bottom); + } else { // if 'direction is 'end', default here + ctp = doSearch(l, filter, -count, -1); + } + return ctp; } - - - - /** - * - * @param locale - * @param filter the types of requests to return - this must match the VLV index - * @param count maximum number of records to return - * @param marker indication of the request ID where the page is anchored - * @return - */ - - private CMSTemplateParams doSearch( - Locale locale, - String filter, - int count, - int marker) { - - IArgBlock header = CMS.createArgBlock(); - IArgBlock context = CMS.createArgBlock(); - CMSTemplateParams argset = new CMSTemplateParams(header, context); - - try { - long startTime = CMS.getCurrentDate().getTime(); - // preserve the type of request that we are - // requesting. - - header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); - header.addStringValue(OUT_REQUESTING_USER, "admin"); - - - boolean jumptoend = false; - if (marker == -1) { - marker = 0; // I think this is inconsequential - jumptoend = true; // override to '99' during search - } - - RequestId id = new RequestId(Integer.toString(marker)); - IRequestVirtualList list = mQueue.getPagedRequestsByFilter( - id, - jumptoend, - filter, - count+1, - "requestId"); - - int totalCount = list.getSize() - list.getCurrentIndex(); - header.addIntegerValue(OUT_TOTALCOUNT, totalCount); - header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); - - int numEntries = list.getSize() - list.getCurrentIndex(); - - Vector v = fetchRecords(list,Math.abs(count)); - v = normalizeOrder(v); - trim(v,id); - - - int currentCount = 0; - int curNum = 0; - int firstNum = -1; - Enumeration requests = v.elements(); - - while (requests.hasMoreElements()) { - IRequest request = null; - try { - request = (IRequest) requests.nextElement(); - } catch (Exception e) { - CMS.debug("Error displaying request:"+e.getMessage()); - // handled below - } - if (request == null) { - log(ILogger.LL_WARN, "Error display request on page"); - continue; - } - - curNum = Integer.parseInt( - request.getRequestId().toString()); - - if (firstNum == -1) { - firstNum = curNum; - } - - IArgBlock rec = CMS.createArgBlock(); - mParser.fillRequestIntoArg(locale, request, argset, rec); - mQueue.releaseRequest(request); - argset.addRepeatRecord(rec); - - currentCount++; - - }// while - long endTime = CMS.getCurrentDate().getTime(); - - header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); - header.addStringValue("time", Long.toString(endTime - startTime)); - header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); - header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); - - } catch (EBaseException e) { - header.addStringValue(OUT_ERROR, e.toString(locale)); - } catch (Exception e) { - } - return argset; - + + /** + * + * @param locale + * @param filter the types of requests to return - this must match the VLV + * index + * @param count maximum number of records to return + * @param marker indication of the request ID where the page is anchored + * @return + */ + + private CMSTemplateParams doSearch(Locale locale, String filter, int count, + int marker) { + + IArgBlock header = CMS.createArgBlock(); + IArgBlock context = CMS.createArgBlock(); + CMSTemplateParams argset = new CMSTemplateParams(header, context); + + try { + long startTime = CMS.getCurrentDate().getTime(); + // preserve the type of request that we are + // requesting. + + header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId()); + header.addStringValue(OUT_REQUESTING_USER, "admin"); + + boolean jumptoend = false; + if (marker == -1) { + marker = 0; // I think this is inconsequential + jumptoend = true; // override to '99' during search + } + + RequestId id = new RequestId(Integer.toString(marker)); + IRequestVirtualList list = mQueue.getPagedRequestsByFilter(id, + jumptoend, filter, count + 1, "requestId"); + + int totalCount = list.getSize() - list.getCurrentIndex(); + header.addIntegerValue(OUT_TOTALCOUNT, totalCount); + header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize()); + + int numEntries = list.getSize() - list.getCurrentIndex(); + + Vector v = fetchRecords(list, Math.abs(count)); + v = normalizeOrder(v); + trim(v, id); + + int currentCount = 0; + int curNum = 0; + int firstNum = -1; + Enumeration requests = v.elements(); + + while (requests.hasMoreElements()) { + IRequest request = null; + try { + request = (IRequest) requests.nextElement(); + } catch (Exception e) { + CMS.debug("Error displaying request:" + e.getMessage()); + // handled below + } + if (request == null) { + log(ILogger.LL_WARN, "Error display request on page"); + continue; + } + + curNum = Integer.parseInt(request.getRequestId().toString()); + + if (firstNum == -1) { + firstNum = curNum; + } + + IArgBlock rec = CMS.createArgBlock(); + mParser.fillRequestIntoArg(locale, request, argset, rec); + mQueue.releaseRequest(request); + argset.addRepeatRecord(rec); + + currentCount++; + + }// while + long endTime = CMS.getCurrentDate().getTime(); + + header.addIntegerValue(OUT_CURRENTCOUNT, currentCount); + header.addStringValue("time", Long.toString(endTime - startTime)); + header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum); + header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum); + + } catch (EBaseException e) { + header.addStringValue(OUT_ERROR, e.toString(locale)); + } catch (Exception e) { + } + return argset; + } /** * If the vector contains the marker element at the end, remove it. - * @param v The vector to trim - * @param marker the marker to look for. + * + * @param v The vector to trim + * @param marker the marker to look for. + */ + private void trim(Vector v, RequestId marker) { + int i = v.size() - 1; + if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) { + v.remove(i); + } + + } + + /** + * Sometimes the list comes back from LDAP in reverse order. This function + * makes sure the results are in 'forward' order. + * + * @param list + * @return */ - private void trim(Vector v, RequestId marker) { - int i = v.size()-1; - if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) { - v.remove(i); - } - - } - - /** - * Sometimes the list comes back from LDAP in reverse order. This function makes - * sure the results are in 'forward' order. - * @param list - * @return - */ private Vector fetchRecords(IRequestVirtualList list, int maxCount) { - - Vector v = new Vector(); - int count = list.getSize(); - int c=0; - for (int i=0; i<count; i++) { - IRequest request = list.getElementAt(i); - if (request != null) { - v.add(request); - c++; - } - if (c >= maxCount) break; - } - - return v; + + Vector v = new Vector(); + int count = list.getSize(); + int c = 0; + for (int i = 0; i < count; i++) { + IRequest request = list.getElementAt(i); + if (request != null) { + v.add(request); + c++; + } + if (c >= maxCount) + break; + } + + return v; } /** * If the requests are in backwards order, reverse the list + * * @param list * @return */ private Vector normalizeOrder(Vector list) { - - int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) - .getRequestId().toString()); - int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list - .size() - 1)).getRequestId().toString()); - boolean reverse = false; - if (firstrequestnum > lastrequestnum) { - reverse = true; // if the order is backwards, place items at the beginning - } - Vector v = new Vector(); - int count = list.size(); - for (int i = 0; i < count; i++) { - Object request = list.elementAt(i); - if (request != null) { - if (reverse) - v.add(0, request); - else - v.add(request); - } - } - - return v; + + int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0)) + .getRequestId().toString()); + int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list + .size() - 1)).getRequestId().toString()); + boolean reverse = false; + if (firstrequestnum > lastrequestnum) { + reverse = true; // if the order is backwards, place items at the + // beginning + } + Vector v = new Vector(); + int count = list.size(); + for (int i = 0; i < count; i++) { + Object request = list.elementAt(i); + if (request != null) { + if (reverse) + v.add(0, request); + else + v.add(request); + } + } + + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java index 29414ca5..e37e4c76 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.util.Locale; import com.netscape.certsrv.base.EBaseException; @@ -26,11 +25,10 @@ import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.servlet.common.CMSTemplateParams; - /** * A class representing a request parser. * <P> - * + * * @version $Revision$, $Date$ */ public class ReqParser implements IReqParser { @@ -50,30 +48,28 @@ public class ReqParser implements IReqParser { /** * Maps request object into argument block. */ - public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg) - throws EBaseException { + public void fillRequestIntoArg(Locale l, IRequest req, + CMSTemplateParams argSet, IArgBlock arg) throws EBaseException { arg.addStringValue(TYPE, req.getRequestType()); - arg.addLongValue("seqNum", - Long.parseLong(req.getRequestId().toString())); - arg.addStringValue(STATUS, - req.getRequestStatus().toString()); - arg.addLongValue(CREATE_ON, - req.getCreationTime().getTime() / 1000); - arg.addLongValue(UPDATE_ON, - req.getModificationTime().getTime() / 1000); + arg.addLongValue("seqNum", + Long.parseLong(req.getRequestId().toString())); + arg.addStringValue(STATUS, req.getRequestStatus().toString()); + arg.addLongValue(CREATE_ON, req.getCreationTime().getTime() / 1000); + arg.addLongValue(UPDATE_ON, req.getModificationTime().getTime() / 1000); String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY); - if (updatedBy == null) updatedBy = ""; + if (updatedBy == null) + updatedBy = ""; arg.addStringValue(UPDATE_BY, updatedBy); SessionContext ctx = SessionContext.getContext(); - String id = (String) ctx.get(SessionContext.USER_ID); + String id = (String) ctx.get(SessionContext.USER_ID); arg.addStringValue("callerName", id); - + String owner = req.getRequestOwner(); - if (owner != null) + if (owner != null) arg.addStringValue("assignedTo", owner); } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java index 04b21440..917fdd40 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java +++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.request; - import java.io.IOException; import java.math.BigInteger; import java.util.Date; @@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate; import com.netscape.cms.servlet.common.CMSTemplateParams; import com.netscape.cms.servlet.common.ECMSGWException; - /** * Search for certificates matching complex query filter - * + * * @version $Revision$, $Date$ */ public class SearchReqs extends CMSServlet { @@ -90,8 +88,9 @@ public class SearchReqs extends CMSServlet { } /** - * initialize the servlet. This servlet uses queryReq.template - * to render the response + * initialize the servlet. This servlet uses queryReq.template to render the + * response + * * @param sc servlet configuration, read from the web.xml file */ public void init(ServletConfig sc) throws ServletException { @@ -105,7 +104,8 @@ public class SearchReqs extends CMSServlet { if (authConfig != null) { try { - mMaxReturns = authConfig.getInteger(PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); + mMaxReturns = authConfig.getInteger( + PROP_MAX_SEARCH_RETURNS, MAX_RESULTS); } catch (EBaseException e) { // do nothing } @@ -120,7 +120,8 @@ public class SearchReqs extends CMSServlet { /* Server-Side time limit */ try { - int maxResults = Integer.parseInt(sc.getInitParameter("maxResults")); + int maxResults = Integer + .parseInt(sc.getInitParameter("maxResults")); if (maxResults < mMaxReturns) mMaxReturns = maxResults; } catch (Exception e) { @@ -154,10 +155,8 @@ public class SearchReqs extends CMSServlet { /** * Serves HTTP request. This format of this request is as follows: - * queryCert? - * [maxCount=<number>] - * [queryFilter=<filter>] - * [revokeAll=<filter>] + * queryCert? [maxCount=<number>] [queryFilter=<filter>] + * [revokeAll=<filter>] */ public void process(CMSRequest cmsReq) throws EBaseException { HttpServletRequest req = cmsReq.getHttpReq(); @@ -168,14 +167,14 @@ public class SearchReqs extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "list"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "list"); } catch (EAuthzAccessDenied e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } catch (Exception e) { log(ILogger.LL_FAILURE, - CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString())); } if (authzToken == null) { @@ -198,10 +197,10 @@ public class SearchReqs extends CMSServlet { try { form = getTemplate(mFormPath, req, locale); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } try { @@ -214,11 +213,13 @@ public class SearchReqs extends CMSServlet { if (timeLimitStr != null && timeLimitStr.length() > 0) timeLimit = Integer.parseInt(timeLimitStr); - process(argSet, header, req.getParameter("queryRequestFilter"), authToken, - maxResults, timeLimit, req, resp, locale[0]); + process(argSet, header, req.getParameter("queryRequestFilter"), + authToken, maxResults, timeLimit, req, resp, locale[0]); } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); - error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT")); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT")); + error = new EBaseException(CMS.getUserMessage(getLocale(req), + "CMS_BASE_INVALID_NUMBER_FORMAT")); } catch (EBaseException e) { error = e; } @@ -229,33 +230,32 @@ public class SearchReqs extends CMSServlet { if (error == null) { String xmlOutput = req.getParameter("xml"); if (xmlOutput != null && xmlOutput.equals("true")) { - outputXML(resp, argSet); + outputXML(resp, argSet); } else { - cmsReq.setStatus(CMSRequest.SUCCESS); - resp.setContentType("text/html"); - form.renderOutput(out, argSet); + cmsReq.setStatus(CMSRequest.SUCCESS); + resp.setContentType("text/html"); + form.renderOutput(out, argSet); } } else { cmsReq.setStatus(CMSRequest.ERROR); cmsReq.setError(error); } } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", + e.toString())); throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); + CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); } } /** * Process the key search. */ - private void process(CMSTemplateParams argSet, IArgBlock header, - String filter, IAuthToken token, - int maxResults, int timeLimit, - HttpServletRequest req, HttpServletResponse resp, - Locale locale) - throws EBaseException { + private void process(CMSTemplateParams argSet, IArgBlock header, + String filter, IAuthToken token, int maxResults, int timeLimit, + HttpServletRequest req, HttpServletResponse resp, Locale locale) + throws EBaseException { try { long startTime = CMS.getCurrentDate().getTime(); @@ -272,25 +272,27 @@ public class SearchReqs extends CMSServlet { } else { if (owner.equals("self")) { String self_uid = token.getInString(IAuthToken.USER_ID); - requestowner_filter = "(requestowner="+self_uid+")"; + requestowner_filter = "(requestowner=" + self_uid + ")"; } else { String uid = req.getParameter("uid"); - requestowner_filter = "(requestowner="+uid+")"; + requestowner_filter = "(requestowner=" + uid + ")"; } - newfilter = "(&"+requestowner_filter+filter.substring(2); + newfilter = "(&" + requestowner_filter + filter.substring(2); } // xxx the filter includes serial number range??? if (maxResults == -1 || maxResults > mMaxReturns) { - CMS.debug("Resetting maximum of returned results from " + maxResults + " to " + mMaxReturns); + CMS.debug("Resetting maximum of returned results from " + + maxResults + " to " + mMaxReturns); maxResults = mMaxReturns; } if (timeLimit == -1 || timeLimit > mTimeLimits) { - CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits); + CMS.debug("Resetting timelimit from " + timeLimit + " to " + + mTimeLimits); timeLimit = mTimeLimits; } - IRequestList list = (timeLimit > 0) ? - mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) : - mQueue.listRequestsByFilter(newfilter, maxResults); + IRequestList list = (timeLimit > 0) ? mQueue.listRequestsByFilter( + newfilter, maxResults, timeLimit) : mQueue + .listRequestsByFilter(newfilter, maxResults); int count = 0; @@ -305,7 +307,8 @@ public class SearchReqs extends CMSServlet { long endTime = CMS.getCurrentDate().getTime(); header.addIntegerValue(OUT_CURRENTCOUNT, count); - header.addStringValue("time", Long.toString(endTime - startTime)); + header.addStringValue("time", + Long.toString(endTime - startTime)); } } header.addIntegerValue(OUT_TOTALCOUNT, count); @@ -323,7 +326,8 @@ public class SearchReqs extends CMSServlet { int i = filter.indexOf(CURRENT_TIME, k); while (i > -1) { - if (now == null) now = new Date(); + if (now == null) + now = new Date(); newFilter.append(filter.substring(k, i)); newFilter.append(now.getTime()); k = i + CURRENT_TIME.length(); diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java index 1f6efa85..7d30d3ae 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -52,14 +52,11 @@ import com.netscape.cms.servlet.base.CMSServlet; import com.netscape.cms.servlet.common.CMSRequest; import com.netscape.symkey.SessionKey; - - /** - * A class representings an administration servlet for Token Key - * Service Authority. This servlet is responsible to serve - * tks administrative operation such as configuration - * parameter updates. - * + * A class representings an administration servlet for Token Key Service + * Authority. This servlet is responsible to serve tks administrative operation + * such as configuration parameter updates. + * * @version $Revision$, $Date$ */ public class TokenServlet extends CMSServlet { @@ -68,66 +65,40 @@ public class TokenServlet extends CMSServlet { */ private static final long serialVersionUID = 8687436109695172791L; protected static final String PROP_ENABLED = "enabled"; - protected static final String TRANSPORT_KEY_NAME ="sharedSecret"; + protected static final String TRANSPORT_KEY_NAME = "sharedSecret"; private final static String INFO = "TokenServlet"; public static int ERROR = 1; private ITKSAuthority mTKS = null; private String mSelectedToken = null; private String mNewSelectedToken = null; String mKeyNickName = null; - String mNewKeyNickName = null; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = - "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; + String mNewKeyNickName = null; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3"; IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":"); - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; - - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5"; - private final static String - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6"; + private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7"; - private final static String - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; + private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3"; - private final static String - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = - "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; + private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4"; /** * Constructs tks servlet. @@ -137,14 +108,13 @@ public class TokenServlet extends CMSServlet { } - public static String trim(String a) - { - StringBuffer newa = new StringBuffer(); + public static String trim(String a) { + StringBuffer newa = new StringBuffer(); StringTokenizer tokens = new StringTokenizer(a, "\n"); - while (tokens.hasMoreTokens()) { - newa.append(tokens.nextToken()); - } - return newa.toString(); + while (tokens.hasMoreTokens()) { + newa.append(tokens.nextToken()); + } + return newa.toString(); } public void init(ServletConfig config) throws ServletException { @@ -153,18 +123,19 @@ public class TokenServlet extends CMSServlet { /** * Returns serlvet information. - * + * * @return name of this servlet */ - public String getServletInfo() { - return INFO; + public String getServletInfo() { + return INFO; } - /** - * Process the HTTP request. - * + + /** + * Process the HTTP request. + * * @param s The URL to decode. */ - protected String URLdecode(String s) { + protected String URLdecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); @@ -184,62 +155,63 @@ public class TokenServlet extends CMSServlet { } } // end for return out.toString(); - } + } - private void setDefaultSlotAndKeyName(HttpServletRequest req) - { - try { + private void setDefaultSlotAndKeyName(HttpServletRequest req) { + try { - String keySet = req.getParameter("keySet"); - if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; - } - CMS.debug("keySet selected: " + keySet); + String keySet = req.getParameter("keySet"); + if (keySet == null || keySet.equals("")) { + keySet = "defKeySet"; + } + CMS.debug("keySet selected: " + keySet); + + mNewSelectedToken = null; + + mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); + String masterKeyPrefix = CMS.getConfigStore().getString( + "tks.master_key_prefix", null); + String temp = req.getParameter("KeyInfo"); // #xx#xx + String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, + null); + if (mappingValue != null) { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + int tokenNumber = 0; + while (st.hasMoreTokens()) { - mNewSelectedToken = null; - - mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); - String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); - String temp = req.getParameter("KeyInfo"); //#xx#xx - String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); - if(mappingValue!=null) - { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - int tokenNumber=0; - while (st.hasMoreTokens()) { - - String currentToken= st.nextToken(); - if(tokenNumber==0) - mSelectedToken = currentToken; - else if(tokenNumber==1) - mKeyNickName = currentToken; - tokenNumber++; - - } + String currentToken = st.nextToken(); + if (tokenNumber == 0) + mSelectedToken = currentToken; + else if (tokenNumber == 1) + mKeyNickName = currentToken; + tokenNumber++; + + } } - if(req.getParameter("newKeyInfo")!=null) // for diversification + if (req.getParameter("newKeyInfo") != null) // for diversification { - temp = req.getParameter("newKeyInfo"); //#xx#xx - String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; - String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); - if(newMappingValue!=null) - { - StringTokenizer st = new StringTokenizer(newMappingValue, ":"); - int tokenNumber=0; - while (st.hasMoreTokens()) { - String currentToken= st.nextToken(); - if(tokenNumber==0) - mNewSelectedToken = currentToken; - else if(tokenNumber==1) - mNewKeyNickName = currentToken; - tokenNumber++; - - } + temp = req.getParameter("newKeyInfo"); // #xx#xx + String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp; + String newMappingValue = CMS.getConfigStore().getString( + newKeyInfoMap, null); + if (newMappingValue != null) { + StringTokenizer st = new StringTokenizer(newMappingValue, + ":"); + int tokenNumber = 0; + while (st.hasMoreTokens()) { + String currentToken = st.nextToken(); + if (tokenNumber == 0) + mNewSelectedToken = currentToken; + else if (tokenNumber == 1) + mNewKeyNickName = currentToken; + tokenNumber++; + + } } - } + } - SessionKey.SetDefaultPrefix(masterKeyPrefix); + SessionKey.SetDefaultPrefix(masterKeyPrefix); } catch (Exception e) { e.printStackTrace(); @@ -249,9 +221,8 @@ public class TokenServlet extends CMSServlet { } private void processComputeSessionKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException - { - byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key; + HttpServletResponse resp) throws EBaseException { + byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key; byte[] card_crypto, host_cryptogram, input_card_crypto; byte[] xcard_challenge, xhost_challenge; byte[] enc_session_key, xkeyInfo; @@ -259,18 +230,18 @@ public class TokenServlet extends CMSServlet { String errorMsg = ""; String badParams = ""; String transportKeyName = ""; - - String rCUID = req.getParameter("CUID"); + + String rCUID = req.getParameter("CUID"); String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); boolean serversideKeygen = false; byte[] drm_trans_wrapped_desKey = null; - PK11SymKey desKey = null; - // PK11SymKey kek_session_key; + PK11SymKey desKey = null; + // PK11SymKey kek_session_key; PK11SymKey kek_key; IConfigStore sconfig = CMS.getConfigStore(); @@ -280,52 +251,53 @@ public class TokenServlet extends CMSServlet { card_crypto = null; host_cryptogram = null; enc_session_key = null; - // kek_session_key = null; + // kek_session_key = null; SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { - agentId = - (String) sContext.get(SessionContext.USER_ID); + agentId = (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST, - rCUID, - ILogger.SUCCESS, - agentId); + LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST, rCUID, + ILogger.SUCCESS, agentId); audit(auditMessage); String kek_wrapped_desKeyString = null; - String keycheck_s = null; + String keycheck_s = null; CMS.debug("processComputeSessionKey:"); - String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + String useSoftToken_s = CMS.getConfigStore().getString( + "tks.useSoftToken", "true"); + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; - String rServersideKeygen = (String) req.getParameter("serversideKeygen"); + String rServersideKeygen = (String) req + .getParameter("serversideKeygen"); if (rServersideKeygen.equals("true")) { - CMS.debug("TokenServlet: serversideKeygen requested"); - serversideKeygen = true; + CMS.debug("TokenServlet: serversideKeygen requested"); + serversideKeygen = true; } else { - CMS.debug("TokenServlet: serversideKeygen not requested"); + CMS.debug("TokenServlet: serversideKeygen not requested"); } try { - isCryptoValidate = sconfig.getBoolean("cardcryptogram.validate.enable", true); + isCryptoValidate = sconfig.getBoolean( + "cardcryptogram.validate.enable", true); } catch (EBaseException eee) { } try { - transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME); + transportKeyName = sconfig.getString("tks.tksSharedSymKeyName", + TRANSPORT_KEY_NAME); } catch (EBaseException e) { } - CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName); - + CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + + transportKeyName); String rcard_challenge = req.getParameter("card_challenge"); String rhost_challenge = req.getParameter("host_challenge"); @@ -355,7 +327,6 @@ public class TokenServlet extends CMSServlet { missingParam = true; } - String selectedToken = null; String keyNickName = null; boolean sameCardCrypto = true; @@ -364,48 +335,51 @@ public class TokenServlet extends CMSServlet { xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; } xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length."); - missingParam = true; + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length."); + missingParam = true; } - xcard_challenge = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); + xcard_challenge = com.netscape.cmsutil.util.Utils + .SpecialDecode(rcard_challenge); if (xcard_challenge == null || xcard_challenge.length != 8) { - badParams += " card_challenge length,"; - CMS.debug("TokenServlet: Invalid card challenge length."); - missingParam = true; + badParams += " card_challenge length,"; + CMS.debug("TokenServlet: Invalid card challenge length."); + missingParam = true; } - - xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); + + xhost_challenge = com.netscape.cmsutil.util.Utils + .SpecialDecode(rhost_challenge); if (xhost_challenge == null || xhost_challenge.length != 8) { - badParams += " host_challenge length,"; - CMS.debug("TokenServlet: Invalid host challenge length"); - missingParam = true; + badParams += " host_challenge length,"; + CMS.debug("TokenServlet: Invalid host challenge length"); + missingParam = true; } - + } CUID = null; if (!missingParam) { - card_challenge = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge); - - host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge); + card_challenge = com.netscape.cmsutil.util.Utils + .SpecialDecode(rcard_challenge); + + host_challenge = com.netscape.cmsutil.util.Utils + .SpecialDecode(rhost_challenge); keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); + String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; // #xx#xx + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, + null); if (mappingValue == null) { - selectedToken = - CMS.getConfigStore().getString("tks.defaultSlot", "internal"); + selectedToken = CMS.getConfigStore().getString( + "tks.defaultSlot", "internal"); keyNickName = rKeyInfo; } else { StringTokenizer st = new StringTokenizer(mappingValue, ":"); @@ -419,175 +393,198 @@ public class TokenServlet extends CMSServlet { try { - byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key")); - CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName); - session_key = SessionKey.ComputeSessionKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName ); - - if(session_key == null) - { + byte macKeyArray[] = com.netscape.cmsutil.util.Utils + .SpecialDecode(sconfig.getString("tks." + keySet + + ".mac_key")); + CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + + selectedToken + " keyNickName=" + keyNickName); + session_key = SessionKey.ComputeSessionKey(selectedToken, + keyNickName, card_challenge, host_challenge, + keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, + transportKeyName); + + if (session_key == null) { CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL "); - throw new Exception("Can't compute session key!"); + throw new Exception("Can't compute session key!"); - } + } - byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); + byte encKeyArray[] = com.netscape.cmsutil.util.Utils + .SpecialDecode(sconfig.getString("tks." + keySet + + ".auth_key")); enc_session_key = SessionKey.ComputeEncSessionKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, encKeyArray, + useSoftToken_s, keySet); - if(enc_session_key == null) - { + if (enc_session_key == null) { CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL "); - throw new Exception("Can't compute enc session key!"); - + throw new Exception("Can't compute enc session key!"); + } if (serversideKeygen == true) { /** - * 0. generate des key - * 1. encrypt des key with kek key - * 2. encrypt des key with DRM transport key - * These two wrapped items are to be sent back to - * TPS. 2nd item is to DRM + * 0. generate des key 1. encrypt des key with kek key + * 2. encrypt des key with DRM transport key These two + * wrapped items are to be sent back to TPS. 2nd item is + * to DRM **/ CMS.debug("TokenServlet: calling ComputeKekKey"); - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - - - kek_key = SessionKey.ComputeKekKey( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet); + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils + .SpecialDecode(sconfig.getString("tks." + + keySet + ".kek_key")); + kek_key = SessionKey.ComputeKekKey(selectedToken, + keyNickName, card_challenge, host_challenge, + keyInfo, CUID, kekKeyArray, useSoftToken_s, + keySet); CMS.debug("TokenServlet: called ComputeKekKey"); - if(kek_key == null) - { + if (kek_key == null) { CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL "); - throw new Exception("Can't compute kek key!"); - + throw new Exception("Can't compute kek key!"); + } // now use kek key to wrap kek session key.. - CMS.debug("computeSessionKey:kek key len ="+ - kek_key.getLength()); - - // (1) generate DES key - /* applet does not support DES3 - org.mozilla.jss.crypto.KeyGenerator kg = - internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); - desKey = kg.generate();*/ - - /* - * XXX GenerateSymkey firt generates a 16 byte DES2 key. - * It then pads it into a 24 byte key with last - * 8 bytes copied from the 1st 8 bytes. Effectively - * making it a 24 byte DES2 key. We need this for - * wrapping private keys on DRM. - */ - /*generate it on whichever token the master key is at*/ - if (useSoftToken_s.equals("true")) { - CMS.debug("TokenServlet: key encryption key generated on internal"); -//cfu audit here? sym key gen - desKey = SessionKey.GenerateSymkey("internal"); -//cfu audit here? sym key gen done + CMS.debug("computeSessionKey:kek key len =" + + kek_key.getLength()); + + // (1) generate DES key + /* + * applet does not support DES3 + * org.mozilla.jss.crypto.KeyGenerator kg = + * internalToken.getKeyGenerator(KeyGenAlgorithm.DES3); + * desKey = kg.generate(); + */ + + /* + * XXX GenerateSymkey firt generates a 16 byte DES2 key. + * It then pads it into a 24 byte key with last 8 bytes + * copied from the 1st 8 bytes. Effectively making it a + * 24 byte DES2 key. We need this for wrapping private + * keys on DRM. + */ + /* generate it on whichever token the master key is at */ + if (useSoftToken_s.equals("true")) { + CMS.debug("TokenServlet: key encryption key generated on internal"); + // cfu audit here? sym key gen + desKey = SessionKey.GenerateSymkey("internal"); + // cfu audit here? sym key gen done + } else { + CMS.debug("TokenServlet: key encryption key generated on " + + selectedToken); + desKey = SessionKey.GenerateSymkey(selectedToken); + } + if (desKey != null) + CMS.debug("TokenServlet: key encryption key generated for " + + rCUID); + else { + CMS.debug("TokenServlet: key encryption key generation failed for " + + rCUID); + throw new Exception( + "can't generate key encryption key"); + } + + /* + * XXX ECBencrypt actually takes the 24 byte DES2 key + * and discard the last 8 bytes before it encrypts. This + * is done so that the applet can digest it + */ + byte[] encDesKey = SessionKey.ECBencrypt(kek_key, + desKey); + /* + * CMS.debug("computeSessionKey:encrypted desKey size = " + * +encDesKey.length); CMS.debug(encDesKey); + */ + + kek_wrapped_desKeyString = com.netscape.cmsutil.util.Utils + .SpecialEncode(encDesKey); + + // get keycheck + byte[] keycheck = SessionKey.ComputeKeyCheck(desKey); + /* + * CMS.debug("computeSessionKey:keycheck size = "+keycheck + * .length); CMS.debug(keycheck); + */ + keycheck_s = com.netscape.cmsutil.util.Utils + .SpecialEncode(keycheck); + + // XXX use DRM transport cert to wrap desKey + String drmTransNickname = CMS.getConfigStore() + .getString("tks.drm_transport_cert_nickname", + ""); + + if ((drmTransNickname == null) + || (drmTransNickname == "")) { + CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); + throw new Exception( + "can't find DRM transport certificate nickname"); } else { - CMS.debug("TokenServlet: key encryption key generated on " + selectedToken); - desKey = SessionKey.GenerateSymkey(selectedToken); + CMS.debug("TokenServlet:drmtransport_cert_nickname=" + + drmTransNickname); } - if (desKey != null) - CMS.debug("TokenServlet: key encryption key generated for "+rCUID); - else { - CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID); - throw new Exception ("can't generate key encryption key"); - } - - /* - * XXX ECBencrypt actually takes the 24 byte DES2 key - * and discard the last 8 bytes before it encrypts. - * This is done so that the applet can digest it - */ - byte[] encDesKey = - SessionKey.ECBencrypt( kek_key, - desKey); - /* - CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length); - CMS.debug(encDesKey); - */ - - kek_wrapped_desKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey); - - // get keycheck - byte[] keycheck = - SessionKey.ComputeKeyCheck(desKey); - /* - CMS.debug("computeSessionKey:keycheck size = "+keycheck.length); - CMS.debug(keycheck); - */ - keycheck_s = - com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck); - - //XXX use DRM transport cert to wrap desKey - String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", ""); - - if ((drmTransNickname == null) || (drmTransNickname == "")) { - CMS.debug("TokenServlet:did not find DRM transport certificate nickname"); - throw new Exception("can't find DRM transport certificate nickname"); - } else { - CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname); - } X509Certificate drmTransCert = null; - drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname); + drmTransCert = CryptoManager.getInstance() + .findCertByNickname(drmTransNickname); // wrap kek session key with DRM transport public key - CryptoToken token = null; - if (useSoftToken_s.equals("true")) { - //token = CryptoManager.getInstance().getTokenByName(selectedToken); - token = CryptoManager.getInstance().getInternalCryptoToken(); + CryptoToken token = null; + if (useSoftToken_s.equals("true")) { + // token = + // CryptoManager.getInstance().getTokenByName(selectedToken); + token = CryptoManager.getInstance() + .getInternalCryptoToken(); } else { - token = CryptoManager.getInstance().getTokenByName(selectedToken); + token = CryptoManager.getInstance().getTokenByName( + selectedToken); } PublicKey pubKey = drmTransCert.getPublicKey(); String pubKeyAlgo = pubKey.getAlgorithm(); CMS.debug("Transport Cert Key Algorithm: " + pubKeyAlgo); KeyWrapper keyWrapper = null; - //For wrapping symmetric keys don't need IV, use ECB + // For wrapping symmetric keys don't need IV, use ECB if (pubKeyAlgo.equals("EC")) { - keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB); + keyWrapper = token + .getKeyWrapper(KeyWrapAlgorithm.AES_ECB); keyWrapper.initWrap(pubKey, null); } else { - keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + keyWrapper = token + .getKeyWrapper(KeyWrapAlgorithm.RSA); keyWrapper.initWrap(pubKey, null); } - CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() ); + CMS.debug("desKey token " + + desKey.getOwningToken().getName() + + " token: " + token.getName()); drm_trans_wrapped_desKey = keyWrapper.wrap(desKey); - CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); + CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); } // if (serversideKeygen == true) - byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key")); + byte authKeyArray[] = com.netscape.cmsutil.util.Utils + .SpecialDecode(sconfig.getString("tks." + keySet + + ".auth_key")); host_cryptogram = SessionKey.ComputeCryptogram( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet); + selectedToken, keyNickName, card_challenge, + host_challenge, keyInfo, CUID, 0, authKeyArray, + useSoftToken_s, keySet); - if(host_cryptogram == null) - { + if (host_cryptogram == null) { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute host cryptogram!"); + throw new Exception("Can't compute host cryptogram!"); } - card_crypto = SessionKey.ComputeCryptogram( - selectedToken,keyNickName,card_challenge, - host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet); + card_crypto = SessionKey.ComputeCryptogram(selectedToken, + keyNickName, card_challenge, host_challenge, + keyInfo, CUID, 1, authKeyArray, useSoftToken_s, + keySet); - if(card_crypto == null) - { + if (card_crypto == null) { CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL "); - throw new Exception("Can't compute card cryptogram!"); + throw new Exception("Can't compute card cryptogram!"); } @@ -596,10 +593,10 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: ComputeCryptogram(): missing card cryptogram"); throw new Exception("Missing card cryptogram"); } - input_card_crypto = - com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram); + input_card_crypto = com.netscape.cmsutil.util.Utils + .SpecialDecode(rcard_cryptogram); if (card_crypto.length == input_card_crypto.length) { - for (int i=0; i<card_crypto.length; i++) { + for (int i = 0; i < card_crypto.length; i++) { if (card_crypto[i] != input_card_crypto[i]) { sameCardCrypto = false; break; @@ -611,17 +608,20 @@ public class TokenServlet extends CMSServlet { } } - CMS.getLogger().log(ILogger.EV_AUDIT, + CMS.getLogger().log( + ILogger.EV_AUDIT, ILogger.S_TKS, - ILogger.LL_INFO,"processComputeSessionKey for CUID=" + - trim(pp.toHexString(CUID))); - } catch (Exception e) { + ILogger.LL_INFO, + "processComputeSessionKey for CUID=" + + trim(pp.toHexString(CUID))); + } catch (Exception e) { CMS.debug(e); - CMS.debug("TokenServlet Computing Session Key: " + e.toString()); + CMS.debug("TokenServlet Computing Session Key: " + + e.toString()); if (isCryptoValidate) sameCardCrypto = false; } - } + } } // ! missingParam String value = ""; @@ -634,34 +634,33 @@ public class TokenServlet extends CMSServlet { String cryptogram = ""; String status = "0"; if (session_key != null && session_key.length > 0) { - outputString = - com.netscape.cmsutil.util.Utils.SpecialEncode(session_key); - } else { - + outputString = com.netscape.cmsutil.util.Utils + .SpecialEncode(session_key); + } else { + status = "1"; } if (enc_session_key != null && enc_session_key.length > 0) { - encSessionKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key); - } else { + encSessionKeyString = com.netscape.cmsutil.util.Utils + .SpecialEncode(enc_session_key); + } else { status = "1"; } - if (serversideKeygen == true) { - if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0) - drm_trans_wrapped_desKeyString = - com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey); - else { - status = "1"; + if (drm_trans_wrapped_desKey != null + && drm_trans_wrapped_desKey.length > 0) + drm_trans_wrapped_desKeyString = com.netscape.cmsutil.util.Utils + .SpecialEncode(drm_trans_wrapped_desKey); + else { + status = "1"; } - } + } - if (host_cryptogram != null && host_cryptogram.length > 0) { - cryptogram = - com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram); + cryptogram = com.netscape.cmsutil.util.Utils + .SpecialEncode(host_cryptogram); } else { status = "2"; } @@ -677,32 +676,30 @@ public class TokenServlet extends CMSServlet { if (missingParam) { status = "3"; } - - if (!status.equals("0")) { - - - if(status.equals("1")) { - errorMsg = "Problem generating session key info."; - } - - if(status.equals("2")) { - errorMsg = "Problem creating host_cryptogram."; - } - - if(status.equals("4")) { - errorMsg = "Problem obtaining token information."; - } - - if(status.equals("3")) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); - } - errorMsg = "Missing input parameters :" + badParams; - } - - value = "status="+status; - } - else { + + if (!status.equals("0")) { + + if (status.equals("1")) { + errorMsg = "Problem generating session key info."; + } + + if (status.equals("2")) { + errorMsg = "Problem creating host_cryptogram."; + } + + if (status.equals("4")) { + errorMsg = "Problem obtaining token information."; + } + + if (status.equals("3")) { + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); + } + errorMsg = "Missing input parameters :" + badParams; + } + + value = "status=" + status; + } else { if (serversideKeygen == true) { StringBuffer sb = new StringBuffer(); sb.append("status=0&"); @@ -711,10 +708,10 @@ public class TokenServlet extends CMSServlet { sb.append("&hostCryptogram="); sb.append(cryptogram); sb.append("&encSessionKey="); - sb.append(encSessionKeyString); + sb.append(encSessionKeyString); sb.append("&kek_wrapped_desKey="); sb.append(kek_wrapped_desKeyString); - sb.append("&keycheck="); + sb.append("&keycheck="); sb.append(keycheck_s); sb.append("&drm_trans_wrapped_desKey="); sb.append(drm_trans_wrapped_desKeyString); @@ -724,19 +721,19 @@ public class TokenServlet extends CMSServlet { sb.append("status=0&"); sb.append("sessionKey="); sb.append(outputString); - sb.append("&hostCryptogram="); - sb.append(cryptogram); + sb.append("&hostCryptogram="); + sb.append(cryptogram); sb.append("&encSessionKey="); sb.append(encSessionKeyString); value = sb.toString(); } } - CMS.debug("TokenServlet:outputString.encode " +value); + CMS.debug("TokenServlet:outputString.encode " + value); - try{ + try { resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " +value.length()); + CMS.debug("TokenServlet:outputString.length " + value.length()); OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -744,78 +741,65 @@ public class TokenServlet extends CMSServlet { } catch (IOException e) { CMS.debug("TokenServlet: " + e.toString()); } - - if(status.equals("0")) { - - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, - rCUID, - ILogger.SUCCESS, - status, - agentId, - isCryptoValidate? "true":"false", - serversideKeygen? "true":"false", - selectedToken, - keyNickName); + + if (status.equals("0")) { + + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, + rCUID, ILogger.SUCCESS, status, agentId, + isCryptoValidate ? "true" : "false", + serversideKeygen ? "true" : "false", selectedToken, + keyNickName); } else { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE, - rCUID, - ILogger.FAILURE, - status, - agentId, - isCryptoValidate? "true":"false", - serversideKeygen? "true":"false", - selectedToken, - keyNickName, - errorMsg); - } - + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE, + rCUID, ILogger.FAILURE, status, agentId, + isCryptoValidate ? "true" : "false", + serversideKeygen ? "true" : "false", selectedToken, + keyNickName, errorMsg); + } + audit(auditMessage); } private void processDiversifyKey(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - byte[] KeySetData,KeysValues,CUID,xCUID; - byte[] xkeyInfo,xnewkeyInfo; + HttpServletResponse resp) throws EBaseException { + byte[] KeySetData, KeysValues, CUID, xCUID; + byte[] xkeyInfo, xnewkeyInfo; boolean missingParam = false; String errorMsg = ""; String badParams = ""; IConfigStore sconfig = CMS.getConfigStore(); - String rnewKeyInfo = req.getParameter("newKeyInfo"); + String rnewKeyInfo = req.getParameter("newKeyInfo"); String newMasterKeyName = req.getParameter("newKeyInfo"); String oldMasterKeyName = req.getParameter("KeyInfo"); - String rCUID =req.getParameter("CUID"); - String auditMessage=""; + String rCUID = req.getParameter("CUID"); + String auditMessage = ""; String keySet = req.getParameter("keySet"); if (keySet == null || keySet.equals("")) { - keySet = "defKeySet"; + keySet = "defKeySet"; } CMS.debug("keySet selected: " + keySet); SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { - agentId = - (String) sContext.get(SessionContext.USER_ID); + agentId = (String) sContext.get(SessionContext.USER_ID); } auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST, - rCUID, - ILogger.SUCCESS, - agentId, - oldMasterKeyName, - newMasterKeyName); + LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST, rCUID, + ILogger.SUCCESS, agentId, oldMasterKeyName, newMasterKeyName); audit(auditMessage); - if ((rCUID == null) || (rCUID.equals(""))) { badParams += " CUID,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID"); @@ -826,130 +810,144 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo"); missingParam = true; } - if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){ + if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) { badParams += " KeyInfo,"; CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo"); missingParam = true; } if (!missingParam) { - xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } - xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName); - if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { - badParams += " NewKeyInfo length,"; - CMS.debug("TokenServlet: Invalid new key info length"); - missingParam = true; - } - } - String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + xkeyInfo = com.netscape.cmsutil.util.Utils + .SpecialDecode(oldMasterKeyName); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } + xnewkeyInfo = com.netscape.cmsutil.util.Utils + .SpecialDecode(newMasterKeyName); + if (xnewkeyInfo == null || xnewkeyInfo.length != 2) { + badParams += " NewKeyInfo length,"; + CMS.debug("TokenServlet: Invalid new key info length"); + missingParam = true; + } + } + String useSoftToken_s = CMS.getConfigStore().getString( + "tks.useSoftToken", "true"); + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; KeySetData = null; String outputString = null; if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + } if (!missingParam) { - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - if (mKeyNickName!=null) - oldMasterKeyName = mKeyNickName; - if (mNewKeyNickName!=null) - newMasterKeyName = mNewKeyNickName; - - String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx - String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null); - String oldSelectedToken = null; - String oldKeyNickName = null; - if (oldMappingValue == null) { - oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - oldKeyNickName = req.getParameter("KeyInfo"); - } else { - StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); - oldSelectedToken = st.nextToken(); - oldKeyNickName = st.nextToken(); - } - - String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx - String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null); - String newSelectedToken = null; - String newKeyNickName = null; - if (newMappingValue == null) { - newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - newKeyNickName = rnewKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(newMappingValue, ":"); - newSelectedToken = st.nextToken(); - newKeyNickName = st.nextToken(); - } - - CMS.debug("process DiversifyKey for oldSelectedToke="+ - oldSelectedToken + " newSelectedToken=" + newSelectedToken + - " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + - newKeyNickName); - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - KeySetData = SessionKey.DiversifyKey(oldSelectedToken, - newSelectedToken, oldKeyNickName, - newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); - - if (KeySetData == null || KeySetData.length<=1) { - CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot"); - } - - CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID)) - + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName - +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName); - - resp.setContentType("text/html"); - - if (KeySetData != null) { - outputString = new String(KeySetData); - } + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + if (mKeyNickName != null) + oldMasterKeyName = mKeyNickName; + if (mNewKeyNickName != null) + newMasterKeyName = mNewKeyNickName; + + String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + + req.getParameter("KeyInfo"); // #xx#xx + String oldMappingValue = CMS.getConfigStore().getString( + oldKeyInfoMap, null); + String oldSelectedToken = null; + String oldKeyNickName = null; + if (oldMappingValue == null) { + oldSelectedToken = CMS.getConfigStore().getString( + "tks.defaultSlot", "internal"); + oldKeyNickName = req.getParameter("KeyInfo"); + } else { + StringTokenizer st = new StringTokenizer(oldMappingValue, ":"); + oldSelectedToken = st.nextToken(); + oldKeyNickName = st.nextToken(); + } + + String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; // #xx#xx + String newMappingValue = CMS.getConfigStore().getString( + newKeyInfoMap, null); + String newSelectedToken = null; + String newKeyNickName = null; + if (newMappingValue == null) { + newSelectedToken = CMS.getConfigStore().getString( + "tks.defaultSlot", "internal"); + newKeyNickName = rnewKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(newMappingValue, ":"); + newSelectedToken = st.nextToken(); + newKeyNickName = st.nextToken(); + } + + CMS.debug("process DiversifyKey for oldSelectedToke=" + + oldSelectedToken + " newSelectedToken=" + + newSelectedToken + " oldKeyNickName=" + oldKeyNickName + + " newKeyNickName=" + newKeyNickName); + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils + .SpecialDecode(sconfig.getString("tks." + keySet + + ".kek_key")); + KeySetData = SessionKey.DiversifyKey(oldSelectedToken, + newSelectedToken, oldKeyNickName, newKeyNickName, + rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); + + if (KeySetData == null || KeySetData.length <= 1) { + CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS, + ILogger.LL_INFO, + "process DiversifyKey: Missing MasterKey in Slot"); + } + + CMS.getLogger().log( + ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO, + "process DiversifyKey for CUID =" + + trim(pp.toHexString(CUID)) + + ";from oldMasterKeyName=" + oldSelectedToken + + ":" + oldKeyNickName + ";to newMasterKeyName=" + + newSelectedToken + ":" + newKeyNickName); + + resp.setContentType("text/html"); + + if (KeySetData != null) { + outputString = new String(KeySetData); + } } // ! missingParam - //CMS.debug("TokenServlet:processDiversifyKey " +outputString); - //String value="keySetData=%00" if the KeySetData=byte[0]=0; + // CMS.debug("TokenServlet:processDiversifyKey " +outputString); + // String value="keySetData=%00" if the KeySetData=byte[0]=0; String value = ""; String status = "0"; if (KeySetData != null && KeySetData.length > 1) { - value = "status=0&"+"keySetData=" + - com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData); - CMS.debug("TokenServlet:process DiversifyKey.encode " +value); + value = "status=0&" + "keySetData=" + + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData); + CMS.debug("TokenServlet:process DiversifyKey.encode " + value); } else if (missingParam) { status = "3"; - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters: " + badParams; value = "status=" + status; - } else { + } else { errorMsg = "Problem diversifying key data."; status = "1"; value = "status=" + status; } resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.length " +value.length()); + CMS.debug("TokenServlet:outputString.length " + value.length()); - try{ + try { OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -958,35 +956,28 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet:process DiversifyKey: " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, - rCUID, - ILogger.SUCCESS, - status, - agentId, - oldMasterKeyName, - newMasterKeyName); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, + rCUID, ILogger.SUCCESS, status, agentId, + oldMasterKeyName, newMasterKeyName); } else { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE, - rCUID, - ILogger.FAILURE, - status, - agentId, - oldMasterKeyName, - newMasterKeyName, - errorMsg); - } - - audit(auditMessage); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE, + rCUID, ILogger.FAILURE, status, agentId, + oldMasterKeyName, newMasterKeyName, errorMsg); + } + + audit(auditMessage); } private void processEncryptData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { + HttpServletResponse resp) throws EBaseException { byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo; boolean missingParam = false; byte[] data = null; @@ -1006,15 +997,15 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { - agentId = - (String) sContext.get(SessionContext.USER_ID); + agentId = (String) sContext.get(SessionContext.USER_ID); } CMS.debug("keySet selected: " + keySet); - String s_isRandom = sconfig.getString("tks.EncryptData.isRandom", "true"); + String s_isRandom = sconfig.getString("tks.EncryptData.isRandom", + "true"); if (s_isRandom.equalsIgnoreCase("false")) { CMS.debug("TokenServlet: processEncryptData(): Random number not to be generated"); isRandom = false; @@ -1024,30 +1015,27 @@ public class TokenServlet extends CMSServlet { } String auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST, - rCUID, - ILogger.SUCCESS, - agentId, - s_isRandom); + LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST, rCUID, + ILogger.SUCCESS, agentId, s_isRandom); audit(auditMessage); if (isRandom) { if ((rdata == null) || (rdata.equals(""))) { - CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); + CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data"); } else { - CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); + CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating..."); } try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - data = new byte[16]; - random.nextBytes(data); + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + data = new byte[16]; + random.nextBytes(data); } catch (Exception e) { - CMS.debug("TokenServlet: processEncryptData():"+ e.toString()); - badParams += " Random Number,"; - missingParam = true; + CMS.debug("TokenServlet: processEncryptData():" + e.toString()); + badParams += " Random Number,"; + missingParam = true; } - } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){ + } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) { CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data."); badParams += " data,"; missingParam = true; @@ -1058,75 +1046,84 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID"); missingParam = true; } - + if ((rKeyInfo == null) || (rKeyInfo.equals(""))) { badParams += " KeyInfo,"; CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info"); missingParam = true; } - if (!missingParam) { - xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - if (xCUID == null || xCUID.length != 10) { - badParams += " CUID length,"; - CMS.debug("TokenServlet: Invalid CUID length"); - missingParam = true; - } - xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - if (xkeyInfo == null || xkeyInfo.length != 2) { - badParams += " KeyInfo length,"; - CMS.debug("TokenServlet: Invalid key info length"); - missingParam = true; - } + xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + if (xCUID == null || xCUID.length != 10) { + badParams += " CUID length,"; + CMS.debug("TokenServlet: Invalid CUID length"); + missingParam = true; + } + xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + if (xkeyInfo == null || xkeyInfo.length != 2) { + badParams += " KeyInfo length,"; + CMS.debug("TokenServlet: Invalid key info length"); + missingParam = true; + } } - String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true"); - if (!useSoftToken_s.equalsIgnoreCase("true")) - useSoftToken_s = "false"; + String useSoftToken_s = CMS.getConfigStore().getString( + "tks.useSoftToken", "true"); + if (!useSoftToken_s.equalsIgnoreCase("true")) + useSoftToken_s = "false"; String selectedToken = null; String keyNickName = null; if (!missingParam) { - if (!isRandom) - data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); - keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); - CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); - - String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; - String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null); - if (mappingValue == null) { - selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal"); - keyNickName = rKeyInfo; - } else { - StringTokenizer st = new StringTokenizer(mappingValue, ":"); - selectedToken = st.nextToken(); - keyNickName = st.nextToken(); - } - - byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key")); - encryptedData = SessionKey.EncryptData( - selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet); - - CMS.getLogger().log(ILogger.EV_AUDIT, - ILogger.S_TKS, - ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID))); + if (!isRandom) + data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata); + keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo); + CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID); + + String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; + String mappingValue = CMS.getConfigStore().getString(keyInfoMap, + null); + if (mappingValue == null) { + selectedToken = CMS.getConfigStore().getString( + "tks.defaultSlot", "internal"); + keyNickName = rKeyInfo; + } else { + StringTokenizer st = new StringTokenizer(mappingValue, ":"); + selectedToken = st.nextToken(); + keyNickName = st.nextToken(); + } + + byte kekKeyArray[] = com.netscape.cmsutil.util.Utils + .SpecialDecode(sconfig.getString("tks." + keySet + + ".kek_key")); + encryptedData = SessionKey.EncryptData(selectedToken, keyNickName, + data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet); + + CMS.getLogger().log( + ILogger.EV_AUDIT, + ILogger.S_TKS, + ILogger.LL_INFO, + "process EncryptData for CUID =" + + trim(pp.toHexString(CUID))); } // !missingParam resp.setContentType("text/html"); - + String value = ""; - String status = "0"; - if (encryptedData != null && encryptedData.length > 0) { - String outputString = new String(encryptedData); + String status = "0"; + if (encryptedData != null && encryptedData.length > 0) { + String outputString = new String(encryptedData); // sending both the pre-encrypted and encrypted data back - value = "status=0&"+"data="+ - com.netscape.cmsutil.util.Utils.SpecialEncode(data)+ - "&encryptedData=" + - com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData); + value = "status=0&" + + "data=" + + com.netscape.cmsutil.util.Utils.SpecialEncode(data) + + "&encryptedData=" + + com.netscape.cmsutil.util.Utils + .SpecialEncode(encryptedData); } else if (missingParam) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters: " + badParams; status = "3"; @@ -1137,12 +1134,12 @@ public class TokenServlet extends CMSServlet { value = "status=" + status; } - CMS.debug("TokenServlet:process EncryptData.encode " +value); + CMS.debug("TokenServlet:process EncryptData.encode " + value); try { resp.setContentLength(value.length()); - CMS.debug("TokenServlet:outputString.lenght " +value.length()); - + CMS.debug("TokenServlet:outputString.lenght " + value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1151,54 +1148,39 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet: " + e.toString()); } - if(status.equals("0")) { + if (status.equals("0")) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS, - rCUID, - ILogger.SUCCESS, - status, - agentId, - s_isRandom, - selectedToken, - keyNickName); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS, + rCUID, ILogger.SUCCESS, status, agentId, + s_isRandom, selectedToken, keyNickName); } else { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE, - rCUID, - ILogger.FAILURE, - status, - agentId, - s_isRandom, - selectedToken, - keyNickName, - errorMsg); - } - - audit(auditMessage); + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE, + rCUID, ILogger.FAILURE, status, agentId, + s_isRandom, selectedToken, keyNickName, errorMsg); + } + + audit(auditMessage); } - /* - * For EncryptData: - * data=value1 - * CUID=value2 // missing from RA - * versionID=value3 // missing from RA - * - * For ComputeSession: - * card_challenge=value1 - * host_challenge=value2 - - * For DiversifyKey: - * new_master_key_index - * master_key_index + /* + * For EncryptData: data=value1 CUID=value2 // missing from RA + * versionID=value3 // missing from RA + * + * For ComputeSession: card_challenge=value1 host_challenge=value2 + * + * For DiversifyKey: new_master_key_index master_key_index */ private void processComputeRandomData(HttpServletRequest req, - HttpServletResponse resp) throws EBaseException { - - byte[] randomData = null; + HttpServletResponse resp) throws EBaseException { + + byte[] randomData = null; String status = "0"; String errorMsg = ""; String badParams = ""; @@ -1209,26 +1191,22 @@ public class TokenServlet extends CMSServlet { SessionContext sContext = SessionContext.getContext(); - String agentId=""; + String agentId = ""; if (sContext != null) { - agentId = - (String) sContext.get(SessionContext.USER_ID); + agentId = (String) sContext.get(SessionContext.USER_ID); } String sDataSize = req.getParameter("dataNumBytes"); - if(sDataSize == null || sDataSize.equals("")) { + if (sDataSize == null || sDataSize.equals("")) { CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes"); badParams += " Random Data size, "; missingParam = true; status = "1"; } else { - try - { - dataSize = Integer.parseInt(sDataSize.trim()); - } - catch (NumberFormatException nfe) - { + try { + dataSize = Integer.parseInt(sDataSize.trim()); + } catch (NumberFormatException nfe) { CMS.debug("TokenServlet::processComputeRandomData invalid data size input!"); badParams += " Random Data size, "; missingParam = true; @@ -1237,42 +1215,43 @@ public class TokenServlet extends CMSServlet { } - CMS.debug("TokenServlet::processComputeRandomData data size requested: " + dataSize); + CMS.debug("TokenServlet::processComputeRandomData data size requested: " + + dataSize); String auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST, - ILogger.SUCCESS, - agentId); + LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST, + ILogger.SUCCESS, agentId); audit(auditMessage); - if(!missingParam) { + if (!missingParam) { try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - randomData = new byte[dataSize]; - random.nextBytes(randomData); - } catch (Exception e) { - CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString()); - errorMsg = "Can't generate random data!"; - status = "2"; + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + randomData = new byte[dataSize]; + random.nextBytes(randomData); + } catch (Exception e) { + CMS.debug("TokenServlet::processComputeRandomData:" + + e.toString()); + errorMsg = "Can't generate random data!"; + status = "2"; } } String randomDataOut = ""; - if(status.equals("0")) { + if (status.equals("0")) { if (randomData != null && randomData.length == dataSize) { - randomDataOut = - com.netscape.cmsutil.util.Utils.SpecialEncode(randomData); + randomDataOut = com.netscape.cmsutil.util.Utils + .SpecialEncode(randomData); } else { status = "2"; errorMsg = "Can't convert random data!"; } } - if(status.equals("1") && missingParam) { + if (status.equals("1") && missingParam) { - if(badParams.endsWith(",")) { - badParams = badParams.substring(0,badParams.length() -1); + if (badParams.endsWith(",")) { + badParams = badParams.substring(0, badParams.length() - 1); } errorMsg = "Missing input parameters :" + badParams; } @@ -1280,15 +1259,16 @@ public class TokenServlet extends CMSServlet { resp.setContentType("text/html"); String value = ""; - value = "status="+status; - if(status.equals("0")) { - value = value + "&DATA="+randomDataOut; + value = "status=" + status; + if (status.equals("0")) { + value = value + "&DATA=" + randomDataOut; } - + try { resp.setContentLength(value.length()); - CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length()); - + CMS.debug("TokenServler::processComputeRandomData :outputString.length " + + value.length()); + OutputStream ooss = resp.getOutputStream(); ooss.write(value.getBytes()); ooss.flush(); @@ -1297,22 +1277,19 @@ public class TokenServlet extends CMSServlet { CMS.debug("TokenServlet::processComputeRandomData " + e.toString()); } - if(status.equals("0")) { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS, - ILogger.SUCCESS, - status, - agentId); - } else { - auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE, - ILogger.FAILURE, - status, - agentId, - errorMsg); - } - - audit(auditMessage); + if (status.equals("0")) { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS, + ILogger.SUCCESS, status, agentId); + } else { + auditMessage = CMS + .getLogMessage( + LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE, + ILogger.FAILURE, status, agentId, errorMsg); + } + + audit(auditMessage); } public void process(CMSRequest cmsReq) throws EBaseException { @@ -1323,14 +1300,14 @@ public class TokenServlet extends CMSServlet { AuthzToken authzToken = null; try { - authzToken = authorize(mAclMethod, authToken, - mAuthzResourceName, "execute"); + authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, + "execute"); } catch (Exception e) { } if (authzToken == null) { - try{ + try { resp.setContentType("text/html"); String value = "unauthorized="; CMS.debug("TokenServlet: Unauthorized"); @@ -1340,37 +1317,36 @@ public class TokenServlet extends CMSServlet { ooss.write(value.getBytes()); ooss.flush(); mRenderResult = false; - }catch (Exception e) { + } catch (Exception e) { CMS.debug("TokenServlet: " + e.toString()); } - // cmsReq.setStatus(CMSRequest.UNAUTHORIZED); + // cmsReq.setStatus(CMSRequest.UNAUTHORIZED); return; } String temp = req.getParameter("card_challenge"); mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot"); setDefaultSlotAndKeyName(req); - if(temp!=null) - { - processComputeSessionKey(req,resp); - }else if(req.getParameter("data")!=null){ - processEncryptData(req,resp); - }else if(req.getParameter("newKeyInfo")!=null){ - processDiversifyKey(req,resp); - }else if(req.getParameter("dataNumBytes") !=null){ - processComputeRandomData(req,resp); + if (temp != null) { + processComputeSessionKey(req, resp); + } else if (req.getParameter("data") != null) { + processEncryptData(req, resp); + } else if (req.getParameter("newKeyInfo") != null) { + processDiversifyKey(req, resp); + } else if (req.getParameter("dataNumBytes") != null) { + processComputeRandomData(req, resp); } } /** * Serves HTTP admin request. - * + * * @param req HTTP request * @param resp HTTP response */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { String scope = req.getParameter(Constants.OP_SCOPE); String op = req.getParameter(Constants.OP_TYPE); @@ -1379,7 +1355,7 @@ public class TokenServlet extends CMSServlet { /** * Parses uid0=pwd0,uid1=pwd1,... into AgentCredential. - * + * * @param s credential string * @return a list of credentials */ @@ -1391,8 +1367,7 @@ public class TokenServlet extends CMSServlet { String a = st.nextToken(); StringTokenizer st0 = new StringTokenizer(a, "="); - v.addElement(new Credential(st0.nextToken(), - st0.nextToken())); + v.addElement(new Credential(st0.nextToken(), st0.nextToken())); } Credential ac[] = new Credential[v.size()]; diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java index 9d67065d..543ef1a3 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java @@ -33,18 +33,19 @@ public interface IWizardPanel { /** * Initializes this panel. */ - public void init(ServletConfig config, int panelno) - throws ServletException; + public void init(ServletConfig config, int panelno) throws ServletException; - public void init(WizardServlet servlet, ServletConfig config, - int panelno, String id) throws ServletException; + public void init(WizardServlet servlet, ServletConfig config, int panelno, + String id) throws ServletException; public String getName(); public int getPanelNo(); public void setId(String id); + public String getId(); + public PropertySet getUsage(); /** @@ -83,25 +84,23 @@ public interface IWizardPanel { * Display the panel. */ public void display(HttpServletRequest request, - HttpServletResponse response, - Context context ); + HttpServletResponse response, Context context); + /** * Checks if the given parameters are valid. */ public void validate(HttpServletRequest request, - HttpServletResponse response, - Context context ) throws IOException; + HttpServletResponse response, Context context) throws IOException; /** * Commit parameter changes */ public void update(HttpServletRequest request, - HttpServletResponse response, - Context context ) throws IOException; + HttpServletResponse response, Context context) throws IOException; + /** * If validiate() returns false, this method will be called. */ public void displayError(HttpServletRequest request, - HttpServletResponse response, - Context context); + HttpServletResponse response, Context context); } diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java index 691d3e98..3e42d5ba 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java @@ -37,13 +37,10 @@ import com.netscape.cms.servlet.csadmin.Cert; import com.netscape.cmsutil.crypto.Module; /** - * wizard?p=[panel number]&op=usage <= usage in xml - * wizard?p=[panel number]&op=display - * wizard?p=[panel number]&op=next&...[additional parameters]... - * wizard?p=[panel number]&op=apply - * wizard?p=[panel number]&op=back - * wizard?op=menu - * return menu options + * wizard?p=[panel number]&op=usage <= usage in xml wizard?p=[panel + * number]&op=display wizard?p=[panel number]&op=next&...[additional + * parameters]... wizard?p=[panel number]&op=apply wizard?p=[panel + * number]&op=back wizard?op=menu return menu options */ public class WizardServlet extends VelocityServlet { @@ -54,8 +51,7 @@ public class WizardServlet extends VelocityServlet { private String name = null; private Vector mPanels = new Vector(); - public void init(ServletConfig config) throws ServletException - { + public void init(ServletConfig config) throws ServletException { super.init(config); /* load sequence map */ @@ -64,33 +60,32 @@ public class WizardServlet extends VelocityServlet { StringTokenizer st = new StringTokenizer(panels, ","); int pno = 0; while (st.hasMoreTokens()) { - String p = st.nextToken(); - StringTokenizer st1 = new StringTokenizer(p, "="); - String id = st1.nextToken(); - String pvalue = st1.nextToken(); - try { - IWizardPanel panel = (IWizardPanel)Class.forName(pvalue).newInstance(); - panel.init(this, config, pno, id); - CMS.debug("WizardServlet: panel name=" + panel.getName()); - mPanels.addElement(panel); - } catch (Exception e) { - CMS.debug("WizardServlet: " + e.toString()); - } - pno++; + String p = st.nextToken(); + StringTokenizer st1 = new StringTokenizer(p, "="); + String id = st1.nextToken(); + String pvalue = st1.nextToken(); + try { + IWizardPanel panel = (IWizardPanel) Class.forName(pvalue) + .newInstance(); + panel.init(this, config, pno, id); + CMS.debug("WizardServlet: panel name=" + panel.getName()); + mPanels.addElement(panel); + } catch (Exception e) { + CMS.debug("WizardServlet: " + e.toString()); + } + pno++; } CMS.debug("WizardServlet: done"); - + } public void exposePanels(HttpServletRequest request, - HttpServletResponse response, - Context context ) - { + HttpServletResponse response, Context context) { Enumeration e = mPanels.elements(); Vector panels = new Vector(); while (e.hasMoreElements()) { - IWizardPanel p = (IWizardPanel)e.nextElement(); - panels.addElement(p); + IWizardPanel p = (IWizardPanel) e.nextElement(); + panels.addElement(p); } context.put("panels", panels); } @@ -98,84 +93,80 @@ public class WizardServlet extends VelocityServlet { /** * Cleans up panels from a particular panel. */ - public void cleanUpFromPanel(int pno) throws IOException - { - /* panel number starts from zero */ - int s = mPanels.size(); - for (int i = pno; i < s; i++) { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); - panel.cleanUp(); - } + public void cleanUpFromPanel(int pno) throws IOException { + /* panel number starts from zero */ + int s = mPanels.size(); + for (int i = pno; i < s; i++) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); + panel.cleanUp(); + } } - public IWizardPanel getPanelByNo(int p) - { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + public IWizardPanel getPanelByNo(int p) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); if (panel.shouldSkip()) { - panel = getPanelByNo(p+1); + panel = getPanelByNo(p + 1); } return panel; } public Template displayPanel(HttpServletRequest request, - HttpServletResponse response, - Context context ) - { + HttpServletResponse response, Context context) { CMS.debug("WizardServlet: in display"); int p = getPanelNo(request); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } IWizardPanel panel = getPanelByNo(p); CMS.debug("WizardServlet: panel=" + panel); if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); panel.display(request, response, context); context.put("p", Integer.toString(panel.getPanelNo())); try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } - public String xml_value_flatten(Object v) - { + public String xml_value_flatten(Object v) { String ret = ""; if (v instanceof String) { ret += v; } else if (v instanceof Integer) { - ret += ((Integer)v).toString(); + ret += ((Integer) v).toString(); } else if (v instanceof Vector) { ret += "<Vector>"; - Vector v1 = (Vector)v; + Vector v1 = (Vector) v; Enumeration e = v1.elements(); StringBuffer sb = new StringBuffer(); while (e.hasMoreElements()) { - sb.append(xml_value_flatten(e.nextElement())); + sb.append(xml_value_flatten(e.nextElement())); } ret += sb.toString(); ret += "</Vector>"; } else if (v instanceof Module) { // for hardware token - Module m = (Module)v; + Module m = (Module) v; ret += "<Module>"; ret += "<CommonName>" + m.getCommonName() + "</CommonName>"; - ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>"; + ret += "<UserFriendlyName>" + m.getUserFriendlyName() + + "</UserFriendlyName>"; ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>"; ret += "</Module>"; } else if (v instanceof Cert) { - Cert m = (Cert)v; + Cert m = (Cert) v; ret += "<CertReqPair>"; ret += "<Nickname>" + m.getNickname() + "</Nickname>"; ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>"; @@ -187,7 +178,7 @@ public class WizardServlet extends VelocityServlet { ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>"; ret += "</CertReqPair>"; } else if (v instanceof IWizardPanel) { - IWizardPanel m = (IWizardPanel)v; + IWizardPanel m = (IWizardPanel) v; ret += "<Panel>"; ret += "<Id>" + m.getId() + "</Id>"; ret += "<Name>" + m.getName() + "</Name>"; @@ -198,89 +189,84 @@ public class WizardServlet extends VelocityServlet { return ret; } - public String xml_flatten(Context context) - { + public String xml_flatten(Context context) { StringBuffer ret = new StringBuffer(); - Object o[] = context.getKeys(); - for (int i = 0; i < o.length; i ++) { - if (o[i] instanceof String) { - String key = (String)o[i]; - if (key.startsWith("__")) { - continue; - } - ret.append("<"); - ret.append(key); - ret.append(">"); - if (key.equals("bindpwd")) { - ret.append("(sensitive)"); - } else { - Object v = context.get(key); - ret.append(xml_value_flatten(v)); + Object o[] = context.getKeys(); + for (int i = 0; i < o.length; i++) { + if (o[i] instanceof String) { + String key = (String) o[i]; + if (key.startsWith("__")) { + continue; + } + ret.append("<"); + ret.append(key); + ret.append(">"); + if (key.equals("bindpwd")) { + ret.append("(sensitive)"); + } else { + Object v = context.get(key); + ret.append(xml_value_flatten(v)); + } + ret.append("</"); + ret.append(key); + ret.append(">"); } - ret.append("</"); - ret.append(key); - ret.append(">"); - } } return ret.toString(); } - public int getPanelNo(HttpServletRequest request) - { + public int getPanelNo(HttpServletRequest request) { int p = 0; - - // panel number can be identified by either - // panel no (p parameter) directly, or - // panel name (panelname parameter). + + // panel number can be identified by either + // panel no (p parameter) directly, or + // panel name (panelname parameter). if (request.getParameter("panelname") != null) { - String name = request.getParameter("panelname"); - for (int i = 0; i < mPanels.size(); i++) { - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i); - if (panel.getId().equals(name)) { - return i; + String name = request.getParameter("panelname"); + for (int i = 0; i < mPanels.size(); i++) { + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i); + if (panel.getId().equals(name)) { + return i; + } } - } } else if (request.getParameter("p") != null) { - p = Integer.parseInt(request.getParameter("p")); + p = Integer.parseInt(request.getParameter("p")); } return p; } - public String getNameFromPanelNo(int p) - { - IWizardPanel wp = (IWizardPanel)mPanels.elementAt(p); - return wp.getId(); + public String getNameFromPanelNo(int p) { + IWizardPanel wp = (IWizardPanel) mPanels.elementAt(p); + return wp.getId(); } - public IWizardPanel getPreviousPanel(int p) - { + public IWizardPanel getPreviousPanel(int p) { CMS.debug("getPreviousPanel input p=" + p); - IWizardPanel backpanel = (IWizardPanel)mPanels.elementAt(p-1); + IWizardPanel backpanel = (IWizardPanel) mPanels.elementAt(p - 1); if (backpanel.isSubPanel()) { - backpanel = (IWizardPanel)mPanels.elementAt(p-1-1); + backpanel = (IWizardPanel) mPanels.elementAt(p - 1 - 1); } while (backpanel.shouldSkip()) { - backpanel = (IWizardPanel) - mPanels.elementAt(backpanel.getPanelNo() - 1); + backpanel = (IWizardPanel) mPanels + .elementAt(backpanel.getPanelNo() - 1); } CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo()); return backpanel; } - public IWizardPanel getNextPanel(int p) - { + public IWizardPanel getNextPanel(int p) { CMS.debug("getNextPanel input p=" + p); - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); if (p == (mPanels.size() - 1)) { p = p; - } else if(panel.isSubPanel()) { - if (panel.isLoopbackPanel()) { - p = p-1; // Login Panel is a loop back panel - } else { - p = p+1; - } - } else if (panel.hasSubPanel()) { - p = p + 2; + } else if (panel.isSubPanel()) { + if (panel.isLoopbackPanel()) { + p = p - 1; // Login Panel is a loop back panel + } else { + p = p + 1; + } + } else if (panel.hasSubPanel()) { + p = p + 2; } else { p = p + 1; } @@ -290,191 +276,175 @@ public class WizardServlet extends VelocityServlet { } public Template goApply(HttpServletRequest request, - HttpServletResponse response, - Context context) - { + HttpServletResponse response, Context context) { return goNextApply(request, response, context, true); } public Template goNext(HttpServletRequest request, - HttpServletResponse response, - Context context ) - { + HttpServletResponse response, Context context) { return goNextApply(request, response, context, false); } /* - * The parameter "stay" is used to indicate "apply" without - * moving to the next panel + * The parameter "stay" is used to indicate "apply" without moving to the + * next panel */ public Template goNextApply(HttpServletRequest request, - HttpServletResponse response, - Context context, boolean stay ) - { + HttpServletResponse response, Context context, boolean stay) { int p = getPanelNo(request); if (stay == true) CMS.debug("WizardServlet: in reply " + p); else CMS.debug("WizardServlet: in next " + p); - IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p); + IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p); try { - panel.validate(request, response, context); - try { - panel.update(request, response, context); - if (stay == true) { // "apply" - - if (panel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - panel.display(request, response, context); - } else { // "next" - IWizardPanel nextpanel = getNextPanel(p); - - if (nextpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); - else - context.put("showApplyButton", Boolean.FALSE); - nextpanel.display(request, response, context); - panel = nextpanel; + panel.validate(request, response, context); + try { + panel.update(request, response, context); + if (stay == true) { // "apply" + + if (panel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + panel.display(request, response, context); + } else { // "next" + IWizardPanel nextpanel = getNextPanel(p); + + if (nextpanel.showApplyButton() == true) + context.put("showApplyButton", Boolean.TRUE); + else + context.put("showApplyButton", Boolean.FALSE); + nextpanel.display(request, response, context); + panel = nextpanel; + } + context.put("errorString", ""); + } catch (Exception e) { + context.put("errorString", e.getMessage()); + panel.displayError(request, response, context); } - context.put("errorString", ""); - } catch (Exception e) { - context.put("errorString", e.getMessage()); - panel.displayError(request, response, context); - } } catch (IOException eee) { - context.put("errorString", eee.getMessage()); - panel.displayError(request, response, context); + context.put("errorString", eee.getMessage()); + panel.displayError(request, response, context); } p = panel.getPanelNo(); CMS.debug("panel no=" + p); CMS.debug("panel name=" + getNameFromPanelNo(p)); - CMS.debug("total number of panels="+mPanels.size()); + CMS.debug("total number of panels=" + mPanels.size()); context.put("p", Integer.toString(p)); context.put("panelname", getNameFromPanelNo(p)); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } // this is where we handle the xml request String xml = request.getParameter("xml"); if (xml != null && xml.equals("true")) { - CMS.debug("WizardServlet: found xml"); - - response.setContentType("application/xml"); - String xmlstr = xml_flatten(context); - context.put("xml", xmlstr); - try { - return Velocity.getTemplate("admin/console/config/xml.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e ); - } + CMS.debug("WizardServlet: found xml"); + + response.setContentType("application/xml"); + String xmlstr = xml_flatten(context); + context.put("xml", xmlstr); + try { + return Velocity.getTemplate("admin/console/config/xml.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e); + } } else { - try { - return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { - CMS.debug("Failing to get template" + e ); - } + try { + return Velocity.getTemplate("admin/console/config/wizard.vm"); + } catch (Exception e) { + CMS.debug("Failing to get template" + e); + } } return null; } public Template goBack(HttpServletRequest request, - HttpServletResponse response, - Context context ) - { + HttpServletResponse response, Context context) { int p = getPanelNo(request); CMS.debug("WizardServlet: in back " + p); IWizardPanel backpanel = getPreviousPanel(p); if (backpanel.showApplyButton() == true) - context.put("showApplyButton", Boolean.TRUE); + context.put("showApplyButton", Boolean.TRUE); else - context.put("showApplyButton", Boolean.FALSE); + context.put("showApplyButton", Boolean.FALSE); backpanel.display(request, response, context); - context.put("p", Integer.toString(backpanel.getPanelNo())); + context.put("p", Integer.toString(backpanel.getPanelNo())); context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo())); p = backpanel.getPanelNo(); if (p == 0) { - CMS.debug("WizardServlet: firstpanel"); - context.put("firstpanel", Boolean.TRUE); + CMS.debug("WizardServlet: firstpanel"); + context.put("firstpanel", Boolean.TRUE); } if (p == (mPanels.size() - 1)) { - CMS.debug("WizardServlet: lastpanel"); - context.put("lastpanel", Boolean.TRUE); + CMS.debug("WizardServlet: lastpanel"); + context.put("lastpanel", Boolean.TRUE); } try { return Velocity.getTemplate("admin/console/config/wizard.vm"); - } catch (Exception e) { + } catch (Exception e) { } return null; } public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, - Context context ) { - String pin = (String)request.getSession().getAttribute("pin"); - if (pin == null) { - try { - response.sendRedirect("login"); - } catch (IOException e) { + HttpServletResponse response, Context context) { + String pin = (String) request.getSession().getAttribute("pin"); + if (pin == null) { + try { + response.sendRedirect("login"); + } catch (IOException e) { + } + return false; } - return false; - } - return true; + return true; } - public void outputHttpParameters(HttpServletRequest httpReq) - { + public void outputHttpParameters(HttpServletRequest httpReq) { CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { - String pn = (String)paramNames.nextElement(); + String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("WizardServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || pn.endsWith("password") + || pn.endsWith("passwd") || pn.endsWith("pwd") + || pn.equalsIgnoreCase("admin_password_again") + || pn.equalsIgnoreCase("directoryManagerPwd") + || pn.equalsIgnoreCase("bindpassword") + || pn.equalsIgnoreCase("bindpwd") + || pn.equalsIgnoreCase("passwd") + || pn.equalsIgnoreCase("password") + || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") + || pn.equalsIgnoreCase("pwdagain") + || pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("WizardServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } - public Template handleRequest(HttpServletRequest request, - HttpServletResponse response, - Context context ) - { + HttpServletResponse response, Context context) { CMS.debug("WizardServlet: process"); - if (CMS.debugOn()) { - outputHttpParameters(request); + if (CMS.debugOn()) { + outputHttpParameters(request); } if (!authenticate(request, response, context)) { @@ -484,7 +454,7 @@ public class WizardServlet extends VelocityServlet { String op = request.getParameter("op"); /* operation */ if (op == null) { - op = "display"; + op = "display"; } CMS.debug("WizardServlet: op=" + op); CMS.debug("WizardServlet: size=" + mPanels.size()); |